Onboard AWS

Overview

ARMO seamlessly integrates with AWS using CloudFormation. It leverages a predefined template that can be deployed effortlessly through AWS’s built-in wizard.

Deploying the ARMO Read-Access CloudFormation Stack creates an IAM Role with read-only permissions (Get, List, and Describe API calls). This role enables ARMO to conduct an initial configuration scan of your AWS account, ensuring a smooth and secure onboarding process.

Depending on your setup, you can onboard either a single AWS account or an entire AWS Organization.


Why Connect My AWS Cloud?

Securing your cloud infrastructure is critical to protecting your business and user data. ARMO helps you detect, investigate, and respond to potential security risks across your AWS environment.

By connecting your AWS account, ARMO will:

  • Surface high-impact misconfigurations and vulnerabilities that attackers could exploit, without overwhelming you with unnecessary noise.
  • Continuously ingest and analyze AWS CloudTrail logs to power Cloud Detection and Response (CDR), enabling real-time visibility into user activities, API calls, and potential threats within your cloud environment.

📘

Cloud Compliance

To view all security checks ARMO performs on your cloud environment, go to Compliance in the left navigation menu and select the Cloud toggle

📘

Host Vulnerabilities

To view all scanned hosts, go to Vulnerabilities in the left navigation menu and select the Hosts toggle.

📘

Cloud Detection and Response

To view all incidents related to your connected cloud environments, go to Runtime Incidents in the left navigation menu.

What Happens After You Connect?

Once your AWS environment is connected, ARMO automatically performs daily scans to identify misconfigurations and vulnerabilities.

Available Onboarding Methods

OnboardingDescriptionRecommended for
Onboard AWS AccountConnect a single AWS account to ARMO using a CloudFormation stack that creates the required IAM role and permissions.Small environments or customers who manage accounts individually.
Onboard AWS OrganizationConnect all accounts within an AWS Organization in one step. ARMO uses a delegated administrator account and an Organization CloudFormation stack to automate discovery and onboarding of member accounts.Enterprises with multiple AWS accounts managed under AWS Organizations.

Prerequisites

Before onboarding, ensure the following:

  • You have Administrator access or equivalent permissions in AWS.
  • Your AWS account(s) are active and can deploy CloudFormation stacks.
  • You have access to your ARMO platform with the appropriate role to connect new cloud environments.

Onboarding Methods

Select the appropriate guide based on your environment setup:

👉 Onboard an AWS Account

👉 Onboard an AWS Organization

After Onboarding

Once the AWS environment is successfully connected:

  • ARMO begins automated discovery of cloud resources.
  • Cloud assets appear under the Settings --> Accounts section in the ARMO Platform.
  • Compliance scans and misconfiguration findings become available within up to 60 minutes.