AWS

Operations using AWS

Add an AWS cloud account

post/api/cloudaccounts/aws

Provided valid authorization and AWS account details, adds the AWS cloud account to the Trend Micro Cloud One account.

SecuritycloudOneAPIKey

Request

header Parameters

Api-Version

required

string

The API version used in this request.

Value: "v1"

Request Body schema: application/json

alias	string The friendly identifier of the cloud account
description	string The description of the AWS account
features	Array of strings If present, represents the set of Features to be enabled for the cloud account. Please refer to the /api/cloudaccounts/aws/features endpoint for a description of what Features are and their usage.
roleARN required	string The ARN for the role in the AWS account that Trend Micro Cloud One should assume

Responses

201

AWS Cloud account created

400

Bad Request + specific error message

401

Valid authentication was not provided

403

Unauthorized

409

This indicates a request conflict with the current state of the target resource

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

Internal server error

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Request samples

Payload

application/json

{"roleARN": "arn:aws:iam::012345678910:role/role-name",
"alias": "production EU account",
"description": "The production account in the EU region",
"features": ["cloud-sentry",
"example-feature-2"
]
}

Response samples

application/json

{"id": "012345678910",
"roleARN": "arn:aws:iam::012345678910:role/role-name",
"created": "2020-07-10T07:02:10Z",
"lastModified": "2020-07-10T07:02:10Z",
"alias": "production account",
"description": "Corp ABC production account",
"state": "managed",
"features": ["cloud-sentry",
"example-feature-2"
],
"missingPermissions": {"base": ["serviceA:SamplePermissionB"
],
"cloud-sentry": ["serviceA:SamplePermissionC",
"serviceB:SamplePermissionD"
]
},
"parentStackName": "Cloud-One-Cloud-Account-Management",
"lastSyncTime": "2020-07-10T07:02:10Z"
}

List all AWS cloud accounts managed by Trend Micro Cloud One

get/api/cloudaccounts/aws

Provided valid authorization, lists all AWS cloud accounts managed by Trend Micro Cloud One

SecuritycloudOneAPIKey

Request

query Parameters

cursor

string

An encoded value used to retrieve the next set of results for a query that returns more results than the provided limit. It uses the next value from the previous response.

Example: cursor=eyJrIjoiMXVLa2lsb3B2RnhsS0FuYUU0bThqUmVjZDdCIiwibiI6IkJUY2hRU2pOVDBSUjc0cHUifQ.EilR0MPcmh9JdsQ1omPx1cJQvh_RjDwI_AnHAWu-G1YSN9ZTjoKswEhDObUaefE8nf97AlccfogXrvrcjfpE7gDJCz4oI-6rfM43E9T_Or3uyOG3OgHoK9eyUX-qv8WTYwnf1tzwVN1e1D4B0Kr81yQBi2Y-MdeIH60rkOFI42w6I9fEJRDnPRoFqRn2Hw70ehjrCRpkeRKS9emduCL_YNZmjNEst1i6heg5-sqtkBYrYaqWecKJ5rqskQN_apfrX-BEfh6Ph2j7hYKJ6s32j3dOGR9paTFikewtKWMXBcy6kW5uZqGwO05sVW1Wy6HavxpNm5ha50WKotoEndvzuW0RasT9YLbCry1qRYt3X8NKybpERt2u7lRHNSY3DuVtbXbeR9oUzsO1Br31ywH0dBkn3WsfPYFOaEt0htVo0_DlDZh-0oH4PdzvCkzDQn-EM8u9PCxzvxSMGtQ_UXcDxEZcUgfgnLQy4Fu2AHumF136tXZyTh8GAd-mLqC6xtvOXJTDF7s0TxQ7A57d9C1EDrEJOBuq

limit

integer

The maximum numbers of records to return. It accepts an integer ranging from 1 to 25. Otherwise, the request will be rejected.

Example: limit=25

header Parameters

Api-Version

required

string

The API version used in this request.

Value: "v1"

Responses

200

List of AWS cloud accounts

400

Bad Request + specific error message

401

Valid authentication was not provided

403

Unauthorized

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

Internal server error

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Response samples

application/json

{"cloudAccounts": [{"id": "012345678910",
"roleARN": "arn:aws:iam::012345678910:role/role-name",
"created": "2020-07-10T07:02:10Z",
"lastModified": "2020-07-10T07:02:10Z",
"alias": "production account",
"description": "Corp ABC production account",
"state": "managed",
"features": ["cloud-sentry",
"example-feature-2"
],
"missingPermissions": {"base": ["serviceA:SamplePermissionB"
],
"cloud-sentry": ["serviceA:SamplePermissionC",
"serviceB:SamplePermissionD"
]
},
"parentStackName": "Cloud-One-Cloud-Account-Management",
"lastSyncTime": "2020-07-10T07:02:10Z"
}
],
"next": "dGhpcyB2YWx1ZSBpcyBvcGFxdWUsIGRlY29kaW5nIGl0IHdvbid0IGJlIHVzZWZ1bAo="
}

Lists all available AWS cloud account Features

get/api/cloudaccounts/aws/features

Provided valid authorization, lists all AWS cloud account Features offered by Trend Micro Cloud One. AWS Cloud Account Features configure additional IAM Policy Actions within the CloudFormation Template returned by the /api/cloudaccounts/aws/templates endpoint to enable security services to deliver additional security value. For additional information on a specific Cloud Account Feature, please refer to the documentation URL provided within the response of this API endpoint.

