Resources deployed by Cloud Accounts | Trend Micro Service Central

Review the services deployed to your cloud environment when connecting to Cloud Accounts.

When connecting your cloud resources to Cloud Accounts, certain features and services are deployed to your environment to facilitate the connection and enable detection and response capabilities. The following tables list the services deployed within your environment.

Resources deployed in AWS enviroments

The deployment template includes tagging when connecting your AWS account, allowing you to identify which services are associated with Trend Vision One security applications and resources. You can also add custom tags when connecting an account using the CloudFormation template. For more information, see Adding an AWS account using CloudFormation.

Feature name	AWS tag	Services deployed (number)
Core features and Cyber Risk Exposure Management	`"TrendMicroProduct": "cam"`	Cloudformation Stack (1) Cloudformation Stack Nested (0~3) IAM Managed Policy (3~4) IAM OIDC Provider (1) IAM Policy (2~4) IAM role (3~5) Lambda (2~4) LogGroup (2~3) Custom (4) SSM (1)
Cloud Detection for AWS CloudTrail	`"TrendMicroProduct": "ct"`	Single Account: Lambda (10-12) EventBridge (1) IAM (7) SQS (1) Control Tower: Lambda (10-12) EventBridge (1) IAM (7) SQS (1) EventBridge (1) (User provided) SNS (1) (User provided)
Cloud Response for AWS	n/a	Only uses IAM permissions Creates one IAM Policy to revoke an IAM user's permissions.
Container Protection for AWS ECS	`"TrendMicroProduct": "cs"`	Cloudformation Stackset (1) IAM Roles (8) Lambda (4) Log group (5) Custom resources (4) SQS (1) ECS task def (1) SSM parameters (1)
Agentless Vulnerability & Threat Detection	`"TrendMicroProduct": "avtd"`	This feature deploys a base stack to the region you select when connecting the account, as well as additional resources to each monitored region. The number of resources deployed depends of the number of regions monitored. Lambda (8 in base stack, plus 24 per region) S3 Buckets (2 per region) IAM Roles (9 in base stack, plus 25 per region) Event Rules (2 in base stack, plus 10 per region SQS (5 per region) Custom (5 in base stack, plus 4 per region) Secrets (1 in base stack, plus 1 per region) Parameter Store Parameter (1 per region) Step Function (1 per region)
File Security Storage	`"TrendMicroProduct": "fss"`	CloudFormation StackSets (1) CloudFormation Stack (1 per region) EventBridge (1) IAM Roles (13) IAM Policies (4) SNS Topics (1) SNS Subscriptions (2) Lambda Permissions (3) Lambda Functions (10) Lambda EventSourceMapping (4) SQS Queue (4) SQS Queue Policy (4) CloudWatch LogGroup (6) System Manager Parameter Store (3) Custom (10)
Data Security Posture	`"TrendMicroProduct": "dspm"`	Uses IAM permissions only.
Real-Time Posture Monitoring	`"TrendMicroProduct": "rtpm"`	CloudFormation StackSets (1) CloudFormation Stack (1 per region) EventBridge (1) IAM Role (3) IAM Policy (1)
Cloud Detections for VPC Flow Logs	`"TrendMicroProduct": "vpcflow"`	Lambda Functions (6 in base stack, plus 14 per region) S3 Buckets (2 per region) IAM roles (6) Event Rules (2 in base stack, plus 6 per region) SQS (4 per region) Custom (3 in base stack, plus 5 per region) Secrets (1 in base stack, plus 1 per region) AppConfig (1 per region) CloudWatch Log Group (6 in base stack, plus 14 per region)
Cloud Detections for Amazon Security Lake	`"TrendMicroProduct": "seclake"`	CloudFormation StackSets (1) CloudFormation Stack (1 per region) Event Rules (2) IAM roles (10) Lambda Permissions (2) Lambda Functions (8) Lambda EventSourceMapping (3) SQS Queue (2) System Manager ParameterStore (3) S3 Bucket (1) SecurityLake Subscriber (1) SecurityLake SubscriberNotification (1) Custom Resource (3)

Resources deployed in Azure enviroments

Learn which resources are deployed in your Azure environment for each Trend Vision One feature that you can enable on an Azure subscription.

