Update AWS Organization
When your AWS organization failed to be added to FortiCNP, you can update the AWS organization account on FortiCNP to fix the configuration. It also gives you a chance to add or delete the optional permissions to the existing account. For more details, see AWS Permission and Resource Requirements
Update AWS Organization - Part 1
- From the FortiCNP navigation pane, go to ADMIN > Cloud Accounts, click Action button of the account and select Update Account.
- In Update AWS Account selection, select Update AWS Organization and click Update AWS Account.
- In Select Permissions section, select or unselect the optional permissions to be granted to FortiCNP.
- In CloudTrail section, select "Yes" to allow FortiCNP to create a CloudTrail for the account, or "No" if you already created one.
- Click Next Step to continue to the next page.
- Click Go to AWS CloudFormation Guide to be re-directed to AWS CloudFormation guide to clean up the previous configurations.
- A new page will pop up with the AWS CloudFormation Guide, click Create Stack to create a cleanup stack.
- Note: Do not change the UUID parameter value.
- Refresh the stack status page until the FortiCNPClean stack status shows "CREATE_COMPLETE".
- Go back to FortiCNP update account page, and click Continue.
Update AWS Organization - Part 2
After part 1 is completed, a status update will show that the cleanup stack have removed the old CloudFormation, roles, and policies.
- Click Next Step to continue with the rest of the steps.
- Click Go to AWS CloudFormation Guide again to create a new stack.
- A new page will pop up with the AWS CloudFormation Guide, click Create Stack to create the CloudFormation stack.
- Refresh the stack status page until the FortiCNPOrganization stack status shows "CREATE_COMPLETE".
- Go back to FortiCNP add account page.
- If you used a custom RoleName, select "Yes I defined a custom RoleName.", and enter the custom RoleName.
- If not, select "No, I did NOT define a custom RoleName."
- If you would like to receive notification when the add account process is completed (recommended), click Get Email Notification drop down menu, enter an e-mail address and press
Enter
. Add additional email addresses as needed. - Click Next Step to continue with the configuration.
- FortiCNP will check if the AWS Stack, Roles, and Policies are created successfully, click Next Step to continue.
- Select the sub-accounts of the AWS organization to be added to FortiCNP, then click Update AWS Organization to finish.
Note: Do not change the UUID parameter value.