You can use the Cloud Connections screen to sync your public cloud account into the Armor Management Portal (AMP). Afterwards, you can use AMP to:
- Collect and store logs with the Log Depot add-on product
View the security status of your instance in the Virtual Machines screen
The security status relates to instances that contain the Armor agent.
The Cloud Connections screen displays the public cloud accounts you have synced.
|Account Name||A descriptive name for your account|
|Provider||The public cloud provider|
The ID for your public cloud account
Currently, the Cloud Connections screen supports Amazon Web Services (AWS).
You can use this screen to collect CloudTrail logs and EC2 instance logs.
Add an AWS public cloud account
Before you begin, to collect CloudTrail logs, you must have the Log Depot add-on product enabled.
To learn how to enable Log Depot, see Log Depot.
You can use the Cloud Connections screen to sync your public cloud environment into the Armor Management Portal (AMP).
In this section, you will need to access your AWS console to complete the configuration process.
Armor will generate an External ID for every new Cloud Connection account. As result, an incomplete cloud connection account will be listed in the table as (Pending Connection). You can click this entry in order to continue with the cloud connection creation process.
- In the Armor Management Portal (AMP), in the left-side navigation, click Account.
- Click Cloud Connections.
- Click the green plus ( + ) icon.
- In Account Name, enter a descriptive name.
- In Description, enter a short description.
- In Services, select the data type to collect.
- To collect CloudTrail logs, you must have the Log Depot add-on product enabled. To learn how to enable Log Depot, see Log Depot.
- In IAM Role, the External ID and Armor's AWS Account Number fields are pre-populated.
- Copy the External ID. You will need this information at a later step.
- Armor will generate an External ID for every new Cloud Connection.
- Although the previous fields were already populated, you need to set up an AWS IAM Role for Armor.
- Access the IAM console for AWS.
- In the left-side navigation, click Roles.
- Click Create new role.
- Mark Role for Cross-Account Access.
- Click Select for Allow IAM users from a 3rd party AWS account to access this account.
- In Account ID, enter 242113071096.
- In External ID, paste the External ID you copied earlier from the Armor Management Portal (AMP).
- Make sure Require MFA is not marked.
- Click Next Step.
- Mark the SecurityAudit policy.
- Click Next Step.
- In Role name, enter a descriptive name.
- In Role description, enter a useful description.
- Click Create role.
- Click the newly created role.
- Copy the Role ARN information.
- Return to the Cloud Connections screen in AMP.
- Paste the Role ARN information into the IAM Role ARN field.
- Click Save.
- Once the newly added cloud connections begins to gather data, the instance will appear in the Virtual Machines screen.
View your public cloud instances
After you add your public cloud account into the Armor Management Portal (AMP), you can view the corresponding instances (and their security status) in the Virtual Machines screen.
- In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
- Click Virtual Machines.
|Name||The name of the instance from your public cloud account|
|Type||The type of instance, specific to the offerings offered by your public cloud provider, such as en EC2 instance for AWS|
|Provider||The public cloud provider for the instance|
The operating system associated with the instance
(For AWS, the associated AMI is listed)
|Date Created||The date the instance was created in your public cloud account|
|Security Group||For AWS instances only|
|Keypair||For AWS instances only|
The security status of the instance, in relation to the installed agent. There are three states:
|Power||The power status of the instance, either powered on (green) or powered off (red)|
Troubleshooting Cloud Connections screen
If you do not see any data in the Cloud Connections screen, consider that:
- The selected date range does not contain any data.
- Select a difference date range.
- You do not have permission to view log data.
- You must have the permission enabled to view log data. Contact your account administrator to enable this permission. To learn how to update you permissions, see Roles and Permissions.
You did not order the Log Depot add-on product. You did not properly sync Log Depot to collect your log files. The selected date range does not contain any data. You do not have permission to view log data. You must have the Write LogManagement permission enabled to access the Log Search section. Contact your account administrator to enable this permission. To learn how to update you permissions, see Roles and Permissions.
update the virtual machine screen for new colums
This is in the VM page,
Date created “ when your AWS feature was created inAWS
Security groups from AWS
Update VM page; new columns for both complete and anywhere
Ellipses includes AWS name