Fortinet black logo

Online Help

Add AWS Account Automatically

Copy Link
Copy Doc ID cf00dcb1-0886-11ed-bb32-fa163e15d75b:246021

Add AWS Account Automatically

Before getting started to add AWS account, there are 1 required and 2 optional permissions be granted to FortiCNP to add the AWS account, consider adding the optional permissions that best fits the need of your organization. For more details, see AWS Permission and Resource Requirements.

Steps to Add AWS Account

  1. From the FortiCNP navigation pane, go to ADMIN > Cloud Accounts, click +Add New.
  2. Select AWS as the cloud platform, and Add 1 Account Automatically as the method, then click Add New Cloud Account.
  3. Enter the AWS Account ID and give a name for the account, select the optional permissions to be granted to FortiCNP as needed.
  4. In CloudTrail section, select "Yes" to allow FortiCNP to create a CloudTrail for the account or "No" if you already created one.
  5. Click Next Step to continue to the next page.
  6. Click Go to AWS CloudFormation Guide to be re-directed to AWS CloudFormation guide to create AWS stack and Cloutrail.
  7. A new page will pop up with AWS CloudFormation Guide, click Next to go to the next page.
  8. In Specify stack details page > Parameters section, enter a custom RoleName or use the default RoleName.
  9. Continue by clicking Next at the bottom of each page until the last page. Click Create Stack to finish.
  10. Refresh the stack status page until the FortiCNP stack status shows "CREATE_COMPLETE".
  11. Note: If the FortiCNP stack received error and cannot be created, please see Stack Already Exists Error.

  12. Go back to FortiCNP add account page.
    1. If you used a custom RoleName, select "Yes I defined a custom RoleName.", and enter the custom RoleName.
    2. If not, select "No, I did NOT define a custom RoleName."
  13. Click Add AWS Account to go to next page.

  14. Enable AWS Security Hub and finish AWS Security Hub and EventBridge Configuration. Then choose the Aggregation Region as us-west-2 or the region you selected, and click Next Step.
  15. The AWS Events Bus and Events Rule are configured through the AWS CloudFormation guide, so that the Security Hub can send security findings to the AWS Events bus under the FortiCNP's AWS EventBridge
  16. Click Go To AWS CloudFormation Guide for Security Hub Integration with CloudFormation.
  17. A new page will pop up with AWS CloudFormation Guide, click Next at the bottom of each page until the last page, and click Create Stack.
  18. Refresh the stack status page until the "FortiCNPSecurityHubIntegration" stack status shows "CREATE_COMPLETE".
  19. Note: If the "FortiCNPSecurityHubIntegration" stack received error and cannot be created, please see Stack Already Exists Error.

  20. Go back to FortiCNP add account page, and click Next Step
  21. .

  22. The add account steps are completed, click Check Status to see the add account progress.
After AWS account is added to Cloud Protection, please continue to AWS Traffic Configuration to activate FortiCNP Traffic feature.

Add AWS Account Automatically

Before getting started to add AWS account, there are 1 required and 2 optional permissions be granted to FortiCNP to add the AWS account, consider adding the optional permissions that best fits the need of your organization. For more details, see AWS Permission and Resource Requirements.

Steps to Add AWS Account

  1. From the FortiCNP navigation pane, go to ADMIN > Cloud Accounts, click +Add New.
  2. Select AWS as the cloud platform, and Add 1 Account Automatically as the method, then click Add New Cloud Account.
  3. Enter the AWS Account ID and give a name for the account, select the optional permissions to be granted to FortiCNP as needed.
  4. In CloudTrail section, select "Yes" to allow FortiCNP to create a CloudTrail for the account or "No" if you already created one.
  5. Click Next Step to continue to the next page.
  6. Click Go to AWS CloudFormation Guide to be re-directed to AWS CloudFormation guide to create AWS stack and Cloutrail.
  7. A new page will pop up with AWS CloudFormation Guide, click Next to go to the next page.
  8. In Specify stack details page > Parameters section, enter a custom RoleName or use the default RoleName.
  9. Continue by clicking Next at the bottom of each page until the last page. Click Create Stack to finish.
  10. Refresh the stack status page until the FortiCNP stack status shows "CREATE_COMPLETE".
  11. Note: If the FortiCNP stack received error and cannot be created, please see Stack Already Exists Error.

  12. Go back to FortiCNP add account page.
    1. If you used a custom RoleName, select "Yes I defined a custom RoleName.", and enter the custom RoleName.
    2. If not, select "No, I did NOT define a custom RoleName."
  13. Click Add AWS Account to go to next page.

  14. Enable AWS Security Hub and finish AWS Security Hub and EventBridge Configuration. Then choose the Aggregation Region as us-west-2 or the region you selected, and click Next Step.
  15. The AWS Events Bus and Events Rule are configured through the AWS CloudFormation guide, so that the Security Hub can send security findings to the AWS Events bus under the FortiCNP's AWS EventBridge
  16. Click Go To AWS CloudFormation Guide for Security Hub Integration with CloudFormation.
  17. A new page will pop up with AWS CloudFormation Guide, click Next at the bottom of each page until the last page, and click Create Stack.
  18. Refresh the stack status page until the "FortiCNPSecurityHubIntegration" stack status shows "CREATE_COMPLETE".
  19. Note: If the "FortiCNPSecurityHubIntegration" stack received error and cannot be created, please see Stack Already Exists Error.

  20. Go back to FortiCNP add account page, and click Next Step
  21. .

  22. The add account steps are completed, click Check Status to see the add account progress.
After AWS account is added to Cloud Protection, please continue to AWS Traffic Configuration to activate FortiCNP Traffic feature.