Cloud Assets

CloudFormation Template that protects Internet traffic

get/cloudassets/aws/templates/hosted-infrastructure-routing

The CloudFormation Template protects Internet traffic by routing traffic through Network Security endpoints that are already deployed. There are two deployment types supported. The Edge deployment type protects Internet facing traffic by routing traffic through the Network Security endpoints right before going to the Internet Gateway. The More Specific Routing (MSR) deployment type is used for environments with an Application Load Balancer. In MSR, the endpoints are placed between the Application Load Balancer and the Application Load Balancer's instances, which allows for TLS inspection.

SecurityTrend Micro Cloud One API Key

Request

query Parameters

awsAccountId required	string AWS account where the VPC ID exists Example: awsAccountId=123456789012
awsRegion required	string The region where the VPC ID exists Example: awsRegion=us-west-1
vpcId required	string VPC ID where internet traffic is protected Example: vpcId=vpc-123456789012

Responses

200

400

Bad Request

401

Unauthorized

403

Forbidden

500

Internal server error

Request samples

Python using CFT Body
Python using S3 URL

import boto3
import json
import requests

# User Settings

api_key = '<YOUR_API_KEY>'
vpc_id = '<YOUR_VPC_ID>'
aws_account_id = '<YOUR_AWS_ACCOUNT_ID>'
aws_region = '<YOUR_AWS_REGION>'

cloud_one_region = '<YOUR_CLOUD_ONE_REGION>'
cloud_one_url = f'https://network.{cloud_one_region}.cloudone.trendmicro.com'

stack_name = '<YOUR_STACK_NAME>'

# Make API call to Cloud One

headers = {
  'Content-Type': 'application/json',
  'Authorization': f'ApiKey {api_key}',
}

parameters = {
  'vpcId': vpc_id,
  'awsAccountId': aws_account_id,
  'awsRegion': aws_region,
}

response = requests.get(f'{cloud_one_url}/api/cloudassets/aws/templates/hosted-infrastructure-routing', headers=headers, params=parameters)

data = response.content.decode()
data = json.loads(data)

# Create a stack using the response data from Cloud One

client = boto3.client('cloudformation', region_name=aws_region)

response = client.create_stack(
  StackName = stack_name,
  TemplateBody = data['cloudFormationTemplate']['body'],
  Capabilities = ['CAPABILITY_NAMED_IAM'],
)

Response samples

application/json

{"cloudFormationTemplate": {"body": "{\\n    \\\"Parameters\\\": {\\n        \\\"CloudOneAccountId\\\": {\\n ...",
"url": "https://trend-cloudassets-templates.s3.amazonaws.com/vpc_endpoint_routing_configuration.yml",
"parameters": [{"ParameterKey": "RouteList",
"ParameterValue": "7BaBlguKWOwxbwHmRtRMUi8Pu+oeHsolL5BKorHn4ABdj4mQb9ah4ImiMo3f"
},
{"ParameterKey": "ResourceNamePrefix",
"ParameterValue": "TM-NS"
}
]
}
}

➔ Next to Network Security with hosted infrastructure