The Cloud Posture Bot will ingest meta-data via
API calls from AWS
Accounts you have added to your organisation.
|
Package
|
Type
|
Access Setup
|
|
Security
|
Base
|
|
|
Real-time monitoring
|
Add-on
|
|
|
Cost Optimisation
|
Add-on
|
Access AWS Cost Billing Bucket
|
Supported regions 
The Cloud Posture Scan can ingest data from all but 3 AWS
supported regions.
Unsupported regions
Procedure
- Two China regions
- AWS GovCloud (US)
What to do next
How does the system access my AWS account?
Cloud Posture uses a AWS Custom
Policy to view your AWS account metadata - there is no read or write access to
your data.
What data does the system capture and how is it stored?
Cloud Posture only accesses the metadata
associated with your AWS infrastructure. For example, we recognize that your AWS account
has twelve S3 buckets and twenty EC2 instances, however, we cannot see the
data/applications associated with these resources.
We retain metadata for active accounts for a 12-month period after which it is
automatically deleted. For events, you can query logs to view the last 500 events
via UI
and 1200 via API. If you choose to deactivate an account, all your data is automatically
deleted at the time of deactivation.
Does anyone at Trend look at this data?
No, Cloud Posture staff don’t have access to
view your dashboard or account information. Authorized members of our technical team have
limited access to view metadata associated with your accounts, for example, the number
of
compliance checks performed. However, our staff cannot see the specific violations
associated with your AWS account.
Metadata
We understand that the infrastructure configurations (metadata) could be considered
sensitive and we have several layers of security in place to ensure that this metadata
is
captured, stored and accessed securely.
Customer metadata is encrypted at all touchpoints in our AWS infrastructure. From
data
collection, using signed requests and the AWS Security Token Service (STS), to the
use of
encryption at rest using the AWS Key Management Service. All internal staff must comply
with our strong password policies and have MFA enabled. All access to Cloud Posture infrastructure is monitored and
access levels are reviewed on a regular basis, with the principle of least privilege
enforced. Only senior Cloud Posture engineers
have access to production systems.
It's important to note that Cloud Posture staff
do not have access to the customer's Cloud Posture account unless the customer chooses to grant their Technical Account Manager read-only
access - which is at the discretion of the customer.
AWS Well-Architected Tool
- How does the AWS-Well Architected Tool Work?
- How do I start using the tool?
Trend Vision One™ – Cloud Posture has integrated with the AWS
Well-Architected Tool to ensure customers conduct 360-degree workload reviews in AWS
to
assure that their resources are complying with the AWS Well-Architected Framework.
How does the AWS Well-Architected Tool work?
The AWS Well-Architected Tool
uses the AWS Well-Architected Framework to compare your cloud application
environment against best practices across five architectural pillars: security,
reliability, performance efficiency, operational excellence, cost optimization and
sustainability.
Users answer a series of questions to review and evaluate their workloads and receive
step-by-step guidance to improve them in return.
How do I start using the AWS Well-Architected Tool?
Procedure
- Update the
Custom Policy: to allow Cloud Posture
to access data from the AWS Well-Architected Tool. The new permissions are:
* wellarchitected:ListWorkloads * wellarchitected:GetWorkload
- Make sure that the following Rules are enabled in Cloud Posture. For more info, see: Configure
Rules.
-
WellArchitected-001: AWS Well-Architected Tool is in Use: By configuring this Rule, you enable Cloud Posture to detect if the AWS Well-Architected Tool is in use.
-
WellArchitected-002: AWS Well-Architected Tool Findings: Configuring this Rule enables Cloud Posture to present a summary of the findings of your AWS accounts from the tool.
-
What to do next
Click on the Resolve button to view the Knowledge Base pages for
step-by-step guidance on using the tool and resolving the failure.
Once you have enabled the Rules and you have updated the Custom Policy, you will be
able
to use the AWS Well-Architected Tool with Cloud Posture.