Feature name	Services deployed (number)
Core features and Cyber Risk Exposure Management	Resources: App Registration (1) Federated Credential (1) Applications (1) Role and Role Assignments of the Service Principal (1)
Agentless Vulnerability & Threat Detection	Resource Groups: `azurem_resource_group` (1 common) `azurem_resource_group` (3, one each for US/AS/EU) IAM and Security: Custom Role Definition (1 for sentry) `azurem_role_assignment` (32 per region) Key Vault `azurem_key_vault` (1) `azurerm_key_vault_access_policy` (1 for primary location, 2 per region) `azurerm_key_vault_secret` (2 for primary location) Storage `azurerm_storage_account` (1 per region) `azurerm_storage_container` (3 per region) `azurerm_storage_blob` (21 per region) `azurerm_storage_queue` (8 per region) `azurerm_storage_table` (1 per region) `azurerm_storage_share` (2 per region) `azurerm_storage_management_policy` (1 per region) Service Bus `azurerm_servicebus_namespace` (1 per region) `azurerm_servicebus_queue` (1 dispatcher for primary location, 3 per region) App Services `azurerm_service_plan` (1 dispatcher for primary location, 5 per region) `azurerm_linux_function_app` (1 dispatcher for primary location, 16 per region)
Real-Time Posture Monitoring	Azure resources: Resource Group (1) Logic App Workflow (1) Logic App HTTP Request Trigger (1) Monitor Action Group (1) Monitor Activity Log Alert (1)
Data Security Posture	Terraform resources: azurerm_network_security_group azurerm_network_security_rule azurerm_resource_group azurerm_automation_account azurerm_role_assignment azurerm_automation_webhook azurerm_monitor_action_group azurerm_automation_python3_package azurerm_automation_runbook azurerm_automation_job_schedule azurerm_public_ip azurerm_subnet azurerm_subnet_network_security_group_association azurerm_bastion_host
Microsoft Defender for Endpoint Log Collection	Azure resources: Resource Groups (1) Event Hubs Namespace (1) Event Hubs (1) App Service Plans (1) Function Apps (6) Application Insights (6) Log Analytics Workspaces (1) Key Vault (1) Key Vault Secrets (3) Storage Accounts (1) Storage Tables (1) Storage Containers (1) Role Assignments (12) Azure AD App Role Assignments (7)
Cloud Detections for Azure Activity Log	Azure resources: Resource Groups (1) Event Hubs Namespace (1) Event Hubs (1) App Service Plans (1) Function Apps (3) Application Insights (3) Log Analytics Workspaces (1) Key Vault (1) Key Vault Secrets (2) Storage Accounts (1) Storage Tables (1) Storage Queues (1) Storage Containers (1) Role Assignments (8)

Resources deployed in Google Cloud environments

Learn which resources are deployed in your Google Cloud environment for each Trend Vision One feature that you can enable on a Google Cloud project.

Feature name	Google Cloud Project services deployed (number)
Core features and permissions	Resources: Service Account (1) Workload Identity Pool (1) Workload Identity Pool Provider (1) IAM (3) Tag Key (1) Tag Value (1) Cloud Storage (1) Enabled APIs: IAM Service Account Credentials Cloud Resource Manager Identity and Access Management Cloud Build Deployment Manager Cloud Functions Cloud Pub/Sub Secret Manager
Cloud Security Posture
Agentless Vulnerability & Threat Detection	Resources: Control Plane Service Account Customer Role Service Account Data Plane Service Account For more information on the permissions required for each service account, see Google Cloud required permissions.
Real-Time Posture Monitoring	No additional required permissions.

Resources deployed in Alibaba Cloud environments

Learn which resources are deployed in your Alibaba Cloud environment for each Trend Vision One feature that you can enable on an Alibaba Cloud account.

Feature name	Alibaba Cloud services deployed
Core features and Cyber Risk Exposure Management	Resource Access Management (RAM) OIDC (1) RAM Role (1) RAM Policy (1) Predefined tag (1) Terraform backend components: OSS Bucket (1) Table Store Instance (1) Table Store Table (1)

Feature name

Alibaba Cloud services deployed

Core features and Cyber Risk Exposure Management

Resource Access Management (RAM) OIDC (1)
RAM Role (1)
RAM Policy (1)
Predefined tag (1)

Terraform backend components:

OSS Bucket (1)
Table Store Instance (1)
Table Store Table (1)

Resources deployed in Oracle Cloud environments

Learn which resources are deployed in your Oracle Cloud environment for each Trend Vision One feature that you can enable on an Oracle Cloud compartment.

Feature name	Oracle Cloud Infrastructure (OCI) resources deployed
Core Features and Cyber Risk Exposure Management	`identity_domains_api_key` (1) `identity_domains_group` (1) `identity_domains_user` (1) `identity_policy` (1)