Connect an Alibaba Cloud account using LocalShell

Procedure

1. In Trend Vision One™, go to Cloud Security → Cloud Accounts → Alibaba Cloud.
2. Click Add Account.
3. Specify the general information for the account:
   1. Provide a name and description of the Alibaba account.
   2. Select the region for resource deployment.
   3. If you have more than one Server & Workload Protection Manager instance, select the instance to associate with the connected account.

      Note If you only have one Server & Workload Protection Manager instance, the account is automatically associated with that instance. When updating a legacy connection, the account is disconnected from any other Server & Workload Protection instances.

   4. Click Next.
4. Configure the Features and Permissions you want to grant access to your cloud environment.
   • Core Features and Cyber Risk Exposure Management: Connect your Alibaba account to Trend Vision One to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure.
   • Cyber Risk Exposure Management - Cloud account assessment: Discover and assess your cloud assets for attack exposure, risk factors, and security posture.

     Note This feature requires credits, which are calculated based on asset count after onboarding the Alibaba account.

   • Agentless Vulnerability & Threat Detection: Discover vulnerabilities and malware in your Elastic Compute Service (ECS) instances, cloud disks, and Alibaba container registry images.
     For more information on each feature and permission set, see Alibaba Cloud features and permissions.
5. Click Next.
6. Select LocalShell Deployment.

   Note If you enabled Agentless Vulnerability & Threat Detection in the previous step, the LocalShell Deployment option is already selected and the CloudShell option is not available.

7. Set up your Alibaba Cloud CLI environment:
   1. Configure the Alibaba CLI profile by copying the command or typing:

      aliyun configure set \
        --profile AkProfile \
        --mode AK \
        --access-key-id <yourAccessKeyID> \
        --access-key-secret <yourAccessKeySecret> \
        --region cn-hangzhou

   2. Configure system environment variables by copying the command or typing:

      export ACCESS_KEY_ID=<access_key_id>
      export ACCESS_KEY_SECRET=<access_key_secret>

   3. Check your current STS identity by copying the command or typing aliyun sts GetCallerIdentity.
8. Click Download and Review Template to download the Terraform template to your local machine.
9. Unzip the template file.
10. In your local shell terminal, go to the directory where you downloaded the template file.
11. Initialize the Terraform backend by copying the command or typing:

    export TF_STATE_REGION=”us-east-1”
    bash script.sh create_backend

    This step creates the following resources:

    OSS bucket: vision-one-tf-state-bucket-<AliAccountId>-<region>
    OTS instance (derived from your account ID)
    OTS table: vision_one_lock_table

12. Run the deployment script.
    Copy the command or type bash script.sh install.

    Important The resource creation script must be the only terraform file in the directory. Having more than one terraform file in the folder interferes with deployment process and might cause the connection to fail.

13. In the Trend Vision One console, in the Connect Alibaba Cloud Account screen, click Done.
    The connection process might take a few moments to complete. Refresh the Cloud Accounts screen to check the status of your added account.