Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Topics Discussed

Table of Contents
maxLevel3
minLevel3
Note

To fully use this screen, you must add the following permissions to your account:

  • Read Cloud Connections

  • Write Cloud Connections

Anchor
Overview
Overview

You can use

...

the Cloud Connections

...

screen to sync your public cloud account into the Armor Management Portal (AMP). Afterwards, you can use AMP to:

  • Collect and store logs with

...

  • the Log

...

  • Relay add-on product

  • View the security status of your instance in

...

  • the Virtual Machines

...

  • screen

Note

While all instances from your public cloud account will appear in the Virtual Machines screen, you should only focus on the security status for the instances that contain the Armor agent.

  • Add AWS Security Hub feature to your public cloud account.

...


Review Cloud Connections

...


The Cloud

...

Connections

...

screen displays the public cloud accounts you have synced.

...

Column

Description

Account Name

This column displays the descriptive name for your account.

You can also click the arrow to see which Armor services are associated with the account.

Provider

This column displays the public cloud provider.

Account ID

This column displays the ID for your public cloud account.

Status

This column displays the connection status between your Armor accounts and your public cloud account.


Anchor
Add-an-AWS-public-cloud-account
Add-an-AWS-public-cloud-account
Add an AWS Public Cloud

...

Account


You can use

...

the Cloud Connections

...

screen to sync your AWS public cloud environment with the Armor Management Portal (AMP).

To complete these instructions, you must be able to access your AWS console.

Note

Armor will generate

...

an External ID

...

for every new Cloud Connection account. As result, an incomplete cloud connection account will be listed in the table as (Pending Connection). You can click this entry in order to continue with the cloud connection creation process.


Step 1: Add your AWS account to AMP

  1. In the Armor Management Portal (AMP), in the left-side navigation, click

...

  1. Account.

...

  1. Click

...

  1. Cloud Connections.

...

  1. Click the plus ( + ) icon.

...

...

  1. In Account Name, enter a descriptive name.

...

...

  1. In Description, enter a short description.

...

...

  1. In Services,

...

  1. select the desired services.

...

    • To have Armor send security findings to your AWS Security Hub, mark

...

    • Security Hub.

...

      • This action will automatically select additional services; these services must be selected.

...

...

  1. In IAM Role, copy the

...

  1. External ID. You will need this information at a later step.

...

...

    • The Armor's AWS Account Number

...

    • and External

...

    • ID

...

    • fields are pre-populated.

...

    • Armor will generate

...

    • an External ID

...

    • for every new Cloud Connection you create.

...

    • In a later step, you will locate the information to complete the

...

    • IAM Role ARN

...

    • field.

...

  1. Access the AWS console.

...

  1. Under Security, Identity & Compliance,

...

  1. click IAM.

...



  1. Image Modified

  2. In the left-side navigation,

...

  1. click Roles.

...

...

  1. Click Create role.

...

...

  1. Under Select role type, select

...

  1. Another AWS account.

...

...

  1. In Account ID,

...

  1. enter 679703615338.

...

...

  1. Require external ID.

  2. In field that appears,

...

  1. paste

...

  1. the External ID

...

  1. you copied earlier from the Armor Management Portal (AMP).

...

...

  1. mark Require MFA.

  2. Click

...

  1. Next: Permissions.

  2. Locate and mark

...

  1. the SecurityAudit

...

  1. policy.

...

  1. Locate and mark the

...

  1. AWSSecurityHubFullAccess

...

  1. policy.

...

...

  1. Click Next: Tags.

...

  1. Click

...

  1. Next: Review.

...

...

  1. In Role name, enter a descriptive name.

...

...

  1. In Role description, enter a useful description.

...

...

  1. Click Create role.

...

  1. Locate and select the newly created role.

...

  1. Under

...

  1. Summary, copy the

...

  1. Role ARN

...

  1. information.

...



  1. Image Modified

  2. Return to

...

  1. the Cloud Connections

...

  1. screen in AMP.

...

  1. Paste the

...

  1. Role ARN

...

  1. information into

...

  1. the IAM Role ARN

...

  1. field.

...

...

  1. Click Save Cloud Connection.

...

    • Once the newly added cloud connections gathers data, the instance will appear in

...

    • the Virtual Machines

...

    • screen.

...


Step 2: Configure Your AWS

...

Regions

In this step, you will enable AWS Security Hub in the desired AWS regions; this action will capture the findings from Security Hub in every configured region.

...

  1. Access the AWS console.

...

  1. Access the

...

  1. Security Hub

...

  1. section.

...

  1. In the left-side navigation, click

...

  1. Integrations.

...

  1. Locate and select

...

  1. ARMOR Armor Anywhere.

...

...

  1. Enable.

  2. In the pop-up window, click

...

  1. Enable.


Anchor
View-your-public-cloud-instances
View-your-public-cloud-instances
View Your Added (connected) Public Cloud

...

Instances


After you add your public cloud account into the Armor Management Portal (AMP), you can view the corresponding instances (and their security status) in

...

the Virtual

...

Machines

...

screen.

...

Note

The Cloud Connection screen simply lists the synced public cloud account; the Virtual Machines screen lists all the instances listed in that public cloud account.

...

  1. In the Armor Management Portal (AMP), in the left-side navigation,

...

  1. click Infrastructure.

...

  1. Click Virtual Machines.

...

Column

Description

Name

The name of the instance from your public cloud account

Type

The type of instance, specific to the offerings offered by your public cloud provider, such as en EC2 instance for AWS

Provider

The public cloud provider for the instance

OS

The operating system associated with the instance

(For AWS, the associated AMI is listed)

Date Created

The date the instance was created in your public cloud account

Security Group

The security group that corresponds to your AWS instance.

  • This column will only appear to AWS users.

  • This column will only appear if you have selected the EC2 Metadata and orchestration option.

Keypair

The keypair that corresponds to your AWS instance.

  • This column will only appear to AWS users.

  • This column will only appear if you have selected the EC2 Metadata and orchestration option in the Cloud Connections screen..

State

The security status of the instance, in relation to the installed agent. There are three states:

  • Unprotected indicates the agent is not installed in the instance.

  • Needs Attention indicates that the agent is installed, but has not properly communicated (heartbeated) with Armor.

  • OK indicates that the agent is installed and has communicated (hearbeated) with Armor.

Power

The power status of the instance, either powered on (green) or powered off (red

...

)

...

Info

Anchor
Troubleshooting-Cloud-Connections-screen
Troubleshooting-Cloud-Connections-screen
Troubleshooting

If you do not see any data in

...

the Cloud

...

Connections

...

screen, consider that:

  • You do not have permission to view log data.

    • You must have

...

    • the Read Cloud Connections

...

    • and Writer Cloud Connections

...

    • permissions enabled to view log data. Contact your account administrator to enable this permission. To learn how to update you permissions,

...

...


Related Documentation

To specifically sync your AMP account with AWS Security Hub, see Create a Cloud Connection for AWS Security Hub.