Resources deployed by Cloud Accounts | Trend Micro Service Central

Review the services deployed to your cloud environment when connecting to Cloud Accounts.

When connecting your cloud resources to the Cloud Accounts app, certain features and services are deployed to your environment to facilitate the connection and enable detection and response capabilities. The following tables list the services deployed within your environment.

AWS

Feature name	Services deployed (number)
Core features and permissions	Cloudformation Stack (1) Cloudformation Stack Nested (0~3) IAM Managed Policy (3~4) IAM OIDC Provider (1) IAM Policy (2~4) IAM role (3~5) Lambda (2~4) LogGroup (2~3) Custom (4) SSM (1)
Conformity (included in core features)	Uses IAM permissions only
Cloud Detection for AWS CloudTrail	Single Account: Lambda (10-12) Event bridge (1) IAM (7) SQS (1) Control Tower: Lambda (10-12) Event bridge (1) IAM (7) SQS (1) EventBridge (1) (User provided) SNS (1) (User provided)
Cloud Response for AWS	Only uses IAM permissions Creates one IAM Policy to revoke an IAM user's permissions.
Container Protection for AWS ECS	Cloudformation Stackset (1) IAM Roles (8) Lambda (4) Log group (5) Custom (4) SQS (1) ECS task def (1) SSM parameters (1)
Agentless Vulnerability & Threat Detection	This feature deploys a base stack to the region you select when connecting the account, as well as additional resources to each monitored region. The number of resources deployed depends of the number of regions monitored. Lambda (8 in base stack, plus 24 per region) S3 Buckets (2 per region) IAM Roles (9 in base stack, plus 25 per region) Event Rules (2 in base stack, plus 10 per region SQS (5 per region) Custom (5 in base stack, plus 4 per region) Secrets (1 in base stack, plus 1 per region) Parameter Store Parameter (1 per region) Step Function (1 per region)
File Security Storage	CloudFormation StackSets (1) CloudFormation Stack (1 per region) EventBridge (1) IAM Roles (13) IAM Policies (4) SNS Topics (1) SNS Subscriptions (2) Lambda Permissions (3) Lambda Functions (10) Lambda EventSourceMapping (4) SQS Queue (4) SQS Queue Policy (4) CloudWatch LogGroup (6) System Manager Parameter Store (3) Custom (10)

Azure

Feature name	Services deployed (number)
Core features and permissions	Resources: App Registration (1) Federated Credential (1) Applications (1) Role and Role Assignments of the Service Principal (1) API Permissions: Azure Active Directory Graph (4) Directory.Read.All \| Delegated Directory.Read.All \| Application User.Read \| Delegated User.Read.All \| Delegated Microsoft Graph (4) Directory.Read.All \| Application User.Read \| Delegated User.Read.All \| Delegated User.Read.All \| Application
Conformity (included in core features)	Uses IAM permissions only

Feature name

Services deployed (number)

Core features and permissions

Resources:

App Registration (1)
Federated Credential (1)
Applications (1)
Role and Role Assignments of the Service Principal (1)

API Permissions:

Azure Active Directory Graph (4)
- Directory.Read.All | Delegated
- Directory.Read.All | Application
- User.Read | Delegated
- User.Read.All | Delegated
Microsoft Graph (4)
- Directory.Read.All | Application
- User.Read | Delegated
- User.Read.All | Delegated
- User.Read.All | Application

Conformity (included in core features)

Uses IAM permissions only

Google Cloud

Feature name	Services deployed (number)
Core features and permissions	Resources: Service Account (1) Workload Identity Pool Provider (1) IAM (3) Tag Key (1) Tag Value (1) Enabled APIs: IAM Service Account Credentials Cloud Resource Manager Identity and Access Management Cloud Build Deployment Manager Cloud Funcitons Cloud Pub/Sub Secret Manager
Conformity (included in core features)	Uses IAM permissions only