Table of contents

Manage your AWS cloud accounts

You add, list, update, and delete AWS Cloud Accounts from the Cloud Accounts page. When you create or update your stacks, you deploy Cloud Sentry.

Cloud Account page

The Cloud Account page lists all of your AWS accounts and displays the account information, of any account that you select. It is broken into two sections:

  • Cloud Accounts. This section lists the AWS accounts and their status that are connected to Trend Micro.

  • Account. This section contains information on a selected account and its configuration.

Add an AWS cloud account

To set up a new Cloud Account, you must deploy resources in your AWS account to provide access to Trend Micro Cloud One. You deploy the AWS CloudFormation template to create the required AWS resources.

  1. Sign up for Trend Micro Cloud One. You can create an account here: https://cloudone.trendmicro.com.

  2. Log into Trend Micro Cloud One.

  3. Go to Integrations > Cloud Accounts.

  4. Click the AWS tab.

  5. Click New to begin the Cloud Account setup wizard.

  6. Open another tab in your browser and sign into your cloud account.

  7. Select the region where you want to deploy your cloud resources and select Launch Stacks.

    This opens the AWS management console in a new tab to run the IAM role creation template.

    If you want to see the permissions granted by the CloudFormation template, click **Download Template** and view the downloaded template.
    {: .note }
    
  8. (Optional) Enable or disable:

    • Sentry. This allows Cloud Sentry to carry out the analysis of your project. (Enabled by default)
  9. Click Launch Stack to open the AWS Management Console and deploy the AWS CloudFormation Template.

    AWS CloudFormation will display the template with some parameters filled in. You can change the Stack name if you wish to do so, but leave the other parameters as they are. If you change them, the stack creation may fail.

  10. In the console, click through the role creation form and select the following checkboxes:

    I acknowledge that AWS CloudFormation might create IAM resources

    and if you are deploying Cloud Sentry:
    

    I acknowledge that AWS CloudFormation might require the following capability:

    CAPABILITY_AUTO_EXPAND

  11. Select Create Stack.

  12. When the stack creation is complete, go to Outputs, copy the CloudFormationArn value and paste in the ARN field of the Connect AWS Account wizard.

  13. (Optional) Define your Alias:

    1. Add an Alias name.
    2. Add a Description.
  14. Click Connect.

    Once the AWS Cloud Account has been successfully created, click Close in the bottom right to navigate back to the Cloud Accounts page.

Updating an existing Cloud Account

When you update an existing cloud account in Trend Micro Cloud One, you can:

  • Update the CloudFormation template
  • Enable new features and permissions

  • Go to Integrations > Cloud Accounts.

  • Click the AWS tab.

  • Select the account you wish to update.

  • Click Update Stack. The Update Stack drawer opens.

  • In the View configuration, you can enable or disable:

    • Cloud Sentry. This deploys Cloud Sentry and grants access to inspect your resources for threats. (Enabled by default)
  • To update the CloudFormation template:

    1. Click Copy S3 URL.
    2. Sign into your AWS account.
    3. In AWS CloudFormation, use the stack name to find your stack.
    4. Select Replace current template and paste in the copied S3 URL.
    5. Deploy the template to complete the update.
  • If you made changes to configuration in step 5, click the Save button.

Remove an existing Cloud Account

When you remove an existing account from Trend Micro Cloud One, you do not remove it from Amazon. After removing the account, you should go into your AWS console and remove the affiliated stacks.

  1. At the bottom of the Trend Micro Cloud One console home page, click on Integrations.

  2. Click the AWS tab.

  3. Select the account you wish to remove, then click Delete.

  4. From the pop-up dialog box, click Delete.

  5. Delete the associated resources in your AWS account.