Installing armoctl

🚧
Work in Progress: This page is under active development. Content may be incomplete or subject to change.

Overview

armoctl is a CLI tool for instrumenting ECS task definitions with the ARMO runtime security agent. It is used to patch Fargate task definitions with the ARMO ptrace sidecar for runtime monitoring.

Installation

Download the latest armoctl binary for your platform from the ARMO Platform. Place it in your PATH:

chmod +x armoctl
sudo mv armoctl /usr/local/bin/

Verify the installation:

armoctl --help

Check the installed version:

armoctl version

Authentication

armoctl uses two separate sets of credentials:

ARMO credentials — required for operations that register or deploy task definitions (--register for patch, --deploy for instrument). Local patching without these flags does not require ARMO authentication.

AWS credentials — resolved through the standard AWS SDK credential chain (environment variables, ~/.aws/credentials, IAM role, etc.). Required when fetching a task definition from an ARN or a running service, and for registering or deploying task definitions.

Providing ARMO Credentials

You can provide ARMO credentials in three ways:

CLI flags:

armoctl --customer-guid <GUID> --access-key <KEY> ecs patch ...

Environment variables:

export ARMO_CUSTOMER_GUID=<YOUR_CUSTOMER_GUID>
export ARMO_ACCESS_KEY=<YOUR_ACCESS_KEY>

Config file (~/.armoctl/config.yaml):

customer-guid: <YOUR_CUSTOMER_GUID>
access-key: <YOUR_ACCESS_KEY>
api-url: cloud.armosec.io

Your ARMO Account ID (Customer GUID) and Access Key are available from the ARMO Platform.

🚧
The URLs used in this guide (cloud.armosec.io for the platform and https://api.armosec.io for the API) are for the default ARMO environment. Verify what are the correct URLs for you before proceeding.

Global Flags

Flag	Env Var	Description
`--customer-guid`	`ARMO_CUSTOMER_GUID`	ARMO customer GUID
`--access-key`	`ARMO_ACCESS_KEY`	ARMO API access key
`--api-url`	`ARMO_API_URL`	ARMO platform URL (default: `cloud.armosec.io`)
`--debug`		Enable debug mode

Available Commands

Command	Description
`armoctl ecs patch`	Patch an ECS task definition with the ARMO runtime agent
`armoctl ecs instrument`	Instrument a live ECS service with the ARMO runtime agent
`armoctl version`	Display version information

For detailed usage of ECS commands, see the ECS Fargate installation guide.

Installing armoctl

Work in Progress: This page is under active development. Content may be incomplete or subject to change.

Overview

Installation

Authentication

Providing ARMO Credentials

The URLs used in this guide (`cloud.armosec.io` for the platform and `https://api.armosec.io` for the API) are for the default ARMO environment. Verify what are the correct URLs for you before proceeding.

Global Flags

Available Commands

Next Steps

Work in Progress: This page is under active development. Content may be incomplete or subject to change.

Overview

Installation

Authentication

Providing ARMO Credentials

The URLs used in this guide (cloud.armosec.io for the platform and https://api.armosec.io for the API) are for the default ARMO environment. Verify what are the correct URLs for you before proceeding.

Global Flags

Available Commands

Next Steps

The URLs used in this guide (`cloud.armosec.io` for the platform and `https://api.armosec.io` for the API) are for the default ARMO environment. Verify what are the correct URLs for you before proceeding.