Installing armoctl

Overview

armoctl is a CLI tool for instrumenting ECS task definitions with the ARMO runtime security agent. It is used to patch Fargate task definitions with the ARMO ptrace sidecar for runtime monitoring.

Installation

Install the latest armoctl:

curl -fsSL https://package-distribution.armosec.io/armoctl/install.sh | bash

Verify the installation:

armoctl --help

Check the installed version:

armoctl version

Authentication

armoctl uses two separate sets of credentials:

ARMO credentials — required for operations that register or deploy task definitions (--register for patch, --deploy for instrument). Local patching without these flags does not require ARMO authentication.

AWS credentials — resolved through the standard AWS SDK credential chain (environment variables, ~/.aws/credentials, IAM role, etc.). Required when fetching a task definition from an ARN or a running service, and for registering or deploying task definitions.

Providing ARMO Credentials

The recommended way to configure ARMO credentials is with the configure command:

armoctl configure

This interactively prompts for your Customer GUID, Access Key, and API URL, and saves them to ~/.armoctl/config.yaml.

Alternatively, you can provide credentials via environment variables or by editing the config file directly:

Environment variables:

export ARMO_CUSTOMER_GUID=<YOUR_CUSTOMER_GUID>
export ARMO_ACCESS_KEY=<YOUR_ACCESS_KEY>
export ARMO_API_URL=<YOUR_API_URL>  # optional, defaults to cloud.armosec.io

Config file (~/.armoctl/config.yaml):

customer-guid: <YOUR_CUSTOMER_GUID>
access-key: <YOUR_ACCESS_KEY>
api-url: cloud.armosec.io

Your ARMO Account ID (Customer GUID) and Access Key are available from the ARMO Platform.

🚧
The URL used in this guide cloud.armosec.io for the platform is for the default ARMO environment. Verify what are the correct URLs for you before proceeding.

Available Commands

Command	Description
`armoctl configure`	Interactively configure ARMO credentials
`armoctl ecs patch`	Patch an ECS task definition with the ARMO runtime agent
`armoctl ecs instrument`	Instrument a live ECS service with the ARMO runtime agent
`armoctl version`	Display version information

For detailed usage of ECS commands, see the ECS Fargate installation guide.

Installing armoctl

Overview

Installation

Authentication

Providing ARMO Credentials

The URL used in this guide `cloud.armosec.io` for the platform is for the default ARMO environment. Verify what are the correct URLs for you before proceeding.

Available Commands

Next Steps

Overview

Installation

Authentication

Providing ARMO Credentials

The URL used in this guide cloud.armosec.io for the platform is for the default ARMO environment. Verify what are the correct URLs for you before proceeding.

Available Commands

Next Steps

The URL used in this guide `cloud.armosec.io` for the platform is for the default ARMO environment. Verify what are the correct URLs for you before proceeding.