Click on “Copy to Clipboard” to copy the API secret key. This API secret key will be required as an input to the Python script that we will be running shortly. It is recommended to store this key securely as it could be used for various automation tasks in Trend Micro Cloud One.
The next step is to clone the WorkloadSecurityConnector-AWS GitHub repository here.
Once you have the GitHub repository cloned, navigate to the folder, and run the following command:
pip install -r requirements.txt
You will need to configure the tool with the config.json file found within the folder.
The field dsmHost is set to https://cloudone.trendmicro.com to communicate with
The API secret key we copied to the clipboard earlier replaces the value <Your-API-Key> for the field c1wsApiKey.
The other two fields, awsDisplayName and awsAccountId, are AWS specific values. The awsDisplayName is the display name for the AWS account you are about to add to Workload Security and awsAccountId is the account ID. To find your AWS account ID, run the following AWS Command Line Interface (CLI) command:
aws sts get-caller-identity –query Account –output text
Your account ID is the 12-digit number returned from the AWS CLI command.
If the machine you are using is an Amazon Elastic Compute Cloud (EC2) instance, you can use an AWS Identity and Access Management (IAM) instance role to proceed with the next step. Set the useInstanceRole flag to true.
Note: The Python script supports other options for authentication and authorization like using an AWS IAM access and secret key or a cross-account IAM role. For the purposes of this demo, we recommend using an Amazon EC2 machine with an appropriate instance role attached to it.
If your AWS account utilizes Amazon WorkSpaces, we recommend turning the workspacesEnabled flag to true for visibility into its instances.
Once the config.json file is configured, save the file, and then run the following command:
Your Workload Security dashboard should soon start to populate your Amazon EC2 and Amazon WorkSpaces instances across all AWS regions on the “Computers” tab of the console.