Views:

Learn which VPC parameters you must provide to enable Cloud Account resource deployment in Amazon Virtual Private Cloud (VPC).

Procedure

  1. In the AWS management console, if you want to use a name other than the default, specify a new Stack name.
  2. In the Parameters section, configure the following parameters:
    1. VpcSubnetIDs: The subnet IDs for the VPC where the resources will be deployed. Provide a comma-separated list of subnet IDs in the same region where the Cloudformation template is deployed.
    2. VpcSecurityGroupIDs: The security group IDs for the VPC where the resources will be deployed. Provide a comma-separated list of security group IDs in the same region where the CloudFormation template is deployed.
    3. VpcProxy: The proxy URL for the VPC environment. This will be set as HTTP_PROXY and HTTPS_PROXY environment variables for Lambda functions.
    4. RegionalVpcSubnetIDs: The subnet IDs for the VPC where the resources will be deployed in each additional region.
      Provide a JSON string mapping regions to comma-separated lists of subnet IDs. For example: {"ap-northeast-2":"subnet-abc123,subnet-def456","us-east-1":"subnet-ghi789"}
    5. RegionalVpcSecurityGroupIDs: The security group IDs for the VPC where the resources will be deployed in each additional region.
      Provide a JSON string mapping regions to comma-separated lists of security group IDs. For example: {"ap-northeast-2":"sg-abc123,sg-def456","us-east-1":"sg-ghi789"}
    6. RegionalVpcProxy: The proxy URL for the VPC environment in each additional region.
      Provide a JSON string mapping regions to proxy URLs. For example: {"ap-northeast-2":"http://proxy-ap-northeast-2.example.com:8080","us-east-1":"http://proxy-us-east-1.example.com:8080"}
  3. In the Parameters section, configure the following parameters as needed.
    • For CloudAuditLogMonitoringCloudTrailArn, provide the ARN for the CloudTrail you want to monitor. This parameter is only required if you enabled Cloud Detections for AWS CloudTrail.
    • For CloudAuditLogMonitoringCloudTrailSNSTopicArn, provide the ARN of the CloudTrail SNS topic. This parameter is only required if you enabled Cloud Detections for AWS CloudTrail.
      Important
      Important
      • The monitored CloudTrail and CloudTrail SNS must be on the same account and in the same region selected for the template deployment.
  4. In the Capabilities section, select the following acknowledgments:
    • I acknowledge that AWS CloudFormation might create IAM resources with custom names.
    • I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND.
  5. Click Connect.
  6. In the TrendAI Vision One™ console, click Done.
    The account appears in Cloud Accounts once the CloudFormation template deployment successfully completes. Refresh the screen to update the table.