Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

Armor will generate an External ID for every new Cloud Connection account. As result, an incomplete cloud connection account will be listed in the table as (Pending Connection). You can click this entry in order to continue with the cloud connection creation process.


Step 1: Add your AWS account to AMP

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Cloud Connections
  3. Click the plus ( + ) icon. 

    Image Modified

  4. In Account Name, enter a descriptive name. 
  5. In Description, enter a short description. 

    Image Modified

  6. In Services, select the desired services. 
    • To have Armor send security findings to your AWS Security Hub, mark Security Hub. 
      • This action will automatically select additional services; these services must be selected. 

        Image Modified

  7. In IAM Role, copy the External ID. You will need this information at a later step. 
    • The Armor's AWS Account Number and External ID fields are pre-populated. 
    • Armor will generate an External ID for every new Cloud Connection you create. 
    • In a later step, you will locate the information to complete the IAM Role ARN field. 

      Image Modified

  8. Access the AWS console.
  9. Under Security, Identity & Compliance, click IAM

    Image Modified

  10. In the left-side navigation, click Roles
  11. Click Create role

    Image Modified

  12. Under Select role type, select Another AWS account
  13. In Account ID, enter 679703615338

    Image Modified

  14. Mark Require external ID.
  15. In field that appears, paste the External ID you copied earlier from the Armor Management Portal (AMP). 

    Image Modified

  16. Do not mark Require MFA.
  17. Click Next: Permissions.
  18. Locate and mark the SecurityAudit policy. 
  19. Locate and mark the AWSSecurityHubFullAccess policy. 
    Image Modified
  20. Click Next: Tags
  21. Click Next: Review
  22. In Role name, enter a descriptive name. 
  23. In Role description, enter a useful description. 

    Image Modified

  24. Click Create role
  25. Locate and select the newly created role. 
  26. Under Summary, copy the Role ARN information. 

    Image Modified

  27. Return to the Cloud Connections screen in AMP. 
  28. Paste the Role ARN information into the IAM Role ARN field. 
  29. Click Save Cloud Connection
    • Once the newly added cloud connections gathers data, the instance will appear in the Virtual Machines screen. 


Step 2: Configure Your AWS Regions 

In this step, you will enable AWS Security Hub in the desired AWS regions; this action will capture the findings from Security Hub in every configured region. 

  1. Access the AWS console. 
  2. Access the Security Hub section. 
  3. In the left-side navigation, click Integrations
  4. Locate and select ARMOR Armor Anywhere

    Image Added

  5. Click Enable.
  6. In the pop-up window, click Enable.

Anchor
View your public cloud instances
View your public cloud instances
View Your Added (connected) Public Cloud Instances 

...