You can use the Cloud Connections screen to sync your public cloud environment into the Armor Management Portal (AMP). Afterwards, you can use the Armor Management Portal (AMP) to:

Currently, this screen only supports Amazon Web Services (AWS).

You can use this screen to collect CloudTrail logs and EC2 instance logs.

To collect CloudTrail logs, you must have the Log Depot add-on product enabled. To learn how to enable Log Depot, see Log Depot.

Access the Cloud Connections screen

  1. In the Armor Management Portal (AMP), in the left side navigation, click Account.
  2. Click Cloud Connections.
  3. Account > Under Overivew > Cloud Connections
  4. Account Name, Provider (should only be AWS for now), Account ID

Account NameA descriptive name for your account
ProviderThe public cloud provider
Account ID

The account ID for your public cloud provider

Add an AWS public cloud account 


You can use the Cloud Connections screen to add your public cloud environment into the Armor Management Portal (AMP).

In this section, you will need to access your AWS console to complete the configuration process. 

Armor will generate an External ID for every new Cloud Connection account. As result, an incomplete cloud connection account will be listed in the table as (Pending Connection). You can click this entry in order to continue with the cloud connection creation process.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account.
  2. Click Cloud Connections.
  3. Click the green plus ( + ) icon. 
  4. In Account Name, enter a descriptive name. 
  5. In Description, enter a short description. 
  6. In Services, select the data type to collect. 
  7. In IAM Role, the External ID and Armor's AWS Account Number fields are pre-populated. 
  8. Copy the External ID. You will need this information at a later step. 
  9. Access the IAM console for AWS. 
  10. In the left-side navigation, click Roles
  11. Click Create new role
  12. Mark Role for Cross-Account Access
  13. Click Select for Allow IAM users from a 3rd party AWS account to access this account
  14. In Account ID, enter 242113071096
  15. In External ID, paste the External ID you copied earlier from the Armor Management Portal (AMP). 
  16. Make sure Require MFA is not marked. 
  17. Click Next Step
  18. Mark the SecurityAudit policy. 
  19. Click Next Step
  20. In Role name, enter a descriptive name. 
  21. In Role description, enter a useful description. 
  22. Click Create role
  23. Click the newly created role. 
  24. Copy the Role ARN information. 
  25. Return to the Cloud Connections screen in AMP. 
  26. Paste the Role ARN information into the IAM Role ARN field. 
  27. Click Save

Once you add your public cloud account, and it starts to gather data, the instance will appear in the Virtual Machines screen. 

View your public cloud instances

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
  2. Click Virtual Machines

This is a part of security competency; this shows what is (or isn't) being protected by the agent

If you have a 100 Vms from AWS, but only 10 have the agent installed, then all the vms will be lsited in AMP, and only those with the agent installed will be labled as protected. 

fitler types have been updated

Filter by (Virtual Machine, EC 2 instance

Updated virtual machine screen columns: 

NameThe name of the instance
TypeThe type of instance, such as a virtual machine or AWS-instance type
ProviderThe cloud provider for the instance

The operating system for the instance

For AWS, the associated AMI is listed

Date CreatedThe date the instance was created
Security GroupFor AWS instances only
KeypairFor AWS instances only

The security status of the instance in relation to the core agent.

Was previously known as the power status.

PowerThe power status of the instance, either powered on (green) or powered off (red)

Add a public cloud account (non-AWS)

Troubleshooting Cloud Connections screen

If you do not see any data in the Cloud Connections screen, consider that:

update the virtual machine screen for new colums

This is in the VM page,

Date created “ when your AWS feature was created inAWS

Security groups from AWS


Update VM page; new columns for both complete and anywhere

Ellipses includes AWS name