Views:

Use the APIs on the Trend Vision One Automation Center to connect your AWS account.

You can use the APIs available on the Trend Vision One Automation Center to connect your AWS account, and retrieve the CloudFormation stack template from Cloud Accounts.
The stack template created by the Cloud Accounts app contains a token used to activate certain features after deployment. The token is designed to expire, requiring you to periodically regenerate the CloudFormation stack template to get an updated token. The features which require a token are:
  • Cloud Detections for AWS CloudTrail
  • Agentless Vulnerability & Threat Detection
For organizations that require a static template that does not expire, use the token API to generate a token which can be added into the CloudFormation template. You can access the token API from the automation center.
Important
Important
  • Currently only the XDR for Cloud - AWS CloudTrail feature supports the token. You cannot use the static template for Agentless Vulnerability & Threat Detection.
  • The Token API is only required if Cloud Detections for AWS CloudTrail is enabled..
  • The user role assigned to the Token API must have full permissions to add, delete, and edit Cloud Accounts. For more information about user roles, see User Roles (Foundation Services release).
  • The steps are valid for the AWS console as of January 2024.
The following steps cover using the AWS console to upload the stack template. If you use an API to upload templates to your AWS account, follow your normal procedures and use the suggested configurations contained in these steps.

Procedure

  1. Generate and download the stack template from Cloud Accounts.
    • Access the Trend Vision One console and create the template.
      1. In the Trend Vision One console, go to Service ManagementCloud AccountsAWS
      2. Click Add Account.
      3. On the Deployment Type screen, select CloudFormation and Single AWS Account.
      4. Click Next.
      5. Specify the Account name, Description, and select the AWS region for deployment.
      6. If you have more than one Server & Workload Protection Manager instance, select the instance to associate with the connected account and click Next.
      7. On the Features and Permissions screen, enable XDR for Cloud - AWS CloudTrail and click Next.
      8. Click Download and Review Template.
      Note
      Note
      The Account Name and Description fields are not exported to the review template. These parameters are provided in a later step.
    • Call an API to retrieve the template.
      1. Locate the Get AWS CloudFormation template API on the automation center.
      2. Locate the query_params strings.
      3. For awsRegion, provide the AWS region where you want to deploy the stack template and Core Features. The default region is based on your Trend Vision One region.
      4. For features, list the features you want to enable.
      5. For featureAwsRegions, specify the regions to deploy resources for certain features.
        This field is required for features such as Agentless Vulneratibility & Threat Detection and Containter Protection for Amazon ECS. Some features have limited region support. For more information, see AWS supported regions and limitations.
      6. Save your changes and call the API.
        The API returns the following:
        • templateUrl: The URL to download the template.
        • visionOneOidcProviderUrl: A required parameter for deploying the template.
        • createStackUrl: URL of the AWS CloudFormation console pointing to the CloudFormation template of Trend Vision One.
      7. Download the template.
  2. If you need to deploy a static template, call the Token API.
    The API returns the values bootstrapToken and visionOneApiKey.
  3. Locate the template file and open it in a text editor.
  4. Locate the Parameters resource immediately following the Outputs resource and provide values for the required parameters.
    Replace the explanation strings within the brackets {} with the required values.
    Parameter
    Value
    CloudAccountDescription
    Specify a description which displays in the Cloud Accounts app
    CloudAccountName
    Specify the account name which displays in the Cloud Accounts app
    CloudAuditLogMonitoringCloudTrailSNSTopicArn
    The ARN of the CloudTrail SNS topic to monitor
    This is required only if you enabled the Cloud Detections for AWS CloudTrail feature. Otherwise, leave empty.
    CloudAuditLogMonitoringCloudTrailArn
    The ARN of the CloudTrail to monitor
    This is required only if you enabled the Cloud Detections for AWS CloudTrail feature. Otherwise, leave empty.
    OrganizationID
    Leave empty for connecting a single account.
    ServerWorkloadProtectionManager
    The ID of the Server & Workload Protection instance to associate with the AWS account
    If you have provisioned at least one Server & Workload Protection, you must provide this value. The value is the following JSON string encoded in base64:
    • [{"name":"workload", "instanceIds":["<instance id>"]}]
    The instance id can be found in the Product Instance app.
    For example, if the instance id is 123:
    • The JSON string is [{"name":"workload", "instanceIds":["123"]}]
    • The base64 string to provide for this parameter is: W3sibmFtZSI6Indvcmtsb2FkIiwgImluc3RhbmNlSWRzIjpbIjEyMyJdfV0=
    VisionOneAPIKey
    Specify the API Key to invoke Cloud Accounts
    If you are using the Token API, paste the visionOneApiKey returned by the API.
    Otherwise, use your account API Key. Make sure the user account associated with the API Key has full permissions for Cloud Accounts.
    VisionOneAccountID
    Your Trend Vision One business ID
    VisionOneOIDCProviderURL
    cloudaccounts-{region}.visionone.trendmicro.com
    Replace {region} with one of the region values: us, eu, au, sg, in, jp
    Note
    Note
    If you used an API to retrieve the template, the API returns the value as visionOneOidcProviderUrl.
    VisionOneRegion
    The region of your Trend Vision One deployment
    Use one of the values: us, eu, au, sg, in, jp
  5. If you are using a static template, provide the parameters returned by the Token API
    1. Locate the resource customExchangeToken and go to the properties section.
    2. Locate the property VisionOneBootstrapToken and replace the value with the bootstrapToken value generated by the Token API.
    3. Locate the property VisionOneAPIKey and replace the value with the visionOneApiKey value generated by the Token API.
  6. Save your changes to the template file.
  7. Access the Amazon CloudFormation console and go to Stacks.
  8. Click Create Stack.
    If prompted, select With new resources (standard).
  9. In the Create stack screen, select Template is ready.
  10. For Template source, select Upload a tempate file then click Choose file to upload the template.
  11. Click Next.
  12. Configure the Specify stack details screen.
    1. If you want to use a name other than the default, specify a new Stack name.
    2. In the Parameters section, verify the following parameters are correct.
      • CloudAuditLogMonitoringCloudTrailArn
      • CloudAuditLogMonitoringCloudTrailSNSTopicArn
      Important
      Important
      Do not change any other settings in the Parameters section. CloudFormation automatically provides the settings for the parameters. Changing parameters might cause stack creation to fail.
  13. Click Next.
  14. Configure the Configure stack options as needed for your organization needs, then click Next.
  15. In the Review screen, select the options under Capabilities.
    • I acknowledge that AWS CloudFormation might create IAM resources with custom names.
    • I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND.
  16. Click Submit.
    The Stack details screen for the new stack appears with the Events tab displayed. Creation might take a few minutes. Click Refresh to check the progress.