Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



To fully use this screen, you must add the following permissions to your account:

  • Read Cloud Connections
  • Write Cloud Connections


You can use the Cloud Connections screen to sync your public cloud account into the Armor Management Portal (AMP). Afterwards, you can use AMP to:



Armor will generate an External ID for every new Cloud Connection account. As result, an incomplete cloud connection account will be listed in the table as (Pending Connection). You can click this entry in order to continue with the cloud connection creation process.

Step 1: Add your AWS account to AMP

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account
  2. Click Cloud Connections
  3. Click the plus ( + ) icon. 

  4. In Account Name, enter a descriptive name. 
  5. In Description, enter a short description. 

  6. In Services, select the desired services. 
    • To have Armor send security findings to your AWS Security Hub, mark Security Hub. 
      • This action will automatically select additional services; these services must be selected. 

  7. In IAM Role, copy the External ID. You will need this information at a later step. 
    • The Armor's AWS Account Number and External ID fields are pre-populated. 
    • Armor will generate an External ID for every new Cloud Connection you create. 
    • In a later step, you will locate the information to complete the IAM Role ARN field. 

  8. Access the AWS console.
  9. Under Security, Identity & Compliance, click IAM

  10. In the left-side navigation, click Roles
  11. Click Create role

  12. Under Select role type, select Another AWS account
  13. In Account ID, enter 679703615338

  14. Mark Require external ID.
  15. In field that appears, paste the External ID you copied earlier from the Armor Management Portal (AMP). 

  16. Do not mark Require MFA.
  17. Click Next: Permissions.
  18. Locate and mark the SecurityAudit policy. 
  19. Locate and mark the AWSSecurityHubFullAccess policy. 
  20. Click Next: Tags
  21. Click Next: Review
  22. In Role name, enter a descriptive name. 
  23. In Role description, enter a useful description. 

  24. Click Create role
  25. Locate and select the newly created role. 
  26. Under Summary, copy the Role ARN information. 

  27. Return to the Cloud Connections screen in AMP. 
  28. Paste the Role ARN information into the IAM Role ARN field. 
  29. Click Save Cloud Connection
    • Once the newly added cloud connections gathers data, the instance will appear in the Virtual Machines screen. 

Step 2: Configure Your AWS Regions 

In this step, you will enable AWS Security Hub in the desired AWS regions; this action will capture the findings from Security Hub in every configured region. 


NameThe name of the instance from your public cloud account
TypeThe type of instance, specific to the offerings offered by your public cloud provider, such as en EC2 instance for AWS
ProviderThe public cloud provider for the instance

The operating system associated with the instance

(For AWS, the associated AMI is listed)

Date CreatedThe date the instance was created in your public cloud account
Security Group

The security group that corresponds to your AWS instance.

  • This column will only appear to AWS users.
  • This column will only appear if you have selected the EC2 Metadata and orchestration option.

The keypair that corresponds to your AWS instance.

  • This column will only appear to AWS users.
  • This column will only appear if you have selected the EC2 Metadata and orchestration option in the Cloud Connections screen..

The security status of the instance, in relation to the installed agent. There are three states:

  • Unprotected indicates the agent is not installed in the instance.
  • Needs Attention indicates that the agent is installed, but has not properly communicated (heartbeated) with Armor.
  • OK indicates that the agent is installed and has communicated (hearbeated) with Armor.
PowerThe power status of the instance, either powered on (green) or powered off (red)

Review API Keys
Review API Keys
Review API Keys


Troubleshooting Cloud Connections screen
Troubleshooting Cloud Connections screen

If you do not see any data in the Cloud Connections screen, consider that:

  • You do not have permission to view log data.
    • You must have the Read Cloud Connections and Writer Cloud Connections permissions enabled to view log data. Contact your account administrator to enable this permission. To learn how to update you permissions, see Roles and Permissions

Related Documentation

To specifically sync your AMP account with AWS Security Hub, see Create a Cloud Connection for AWS Security Hub.