Docs
HomeGitHubSign Up

AWS Account Integration

Suggest Edits

Overview

ARMO seamlessly integrates with AWS using CloudFormation. It leverages a predefined template that can be deployed effortlessly through AWS’s built-in wizard.

Deploying the ARMO Read-Access CloudFormation Stack creates an IAM Role with read-only permissions (Get, List, and Describe API calls). This role enables ARMO to conduct an initial configuration scan of your AWS account, ensuring a smooth and secure onboarding process.


Why Connect My AWS Cloud?

Securing your cloud infrastructure is critical to protecting your business and user data. ARMO helps you detect and fix misconfigurations that could expose your AWS environment to security risks.

By connecting your AWS account, ARMO will surface high-impact misconfigurations that attackers could exploit—without overwhelming you with unnecessary noise.

To see the full list of security checks ARMO performs on your cloud environment, navigate to the ‘Compliance’ tab on the left navigation menu and select your account

What Happens After You Connect?

Once your AWS account is connected, ARMO will run daily compliance scans on all AWS security checks

Prerequisites

To ensure a seamless and successful setup, the AWS user performing the integration with ARMO must have AdministratorAccess permissions on the integrated AWS accounts.

Step 1 - ARMO Platform - Initiate account connection

  1. Log into the ARMO platform and navigate to the Accounts section from the settings menu.
  2. Click on the Amazon Web Services card.
  3. Select the region where you want to launch the CloudFormation stack.
  4. Click Launch stack


Step 2 - AWS Console - Quick create stack


  1. Mark the "I acknowledge that AWS CloudFormation might create IAM resources"
  2. Click "Create stack"

  1. Navigate to the Outputs tabs (The ArmoRoleARN may take up to a minute to appear)
  2. Copy the ArmoRoleARN value

Step 3 - ARMO Platform - Complete account connection

  1. Enter a display name for the account
  2. Paste the RoleArn
  3. Click Connect account


Step 4 - ARMO Platform - Account connected successfully

  1. Click View account
  2. The connected account shows under the AWS tab
  3. The scan state is In progress (It may take up to 1 hour to complete)
  4. Once the scan state changes to Completed you can view the scan results in the Compliance section

Updated 10 days ago