Run an AWS pre-deployment check

Views:

Run a pre-deployment check before connecting your AWS account to catch common issues that cause deployment failures.

Connecting an AWS account to TrendAI Vision One™ requires deploying a template into your AWS environment. The AWS pre-deployment check is a script bundled with the deployment template that inspects your environment for conditions that commonly cause deployment failures - such as missing permissions or conflicting leftover resources - so you can resolve problems before the deployment starts.

The pre-deployment check is safe to run. It only inspects your environment and does not change your AWS resources without your confirmation. You can run it multiple times.

Important

The pre-deployment check does not perform an actual deployment or a deployment simulation. It cannot detect runtime errors that only occur while AWS is creating, updating, or deleting resources during deployment.

Before running the pre-deployment check, make sure you have:

Permission in TrendAI Vision One™ to add or update an AWS cloud account.
A shell environment with the AWS CLI available and signed in to the AWS account you want to connect. AWS CloudShell (built into the AWS Management Console) is the simplest option because it has the required tools preinstalled. A local terminal also works if the AWS CLI is installed and configured.
Credentials with the same permissions as those that will run the deployment.

The pre-deployment check requires the following read-only permissions. If any permission is missing, the check reports the related item as a warning or error in the results.

sts:GetCallerIdentity: identifies the calling credentials
iam:SimulatePrincipalPolicy: checks the deployer's permissions
iam:ListOpenIDConnectProviders: detects a conflicting identity provider
cloudformation:DescribeStacks: detects leftover stacks from a previous setup
ec2:DescribeRegions: lists the regions to scan

Procedure

Sign in to the TrendAI Vision One™ console.
Go to Cloud Security → Cloud Accounts → AWS.
Click Add account to start the AWS account onboarding flow, or open an existing AWS account to update it.

Select the features you want to enable for this account, then continue to the deployment step.

Download the deployment package (.zip file) provided at the end of the configuration flow.

The package includes the deployment template, the pre-deployment check script, and a configuration file tailored to your selected features.

Important

Always use a freshly downloaded package. If you change which features are enabled, download the package again so the pre-deployment check reflects your new configuration.

Make the downloaded package available in your shell environment.
- AWS CloudShell: Use the upload option in the AWS Management Console to upload the .zip file into CloudShell.
- Local terminal: The file is already on your machine.
Unzip the package, go to the resulting folder, and run the pre-deployment check script.
```
unzip <downloaded-package>.zip -d cloud-account-management-template
cd cloud-account-management-template
./cfn-precheck.sh
```
TrendAI Vision One™ shows the exact script name on the deployment page. The script prints each check and its result as it runs.
When the script finishes, review the results summary and resolve any failures before proceeding.
- PASS — nothing to do.
- WARN — the check could not fully verify a condition, or found something worth reviewing. Read the message and proceed with care.
- FAIL — a problem that would likely cause the deployment to fail. Fix the issue, then re-run the check.
For details on what each result category means and how to resolve issues, see Understanding AWS pre-deployment check results.

After the pre-deployment check passes, proceed with the deployment of the template in TrendAI Vision One™.

Next steps

If you change your feature selection, re-download the deployment package and re-run the check. If the deployment fails after the check passes, review the deployment events or logs in the AWS console. The pre-deployment check cannot detect runtime errors.