Connect your AWS account to Container Security to link ECS clusters and protect your Amazon ECS containers.
Procedure
- Go to .
- Select the Amazon ECS node in the tree.
- Click Add account.The Add Cloud Account screen appears.
- In another browser tab, sign in to your AWS account that manages the containers you want to protect.
- Go back to Trend Vision One and in the Add Cloud Account screen, select the region associated with your AWS account.
- Review each security feature and enable the features to apply to your Amazon
ECS cluster.FeatureDescriptionCore FeaturesThe core set of features and permissions required to connect your AWS accountCore features enable you to connect your AWS account to Trend Vision One to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure.
Note
Core features are required to connect your AWS account and cannot be disabled. If you need to disconnect your account, see AWS accountsAgentless Vulnerability & Threat DetectionThe feature and permission set to enable Attack Surface Risk Management (ASRM) capabilities for your accountImportant
Agentless Vulnerability & Threat Detection configuration does not apply to Container Protection for Amazon ECS.This feature set allows Trend Vision One to deploy Agentless Vulnerability & Threat Detection in your AWS account to discover vulnerabilities and malware in AWS EBS volumes attached to EC2 instances, ECR images, and Lambda functions with zero impact to your applications. To learn more, see Agentless Vulnerability & Threat Detection.You can specify which resource types to include in scans when you add your AWS account in Cloud Accounts. Three AWS resource types are currently supported: EBS (Elastic Block Store), ECR (Elastic Container Registry), and Lambda. All resources are included in vulnerability scanning by default. Anti-malware scanning is disabled by default but may be enabled at any time.Container Protection for Amazon ECSImportant
Required for Container Security protection.The feature and permission set to view and protect your containersThis feature set allows Container Security to connect and deploy components to your AWS account to protect your containers and container images in Elastic Container Service (ECS) environments.Important
-
As of November 2023, AWS private and freemium accounts only allow a maximum of 10 Lambda executions. Container Protection deployment requires at least 20 concurrent Lambda executions. Please verify your AWS account status before enabling this feature.
Cloud Detections for AWS CloudTrailThe feature and permission set to enable XDR for Cloud to monitor Cloud Audit Logs for your accountThis feature set enables XDR monitoring of your cloud account to gain actionable insight into user, service, and resource activity with detection models identifying activity such as privilege escalation, password modification, and other attack techniques. Detections generated by this feature can be viewed in the Search and Workbench apps.This feature requires additional configuration of your CloudTrail settings. For more information, see CloudTrail configuration.Note
XDR for Cloud requires credits to use. Click the Credit Settings icon () to manage your data allowance limit and allocated credits and view a graph of past data usage.Cloud Response for AWSThe feature and permission set to allow response actions for your accountThis feature set allows Trend Vision One permission to take response actions to contain incidents within your cloud account, such as revoking access for suspicious IAM users. Additional response actions leverage integration with third party ticketing systems. Response actions can be taken from the context menu in the Workbench app.This feature requires enabling XDR for Cloud - AWS CloudTrail for your account. -
- If you have more than one Server & Workload Protection Manager configured
in Endpoint Security, select the manager that you want to associate the cloud
account with.If you do not have any or only have one Server & Workload Protection Manager configured, this setting does not appear. Any virtual machines managed by your connected AWS account appear in Computers workgroup under the selected Server & Workload Protection Manager.
- Click Launch Stack.A new browser tab opens to the Amazon AWS Quick create stack screen.
- Scroll to the bottom of the Quick create stack screen to
the Capabilities section, select the acknowledgement
options, and click Create stack.
Important
The Amazon AWS console redirects to the Stacks screen. Allow some time for the stack creation progress to complete before proceeding. Once the stack creation process is complete, you can begin assigning policies to your clusters.