Open menu

Add an AWS Account

Last updated: 23 July 2020

Last edited Jul 23, 2020

Location

Dashboard>Select Add an account

AWS accounts can be added to the Trend Micro Cloud One™ – Conformity platform in two ways:

  1. Add account via UI
  2. Add account via API

User Access

Administrator
Power User
Custom - Full Access
Read Only
Custom - Read Only

Add account via UI

  1. Enter the Account name and Environment
  2. Depending on your preference, choose your authentication type as Automated setup or Manual setup

  • Automated mode - These are accounts created using AWS Cloudformation. The Conformity Cloudformation template includes the Conformity custom policies - Part 1 and 2 and on the creation of the Cloudformation stack, an IAM role is created. This role in turn gives cross account access so that Conformity can access your account.

    Notes: We recommend using Automated mode as it is easier from a user experience perspective.

    We recommend that the Cloudformation stack be launched in North Virginia, us-east 1. Although, you can launch the stack in any region but since the resources inside the template are AWS IAM resources, they will be created in North Virginia so there is no advantage in launching the stack in another region. Furthermore, if the stack is in another region, Conformity account access settings will not show the account as managed by CloudFormation.

  • Manual mode - In this type of account, you will need to manually create the IAM role which grants cross-account access so that Conformity can access your account. You will also need to create the Conformity policies and attach it to the IAM role. 3. Follow instructions on the next window:

    Automated mode

    **

    Manual mode

    **

  1. Select the add-ons for your account. Currently, we provide the following options:

Communication post account addition

  1. When an account is set up, a default Email communication channel is created with triggers - Extreme and Very High-risk failures, and the organization administrator who created the account is notified in case of failures.
  2. Once an account is added, the conformity bot scans the user’s account and all failures which match the communication setting created is notified on the Email of the organization administrator who created the account.

FAQs

How many accounts can I add to one organization and how will I be charged?

Customers with Conformity Subscription: There is no limit to the number of accounts you can add to an organization. If you add more accounts than your Enterprise Agreement, you will be charged per additional account or as per the growth model in your contract.
Customers with AWS Marketplace Subscription: Once you hit your maximum accounts threshold as per your contract, you are not able to add cloud accounts to your organization anymore. Please get in touch with your Sales representative or Account Manager to review your account threshold.

Still need help? Login to Cloud Conformity and submit a ticket to our support team