Resources deployed in AWS environments

Views:

The deployment template includes tagging when connecting your AWS account, allowing you to identify which services are associated with TrendAI Vision One™ security applications and resources. You can also add custom tags when connecting an account using the CloudFormation template. For more information, see Connect an AWS account using CloudFormation.

Feature name	AWS tag	Services deployed (number)
Core features and Cyber Risk Exposure Management	`"TrendMicroProduct": "cam"`	CloudFormation Stack (1) CloudFormation Stack Nested (0 to 3) IAM Managed Policy (3 to 4) IAM OIDC Provider (1) IAM Policy (2 to 4) IAM role (3 to 5) Lambda (2 to 4) LogGroup (2 to 3) Custom (4) SSM (1)
Cloud Detections for AWS CloudTrail	`"TrendMicroProduct": "ct"`	Single Account: Lambda (10 to 12) EventBridge (1) IAM (7) SQS (1) Control Tower: Lambda (10 to 12) EventBridge (1) IAM (7) SQS (1) EventBridge (1) (User provided) SNS (1) (User provided)
Cloud Response for AWS	n/a	Only uses IAM permissions Creates one IAM Policy to revoke an IAM user's permissions
Container Protection for AWS ECS	`"TrendMicroProduct": "cs"`	Static resources deployed during feature enablement: CloudFormation StackSet (1) IAM Roles (8) Lambda Functions (6) Lambda Permissions (4) Lambda Event Source Mappings (2) CloudWatch Log Groups (7) Custom Resources (2) SQS Queues (4) ECS Task Definition (1) EventBridge Rules (3) Dynamic resources created per ECS cluster at runtime (both EC2 and Fargate): SSM Parameters (1 per cluster). Value is empty if proxy disabled. Secrets Manager entries (1 per cluster) Additional dynamic resources: ECS Daemon Set Service (1 per EC2 ECS cluster) Modified Task Definition Revisions (1 per Fargate task definition)
Agentless Vulnerability & Threat Detection	`"TrendMicroProduct": "avtd"`	This feature deploys a base stack to the region you select when connecting the account plus additional resources to each monitored region. The number of resources deployed depends of the number of regions monitored. Lambda (6 in base stack, plus 29 per region) S3 Buckets (2 per region) IAM Roles (9 in base stack, plus 25 per region) Event Rules (2 in base stack, plus 10 per region SQS (8 per region) Custom (5 in base stack, plus 4 per region) Secrets (1 in base stack, plus 1 per region) AppConfig (1 per region) Step Function (2 per region) ECS Fargate (1 per region) VPC (1 per region)
File Security Storage	`"TrendMicroProduct": "fss"`	CloudFormation StackSets (1) CloudFormation Stack (1 per region) EventBridge (1) IAM Roles (13) IAM Policies (4) SNS Topics (1) SNS Subscriptions (2) Lambda Permissions (3) Lambda Functions (10) Lambda EventSourceMapping (4) SQS Queue (4) SQS Queue Policy (4) CloudWatch LogGroup (6) System Manager Parameter Store (3) Custom (10)
Data Security Posture	`"TrendMicroProduct": "dspm"`	Uses IAM permissions only.
Real-Time Posture Monitoring	`"TrendMicroProduct": "rtpm"`	CloudFormation StackSets (1) CloudFormation Stack (1 per region) EventBridge (1) IAM Role (3) IAM Policy (1)
Cloud Detections for VPC Flow Logs	`"TrendMicroProduct": "vpcflow"`	Lambda Functions (6 in base stack, plus 14 per region) S3 Buckets (2 per region) IAM roles (6) Event Rules (2 in base stack, plus 6 per region) SQS (4 per region) Custom (3 in base stack, plus 5 per region) Secrets (1 in base stack, plus 1 per region) AppConfig (1 per region) CloudWatch Log Group (6 in base stack, plus 14 per region)
Cloud Detections for Amazon Security Lake	`"TrendMicroProduct": "seclake"`	CloudFormation StackSets (1) CloudFormation Stack (1 per region) Event Rules (2) IAM roles (10) Lambda Permissions (2) Lambda Functions (8) Lambda EventSourceMapping (3) SQS Queue (2) System Manager ParameterStore (3) S3 Bucket (1) SecurityLake Subscriber (1) SecurityLake SubscriberNotification (1) Custom Resource (3)