Fortinet black logo

Online Help

Home FortiCNP 22.3.b Online Help
22.3.b
22.4.a
22.3.b
22.3.a

Amazon Web Services Account OnBoarding

Amazon Web Services Account OnBoarding

Introduction

FortiCNP offers an API-based approach, pulling data directly from AWS via RESTful API. There are 4 methods to add AWS account to FortiCNP for monitoring and protection purpose:

Install Method Description

Automatically Add AWS Account

Add one AWS account on FortiCNP with automation through AWS CloudFormation. CloudFormation will setup AWS Role and CloudTrail and complete the installation. (Recommended)

Add AWS Organization

Add an AWS Organization with multiple sub-accounts through the master account using AWS CloudFormation. Only sub accounts selected during the onboarding process will be added.
Manually Add AWS Account Add one AWS account on FortiCNP by creating AWS Roles, Policies, and CloudTrail manually.
Add Multiple AWS Accounts Add multiple AWS accounts at the same time through AWS CloudFormation.

Additional configurations required between the AWS accounts before adding to FortiCNP.

Account Requirement

Before adding your AWS account to FortiCNP, make sure the AWS account user you use is an Administrator User. For instructions on creating an "Administrative User" in your AWS account, please refer to: https://docs.aws.amazon.com/mediapackage/latest/ug/setting-up-create-iam-user.html.

Prerequisite

Activate Security Token Service (STS)

FortiCNP uses regional Security Token Service (STS) to reduce latency and provide smoother user experience.

Follow these steps to turn on Security Token Service (STS) on AWS console.

  1. From your AWS console dashboard, go to Identity and Access Management (IAM).
  2. Click Account settings from the left navigation panel, and click to expand Security Token Service (STS).

  3. Based on your location, activate EU (Ireland) if you are located in European Union, otherwise, activate US West (Oregon).

Audit Logs and Configuration Changes Collected through AWS CloudTrail

The AWS CloudTrail can be created accompany with the onboarding process. AWS CloudTrail plays a critical role in recording user activity records and API usage of the AWS cloud account. Then FortiCNP collects the AWS CloudTrail user activity and audit logs through routine API calls which happens every 20 minutes. These audit logs from AWS CloudTrail enable FortiCNP to create crucial security findings in FortiCNP Insights.

AWS Cloud Account Onboarding on Multiple Companies

AWS cloud accounts can be added to multiple companies in FortiCNP, the same applies to AWS organization.

When the same AWS cloud account is added to another company, the additional AWS CloudTrail created will incur additional charge from AWS.

Previous
Next

Amazon Web Services Account OnBoarding

Introduction

FortiCNP offers an API-based approach, pulling data directly from AWS via RESTful API. There are 4 methods to add AWS account to FortiCNP for monitoring and protection purpose:

Install Method Description

Automatically Add AWS Account

Add one AWS account on FortiCNP with automation through AWS CloudFormation. CloudFormation will setup AWS Role and CloudTrail and complete the installation. (Recommended)

Add AWS Organization

Add an AWS Organization with multiple sub-accounts through the master account using AWS CloudFormation. Only sub accounts selected during the onboarding process will be added.
Manually Add AWS Account Add one AWS account on FortiCNP by creating AWS Roles, Policies, and CloudTrail manually.
Add Multiple AWS Accounts Add multiple AWS accounts at the same time through AWS CloudFormation.

Additional configurations required between the AWS accounts before adding to FortiCNP.

Account Requirement

Before adding your AWS account to FortiCNP, make sure the AWS account user you use is an Administrator User. For instructions on creating an "Administrative User" in your AWS account, please refer to: https://docs.aws.amazon.com/mediapackage/latest/ug/setting-up-create-iam-user.html.

Prerequisite

Activate Security Token Service (STS)

FortiCNP uses regional Security Token Service (STS) to reduce latency and provide smoother user experience.

Follow these steps to turn on Security Token Service (STS) on AWS console.

  1. From your AWS console dashboard, go to Identity and Access Management (IAM).
  2. Click Account settings from the left navigation panel, and click to expand Security Token Service (STS).

  3. Based on your location, activate EU (Ireland) if you are located in European Union, otherwise, activate US West (Oregon).

Audit Logs and Configuration Changes Collected through AWS CloudTrail

The AWS CloudTrail can be created accompany with the onboarding process. AWS CloudTrail plays a critical role in recording user activity records and API usage of the AWS cloud account. Then FortiCNP collects the AWS CloudTrail user activity and audit logs through routine API calls which happens every 20 minutes. These audit logs from AWS CloudTrail enable FortiCNP to create crucial security findings in FortiCNP Insights.

AWS Cloud Account Onboarding on Multiple Companies

AWS cloud accounts can be added to multiple companies in FortiCNP, the same applies to AWS organization.

When the same AWS cloud account is added to another company, the additional AWS CloudTrail created will incur additional charge from AWS.

Previous
Next