Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

Home >  Armor Anywhere - Product User Guide > Cloud Connections

Excerpt Include
ESLP:Armor Anywhere users (snippet)
ESLP:Armor Anywhere users (snippet)
nopaneltrue

Note

To fully use this screen, you must add the following permissions to your account:

  • Read Cloud Connections
  • Write Cloud Connections

...

Anchor
Overview
Overview
Overview

You can use the the Cloud Connections screen  screen to sync your public cloud environment account into the Armor Management Portal (AMP). Afterwards, you can use the Armor Management Portal ( AMP ) to:

Note

To collect CloudTrail logs, you must have the Log Depot add-on product enabled. To learn how to enable Log Depot, see Log Depot.

Access the Cloud Connections screen

  1. In the Armor Management Portal (AMP), in the left side navigation, click Account.
  2. Click Cloud Connections.
  3. Account > Under Overivew > Cloud Connections
  4. Account Name, Provider (should only be AWS for now), Account ID
  • Collect and store logs with the Log Relay add-on product
  • View the security status of your instance in the Virtual Machines screen 

    Note

...

Currently, this screen only supports Amazon Web Services (AWS).

You can use this screen to collect CloudTrail logs and EC2 instance logs.

  • While all instances from your public cloud account will appear in the Virtual Machines screen, you should only focus on the security status for the instances that contain the Armor agent.

  • Add AWS Security Hub feature to your public cloud account. 

...

Review Cloud Connections screen

The Cloud Connections screen displays the public cloud accounts you have synced. 

ColumnDescription
Account NameA

This column displays the descriptive name for your account.

ProviderThe

You can also click the arrow to see which Armor services are associated with the account.

ProviderThis column displays the public cloud provider.
Account ID

The account This column displays the ID for your public cloud provideraccount.

StatusThis column displays the connection status between your Armor accounts and your public cloud account.


...

Anchor
Add an AWS public cloud account
Add an AWS public cloud account
Add an AWS public cloud account 

ADD SCREENSHOTS FOR SEARLES

You can use the Cloud Connections screen to add sync your AWS public cloud environment into with the Armor Management Portal (AMP).

In this sectionTo complete these instructions, you will need must be able to access your AWS console to complete the configuration process. 

Note

Armor will generate an External ID for every new Cloud Connection account. As result, an incomplete cloud connection account will be listed in the table as (Pending Connection). You can click this entry in order to continue with the cloud connection creation process.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account.
  2. Click Cloud Connections.
  3. Click the green plus ( + ) icon. 
  4. In Account Name, enter a descriptive name. 
  5. In Description, enter a short description. 
  6. In Services, select the data type to collect. 
    • To collect CloudTrail logs, you must have the Log Depot add-on product enabled. To learn how to enable Log Depot, see Log Depot.
  7. In IAM Role, the External ID and Armor's AWS Account Number fields are pre-populated. 
  8. Copy the External ID. You will need this information at a later step. 
    • Armor will generate an External ID for every new Cloud Connection. 
    • Although the previous fields were already populated, you need to set up an AWS IAM Role for Armor. 
  9. Access the IAM console for AWS. 
  10. In the left-side navigation, click Roles
  11. Click Create new role
  12. Mark Role for Cross-Account Access
  13. Click Select for Allow IAM users from a 3rd party AWS account to access this account
  14. In Account ID, enter 242113071096
  15. In External ID, paste the External ID you copied earlier from the Armor Management Portal (AMP). 
  16. Make sure Require MFA is not marked. 
  17. Click Next Step
  18. Mark the SecurityAudit policy. 
  19. Click Next Step
  20. In Role name, enter a descriptive name. 
  21. In Role description, enter a useful description. 
  22. Click Create role
  23. Click the newly created role. 
  24. Copy the Role ARN information. 
  25. Return to the Cloud Connections screen in AMP. 
  26. Paste the Role ARN information into the IAM Role ARN field. 
  27. Click Save

Once you add your public cloud account, and it starts to gather data, the instance will appear in the Virtual Machines screen. 

View your public cloud instances

Excerpt Include
ESLP:Add AWS account via Cloud Connections (snippet)
ESLP:Add AWS account via Cloud Connections (snippet)
nopaneltrue

...

Anchor
View your public cloud instances
View your public cloud instances
View your added (connected) public cloud instances 

After you add your public cloud account into the Armor Management Portal (AMP), you can view the corresponding instances (and their security status) in the Virtual Machines screen. 

Note
The Cloud Connection screen simply lists the synced public cloud account; the Virtual Machines screen lists all the instances listed in that public cloud account. 
  1. In the Armor Management Portal (AMP), in the left-side navigation, click click Infrastructure.
  2. Click Click Virtual Machines

This is a part of security competency; this shows what is (or isn't) being protected by the agent

If you have a 100 Vms from AWS, but only 10 have the agent installed, then all the vms will be lsited in AMP, and only those with the agent installed will be labled as protected. 

fitler types have been updated

Filter by (Virtual Machine, EC 2 instance

Updated virtual machine screen columns: 

ColumnDescription
NameThe name of the instance from your public cloud account
TypeThe type of instance, such as a virtual machine or AWS-instance typespecific to the offerings offered by your public cloud provider, such as en EC2 instance for AWS
ProviderThe public cloud provider for the instance
OS

The operating system for associated with the instance

(For AWS, the associated AMI is listed)

Date CreatedThe date the instance was created in your public cloud account
Security GroupFor AWS instances only
KeypairFor AWS instances only

The security group that corresponds to your AWS instance.

  • This column will only appear to AWS users.
  • This column will only appear if you have selected the EC2 Metadata and orchestration option.
Keypair

The keypair that corresponds to your AWS instance.

  • This column will only appear to AWS users.
  • This column will only appear if you have selected the EC2 Metadata and orchestration option in the Cloud Connections screen..
State

The security status of the instance, in relation to the core installed agent.

Was previously known as the power status.

There are three states:

  • Unprotected indicates the agent is not installed in the instance.
  • Needs Attention indicates that the agent is installed, but has not properly communicated (heartbeated) with Armor.
  • OK indicates that the agent is installed and has communicated (hearbeated) with Armor.
PowerThe power status of the instance, either powered on (green) or powered off (red)

...


...

Anchor

...

hiddentrue

...

Review API Keys
Review API Keys
Review API Keys

...

Anchor
Troubleshooting Cloud Connections screen
Troubleshooting Cloud Connections screen
Troubleshoot Cloud Connections screen

If you do not see any data in the the Cloud Connections screen screen, consider that:

  • The selected date range does not contain any data.
    • Select a difference date range. 
  • You do not have permission to view log data.
    • You must have the            permission the Read Cloud Connections and Writer Cloud Connections permissions enabled to view log data. Contact your account administrator to enable this permission. To learn how to update you permissions, see Roles and Permissions
  • You did not order the Log Depot add-on product. 
  • You did not properly sync Log Depot to collect your log files. 
  • The selected date range does not contain any data.
  • You do not have permission to view log data.
    • You must have the Write LogManagement permission enabled to access the Log Search section. Contact your account administrator to enable this permission. To learn how to update you permissions, see Roles and Permissions

...

update the virtual machine screen for new colums

This is in the VM page,

Date created “ when your AWS feature was created inAWS

Security groups from AWS

 

Update VM page; new columns for both complete and anywhere

Ellipses includes AWS name

...

Related documentation

To specifically sync your AMP account with AWS Security Hub, see Create a Cloud Connection for AWS Security Hub.

...