Views:

Manage the enabled features and permissions for your connected AWS accounts and organizations and update to the latest version of the stack template.

The Stack Update tab is where you can manage enabled features and permissions on your AWS accounts and AWS organizations. You can also manage stack updates as feature enhancements are released. Changing the features and permissions settings requires updating the stack. For more information about the features and permissions, see AWS features and permissions.
Important
Important
Stack updates cannot be performed on individual accounts managed by an AWS organization. To update the settings, you must edit the stack for the AWS organization.
Stack updates are for AWS accounts connected using CloudFormation. If you connected your account using a terraform script, see Resource Update.
To troubleshoot a partially failed deployment to an AWS organization, see AWS organization shows "Reconnect" or "Update feature stack" action after deployment attempt.

Procedure

  1. Sign in to the Trend Vision One console.
  2. Go to Service ManagementCloud AccountsAWS and click on the name of the account you want to update.
  3. In the Cloud Accounts Settings screen, go to the Stack Update tab.
  4. Under the Select Features section, enable or disable the cloud account features.
    You can change the deployment regions for Agentless Vulnerability & Threat Detection and Container Protection for Amazon ECS if desired. For Agentless Vulnerability & Threat Detection, you may also change the resource types to scan and whether to scan for vulnerabilities, malware, or both.
  5. Under the Copy the Template S3 URL section, click Copy S3 URL.
  6. If the API key has expired, click Copy Vision One API Key to obtain a new key.
    The Trend Vision One API key is valid for 90 days. Attempting to update the feature stack with an expired key automatically fails.
  7. If you want to review the template before deploying, click Download and Review Template.
  8. Under the Update CloudFormation Template section, verify the Stack name in step 3.
  9. In a new tab in the same browser session, sign in to the connected AWS account.
    You can view the AWS account ID on the Account Information tab.
  10. In the AWS console, access the CloudFormation console.
  11. Go to Stacks and click the stack name for the stack you want to update.
    The Stack details screen appears.
  12. Click Update.
  13. In the Update stack screen, select Replace current template.
  14. Under the Specify template section, set Template source to Amazon S3 URL.
  15. Paste the template S3 URL you copied into the Amazon S3 URL field.
  16. Click Next.
  17. Configure the Parameters screen if required.
    1. If the API key has expired, locate VisionOneAPIKey and clear Use previous value.
    2. Paste the API key you copied from Trend Vision One.
    3. If you are enabling Cloud Detections for AWS CloudTrail, provide the following ARNs:
      • For CloudAuditLogMonitoringCloudTrailArn, provide the ARN for the CloudTrail you want to monitor.
      • For CloudAuditLogMonitoringCloudTrailSNSTopicArn, provide the ARN of the CloudTrail SNS topic.
      Important
      Important
      The monitored CloudTrail and CloudTrail SNS must be on the same account and located in the same region you selected for the template deployment.
      Do not change any other settings in the Parameters screen. CloudFormation automatically provides the settings for the parameters. Changing parameters might cause the stack update to fail.
  18. In the Configure stack options screen, click Next.
  19. In the Review screen, under the Capabilities section, select I acknowledge that AWS CloudFormation might create IAM resources.
  20. Click Submit.
    The Stack details screen appears with the Events tab open. The update process might take a few minutes. Click Refresh to check the progress.
  21. After the stack update completes, go back to the Trend Vision One console.
  22. Refresh the Cloud Accounts screen to verify the update is successful.