Views:

Connect your AWS account to Container Security to link ECS clusters and protect your Amazon ECS containers.

Procedure

  1. Go to Cloud SecurityContainer SecurityContainer Inventory.
  2. Select the Amazon ECS node in the tree.
  3. Click Add account.
    The Add Cloud Account screen appears.
  4. In another browser tab, sign in to your AWS account that manages the containers you want to protect.
  5. Go back to Trend Vision One and in the Add Cloud Account screen, select the region associated with your AWS account.
  6. Review each security feature and enable the features to apply to your Amazon ECS cluster.
    Feature
    Description
    Core Features
    The core set of features and permissions required to connect your AWS account
    Core features enable you to connect your AWS account to Trend Vision One to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure.
    Note
    Note
    Core features are required to connect your AWS account and cannot be disabled. If you need to disconnect your account, see AWS accounts
    Agentless Vulnerability & Threat Detection
    The feature and permission set to enable Attack Surface Risk Management (ASRM) capabilities for your account
    Important
    Important
    Agentless Vulnerability & Threat Detection configuration does not apply to Container Protection for Amazon ECS.
    This feature set allows Trend Vision One to deploy Agentless Vulnerability & Threat Detection in your AWS account to discover vulnerabilities and malware in AWS EBS volumes attached to EC2 instances, ECR images, and Lambda functions with zero impact to your applications. To learn more, see Agentless Vulnerability & Threat Detection.
    You can specify which resource types to include in scans when you add your AWS account in Cloud Accounts. Three AWS resource types are currently supported: EBS (Elastic Block Store), ECR (Elastic Container Registry), and Lambda. All resources are included in vulnerability scanning by default. Anti-malware scanning is disabled by default but may be enabled at any time.
    Container Protection for Amazon ECS
    Important
    Important
    Required for Container Security protection
    The feature and permission set to view and protect your containers
    This feature set allows Container Security to connect and deploy components to your AWS account to protect your containers and container images in Elastic Container Service (ECS) environments.
    Important
    Important
    • As of November 2023, AWS private and freemium accounts only allow a maximum of 10 Lambda executions. Container Protection deployment requires at least 20 concurrent Lambda executions. Please verify your AWS account status before enabling this feature.
    XDR for Cloud - AWS CloudTrail
    The feature and permission set to enable Cloud Audit Log Monitoring for your account
    This feature set enables XDR monitoring of your cloud account to gain actionable insight into user, service, and resource activity with detection models identifying activity such as privilege escalation, password modification, and other attack techniques. Detections generated by this feature can be viewed in the Search and Workbench apps.
    This feature requires additional configuration of your CloudTrail settings. For more information, see CloudTrail configuration.
    Note
    Note
    XDR for Cloud requires credits to use. Click the Credit Settings icon (gear_icon=fc9a51ad-35af-4fe3-92c6-5e41b2dfc5d9.png) to manage your data allowance limit and allocated credits and view a graph of past data usage.
    Cloud Response for AWS
    The feature and permission set to allow response actions for your account
    This feature set allows Trend Vision One permission to take response actions to contain incidents within your cloud account, such as revoking access for suspicious IAM users. Additional response actions leverage integration with third party ticketing systems. Response actions can be taken from the context menu in the Workbench app.
    This feature requires enabling XDR for Cloud - AWS CloudTrail for your account.
  7. If you have more than one Server & Workload Protection Manager configured in Endpoint Security, select the manager that you want to associate the cloud account with.
    If you do not have any or only have one Server & Workload Protection Manager configured, this setting does not appear. Any virtual machines managed by your connected AWS account appear in Computers workgroup under the selected Server & Workload Protection Manager.
  8. Click Launch Stack.
    A new browser tab opens to the Amazon AWS Quick create stack screen.
  9. Scroll to the bottom of the Quick create stack screen to the Capabilities section, select the acknowledgement options, and click Create stack.
    Important
    Important
    The Amazon AWS console redirects to the Stacks screen. Allow some time for the stack creation progress to complete before proceeding. Once the stack creation process is complete, you can begin assigning policies to your clusters.