Views:

Add and connect an AWS account in a VPC to Trend Vision One using a generated stack template to provide security for your cloud assets.

Procedure

  1. In the Trend Vision One console, go to Cloud SecurityCloud AccountsAWS.
  2. Click Add Account.
    The Add AWS Account window appears.
  3. For the deployment method, select CloudFormation.
  4. Select Single AWS Account.
  5. Click Next.
  6. Specify general information for the account;
    1. Provide an Account name and Description to display in Cloud Accounts.
    2. Select the AWS region for CloudFormation template deployment.
      Note
      Note
      The default region is your Trend Vision One region.
      Some features and permissions have limited support for some AWS regions. For more information, see AWS supported regions and limitations.
    3. If you have more than one Server & Workload Protection Manager instance, select the instance to associate with the connected account.
      Note
      Note
      • If you have one Server & Workload Protection Manager instance, the account is automatically associated with that instance.
    4. Select the scanning regions for the Server & Workload Protection instance selected in the previous step:
      • If the AWS account you are connecting does not use certain regions, clear those regions from the list.
      • If the AWS account uses all regions, leave all regions selected.
      By default, Core Features and features that rely on Server & Workload Protection scanning (such as Container Security and File Storage Security) attempt to connect to all AWS regions. If your AWS account does not use certain regions, this can generate unnecessary error logs in CloudTrail from failed connection attempts.
    5. To add custom tags to the resources deployed by Trend Vision One, select Resource tagging and specify the key-value pairs.
      To add up to three tags, click Create a new tag.
      Note
      Note
      • Keys can be up to 128 characters long, and cannot start with aws.
      • Values can be up to 256 characters long.
    6. Click Next.
  7. Enable any of the following features:
    • Cloud Detections for AWS CloudTrail
    • Cloud Detections for AWS VPC Flow Logs
    • File Security Storage
    Note
    Note
    By default, Core Features and Cyber Risk Exposure Management - Cloud account assessment are already selected.
  8. Click Next.
  9. Launch the CloudFormation template in the AWS console.
    1. To review the stack template before launching, click Download and Review Template.
    2. Click Launch Stack.
      The AWS management console opens in a new tab and displays the Quick Create Stack screen.

Next steps

Provide the parameters required to deploy the CloudFormation stack to your Amazon VPC environment. See Step 2: Configure VPC settings.