SecuritycloudOneAPIKey

Request

header Parameters

Api-Version

required

string

The API version used in this request.

Value: "v1"

Responses

200

Available AWS cloud account Features listed

400

Bad Request + specific error message

401

Valid authentication was not provided

403

Unauthorized

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

Internal server error

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Response samples

application/json

{"availableFeatures": {"featureID": {"title": {"en": "Example Feature",
"ja": "..."
},
"description": {"en": "Example Feature Description",
"ja": "..."
},
"documentation": {"en": "https://cloudone.trendmicro.com/docs/",
"ja": "https://cloudone.trendmicro.com/docs/jp"
}
}
}
}

Modify an AWS cloud account

post/api/cloudaccounts/aws/{id}

Provided valid authorization and AWS account details, modifies the AWS cloud account details stored in the Trend Micro Cloud One account.

SecuritycloudOneAPIKey

Request

path Parameters

required

string

The AWS account ID

Example: 012345678910

header Parameters

Api-Version

required

string

The API version used in this request.

Value: "v1"

Request Body schema: application/json

alias	string The friendly identifier of the cloud account
description	string The description of the AWS account
features	Array of strings If present, represents the set of Features to be enabled for the cloud account. Please refer to the /api/cloudaccounts/aws/features endpoint for a description of what Features are and their usage.
roleARN	string The ARN for the role in the AWS account that Trend Micro Cloud One should assume

Responses

200

AWS cloud account modified

400

Bad Request + specific error message

401

Valid authentication was not provided

403

Unauthorized

404

Not Found

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

Internal server error

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Request samples

Payload

application/json

{"roleARN": "arn:aws:iam::012345678910:role/role-name",
"alias": "production EU account",
"description": "The production account in the EU region"
}

Response samples

application/json

{"id": "012345678910",
"roleARN": "arn:aws:iam::012345678910:role/role-name",
"created": "2020-07-10T07:02:10Z",
"lastModified": "2020-07-10T07:02:10Z",
"alias": "production account",
"description": "Corp ABC production account",
"state": "managed",
"features": ["cloud-sentry",
"example-feature-2"
],
"missingPermissions": {"base": ["serviceA:SamplePermissionB"
],
"cloud-sentry": ["serviceA:SamplePermissionC",
"serviceB:SamplePermissionD"
]
},
"parentStackName": "Cloud-One-Cloud-Account-Management",
"lastSyncTime": "2020-07-10T07:02:10Z"
}

Remove an AWS cloud account

delete/api/cloudaccounts/aws/{id}

Provided valid authorization and AWS account details, removes the AWS cloud account from the Trend Micro Cloud One account.

SecuritycloudOneAPIKey

Request

path Parameters

required

string

The AWS account ID

Example: 012345678910

header Parameters

Api-Version

required

string

The API version used in this request.

Value: "v1"

Responses

204

AWS cloud account deleted

400

Bad Request + specific error message

401

Valid authentication was not provided

403

Unauthorized

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

Internal server error

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Response samples

application/json

{"code": "invalid-feature",
"message": "There was a problem with your request. Review the indicated field for more details.",
"fields": {"features": "The requested features were invalid: cloud-sentry"
}
}

Get AWS CloudFormation template

get/api/cloudaccounts/aws/templates

Provided valid authorization, returns the AWS CloudFormation stack template, along with it's parameters, which are required to use this service. The template contains the role and policies needed for Cloud One to access resources stored in your AWS account.

SecuritycloudOneAPIKey

Request

query Parameters

awsRegion	string The AWS region to use in the "create stack" URL. If not provided, defaults to an AWS region in the same country as your Cloud One account's home region. Example: awsRegion=us-east-1
featureAWSRegions	string The AWS Regions where the Cloud Sentry feature will be deployed to. Please refer to the /api/cloudaccounts/aws/features endpoint for a description of what Features are and their usage. A list of the currently available Features can be obtained by making a request to /api/cloudaccounts/aws/features. Example: featureAWSRegions=us-east-1,ca-central-1
features	string Optional set of Features to be enabled for the cloud account. Please refer to the /api/cloudaccounts/aws/features endpoint for a description of what Features are and their usage. A list of the currently available Features can be obtained by making a request to /api/cloudaccounts/aws/features. Example: features=cloud-sentry,example-feature-2

header Parameters

Api-Version

required

string

The API version used in this request.

Value: "v1"

Responses

200

Details for creating an AWS CloudFormation stack

400

Bad Request + specific error message

401

Valid authentication was not provided

403

Unauthorized

404

Not Found

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

Internal server error

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Response samples

application/json

{"templateURL": "https://cloud-accounts.s3.us-east-2.amazonaws.com/templates/aws/cloud-account-management-role.template",
"parameters": {"cloudOneRegion": "us-1",
"cloudOneAccountID": "012345678901",
"cloudOneOIDCProviderURL": "https://cloudaccounts.ca-1.cloudone.trendmicro.com"
},
"createStackURL": "https://console.aws.amazon.com/cloudformation/home?region={awsRegion}#/stacks/quickcreate?templateUrl={templateUrl}&stackName=Cloud-One-Cloud-Account-Management&param_CloudOneRegion={cloudOneRegion}&param_CloudOneAWSAccountID={cloudAccountsAwsAccountID}&param_CloudOneAccountID={cloudOneAccountID}&param_CloudOneOIDCProviderURL={cloudOneOIDCProviderURL}"
}

➔ Next to Google Cloud Platform (GCP)