# Automate File storage security in AWS S3 bucket using Trend Micro Cloud One

This blog is used to create a secure S3 bucket in an AWS account Using Trend Micro file storage security service

Trend Micro Cloud One has lots of products to secure our cloud, container and data centre. Which works for both enterprise data centres and in the cloud.

Here we are going to see setup file storage security on the S3 bucket if any user will upload the file into the bucket then trend micro FSS service scanned files and show the activity in the trend micro cloud one console and then we can transfer the cleaned file into promote bucket and malicious file into the quarantined bucket.

# **Prerequisite**

Trend Micro cloud one access

AWS account admin access

Three Bucket for scan bucket, quarantined bucket and promote bucket

# **Setup**

Login into Trend Micro Cloud Console [Trend Micro Cloud One](https://cloudone.trendmicro.com/)

Select File Security Storage

Click on **Deploy**

Select **Scanner Stack and Storage Stack** and Select us-west-2 (Oregon) region

Click on **launch** stack in AWS Account it will create a nested stack

Specify the scan bucket name in the S3BucketToScan parameter

After stack completion, we can see that we have two Stack Scanner Stack and Storage stack.

Copy and paste **ScannerStackManagementRoleARN** in trend micro console Deploy All-in-One-Stack Dialog box

Then add storage stack in trend micro-console, click on **Add Storage**

Copy and paste **StorageStackManagementRoleARN** in the trend micro console Deploy Storage Stack Dialog box

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1679903378416/59323e4a-bbe0-4316-b0e7-56f4f513dee9.png align="left")

Trend Micro Cloud One Scan Activity

### **Step to setup Post scan Action Plugin**

After completing Storage and Scanner stack we need to create a function to place clean files in one bucket and malicious files in another

Click on [create a link](https://console.aws.amazon.com/lambda/home?#/create/app?applicationId=arn:aws:serverlessrepo:us-east-1:415485722356:applications/cloudone-filestorage-plugin-action-promote-or-quarantine) to build lambda function stack ‘serverlessrepo-cloudone-filestorage-plugin-action-promote-or-quarantine’ name

Copy **ScanResultTopicARN** from Storage Stack and paste it into the ScanResultTopicARN parameter

Specify, and in cloud formation stack parameter

# **Test the solution**

Download the Malicious zip file from this [link](https://www.eicar.org/?page_id=3950)

Upload the Zip file into the Scanned bucket

Upload and clean the file in the scanned bucket

Now we can monitor Scan Activity in Trend Micro Console

Also, files are removed from the scanned bucket to the Quarantined bucket and Promote Bucket

# **Conclusion**

Trend Micro has which we can use to secure our data in cloud and enterprise data centres. Such as here we have used a file storage security service to secure data in an S3 bucket. So any user can’t upload unwanted files into the bucket.

# **Reference**

### **Trend Micro Docs**

[Sign in — File Storage Security | Trend Micro Cloud One™ Documentation](https://cloudone.trendmicro.com/docs/file-storage-security/gs-sign-in/)

### **GitHub Source**

## [cloudone-filestorage-plugins/post-scan-actions/aws-python-promote-or-quarantine at master · trendmicro/cloudone-filestorage-plugins (github.com)](https://github.com/trendmicro/cloudone-filestorage-plugins/tree/master/post-scan-actions/aws-python-promote-or-quarantine)

[cloudone-filestorage-cloudformation-templates/FSS-All-In-One.template at master · trendmicro/cloudone-filestorage-cloudformation-templates (github.com)](https://github.com/trendmicro/cloudone-filestorage-cloudformation-templates/blob/master/templates/FSS-All-In-One.template)
