Connecting Amazon ECS clusters using a new AWS account

Procedure

1. Go to Cloud Security → Container Security → Container Inventory.
2. Select the Amazon ECS node in the tree.
3. Click Add account.
   The Add Cloud Account screen appears.
4. In another browser tab, sign in to your AWS account that manages the containers you want to protect.
5. Go back to Trend Vision One and in the Add Cloud Account screen, select the region associated with your AWS account.
6. Review each security feature and enable the features to apply to your Amazon ECS cluster.

   Feature	Description
   Core Features	The core set of features and permissions required to connect your AWS account Core features enable you to connect your AWS account to Trend Vision One to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure. Note Core features are required to connect your AWS account and cannot be disabled. If you need to disconnect your account, see AWS accounts
   Agentless Vulnerability & Threat Detection	The feature and permission set to enable Attack Surface Risk Management (ASRM) capabilities for your account Important Agentless Vulnerability & Threat Detection configuration does not apply to Container Protection for Amazon ECS. This feature set allows Trend Vision One to deploy Agentless Vulnerability & Threat Detection in your AWS account to discover vulnerabilities in AWS EBS volumes attached to EC2 instances and ECR images with zero impact to your applications. You can to specify which resource types to include in scans when you add your AWS account in Cloud Accounts. Two AWS resource types are currently supported: EBS (Elastic Block Store) and ECR (Elastic Container Registry). (AWS Lambda is coming soon.)
   Container Protection for Amazon ECS Important Required for Container Security protection	The feature and permission set to view and protect your containers This feature set allows Container Security to connect and deploy components to your AWS account to protect your containers and container images in Elastic Container Service (ECS) environments. Important As of November 2023, AWS private and freemium accounts only allow a maximum of 10 Lambda executions. Container Protection deployment requires at least 20 concurrent Lambda executions. Please verify your AWS account status before enabling this feature.
   Cloud Detections for AWS CloudTrail	The feature and permission set to enable Cloud Audit Log Monitoring for your account This feature set enables XDR monitoring of your cloud account to gain actionable insight into user, service, and resource activity with detection models identifying activity such as privilege escalation, password modification, and other attack techniques. Detections generated by this feature can be viewed in the Search and Workbench apps. This feature requires additional configuration of your CloudTrail settings. For more information, see CloudTrail configuration. Note Cloud Detections requires credits to use. Click the Credit Settings icon () to manage credit allocation.
   Cloud Response for AWS	The feature and permission set to allow response actions for your account This feature set allows Trend Vision One permission to take response actions to contain incidents within your cloud account, such as revoking access for suspicious IAM users. Additional response actions leverage integration with third party ticketing systems. Response actions can be taken from the context menu in the Workbench app. This feature requires enabling Cloud Detections for AWS CloudTrail for your account.

7. If you have more than one Server & Workload Protection Manager configured in Endpoint Security, select the manager that you want to associate the cloud account with.
   If you do not have any or only have one Server & Workload Protection Manager configured, this setting does not appear. Any virtual machines managed by your connected AWS account appear in Computers workgroup under the selected Server & Workload Protection Manager.
8. Click Launch Stack.
   A new browser tab opens to the Amazon AWS Quick create stack screen.
9. Scroll to the bottom of the Quick create stack screen to the Capabilities section, select the acknowledgement options, and click Create stack.

   Important The Amazon AWS console redirects to the Stacks screen. Allow some time for the stack creation progress to complete before proceeding. Once the stack creation process is complete, you can begin assigning policies to your clusters.