Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Action required if you are using cross account roles with the API /rest/cloudaccounts/aws

    • Updated:
    • 27 Feb 2020
    • Product/Version:
    • Deep Security as a Service
    • Platform:
Summary

To better align with AWS best practices and improve AWS account security, we have made two changes to the process of adding a new AWS account into Deep Security using cross account roles:

  1. We have implemented a restriction that the same AWS account role / external id combination cannot be used in more than one Deep Security as a Service account at the same time.
  2. Previously when using a cross account role for authentication, Deep Security required two pieces of information: a role ARN, and an external ID trusted by the role.  A new process has been introduced where Deep Security provides the external ID, and requires that the role provided has included this external ID in its trust policy. This change will provide stronger security in shared Deep Security environments, as well as ensure strong external IDs are always used. 
     
Details
Public

We have introduced /api/awsconnectors which supports the new process to add AWS cloud accounts to Deep Security.  Please see the online help center article for details.

With the introduction of /api/awsconnectors you will see that calls to /rest/cloudaccounts/aws will now include a Deprecation header.  This will not immediately impact any functionality.

As of June 1, 2020, in Deep Security as a Service any calls to the deprecated  /rest/cloudaccounts/aws that attempt to add an AWS cloud account using a cross account role with customer provided external id will fail as an invalid request.  To resolve this issue you will be required to update your automation scripts to use the new API /api/awsconnectors to continue adding cloud accounts using a cross account role.

For on premise customers this change will apply in Deep Security 20.

If you have any questions or concerns, please contact 
Technical Support  directly or your assigned Customer Service Manager.

 

Premium
Internal
Partner
Rating:
Category:
Configure; SPEC
Solution Id:
000241973
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.