Onboard AWS
Overview
ARMO seamlessly integrates with AWS using CloudFormation. It leverages a predefined template that can be deployed effortlessly through AWS’s built-in wizard.
Deploying the ARMO Read-Access CloudFormation Stack creates an IAM Role with read-only permissions (Get, List, and Describe API calls). This role enables ARMO to conduct an initial configuration scan of your AWS account, ensuring a smooth and secure onboarding process.
Depending on your setup, you can onboard either a single AWS account or an entire AWS Organization.
Why Connect My AWS Cloud?
Securing your cloud infrastructure is critical to protecting your business and user data. ARMO helps you detect, investigate, and respond to potential security risks across your AWS environment.
By connecting your AWS account, ARMO will:
- Surface high-impact misconfigurations and vulnerabilities that attackers could exploit, without overwhelming you with unnecessary noise.
- Continuously ingest and analyze AWS CloudTrail logs to power Cloud Detection and Response (CDR), enabling real-time visibility into user activities, API calls, and potential threats within your cloud environment.
Cloud Compliance
To view all security checks ARMO performs on your cloud environment, go to Compliance in the left navigation menu and select the Cloud toggle
Host Vulnerabilities
To view all scanned hosts, go to Vulnerabilities in the left navigation menu and select the Hosts toggle.
Cloud Detection and Response
To view all incidents related to your connected cloud environments, go to Runtime Incidents in the left navigation menu.
What Happens After You Connect?
Once your AWS environment is connected, ARMO automatically performs daily scans to identify misconfigurations and vulnerabilities.
Available Onboarding Methods
Onboarding | Description | Recommended for |
---|---|---|
Onboard AWS Account | Connect a single AWS account to ARMO using a CloudFormation stack that creates the required IAM role and permissions. | Small environments or customers who manage accounts individually. |
Onboard AWS Organization | Connect all accounts within an AWS Organization in one step. ARMO uses a delegated administrator account and an Organization CloudFormation stack to automate discovery and onboarding of member accounts. | Enterprises with multiple AWS accounts managed under AWS Organizations. |
Prerequisites
Before onboarding, ensure the following:
- You have Administrator access or equivalent permissions in AWS.
- Your AWS account(s) are active and can deploy CloudFormation stacks.
- You have access to your ARMO platform with the appropriate role to connect new cloud environments.
Onboarding Methods
Select the appropriate guide based on your environment setup:
After Onboarding
Once the AWS environment is successfully connected:
- ARMO begins automated discovery of cloud resources.
- Cloud assets appear under the Settings --> Accounts section in the ARMO Platform.
- Compliance scans and misconfiguration findings become available within up to 60 minutes.
Updated 2 days ago