Adding an AWS account
AWS accounts cannot be edited after they are fully added (the Status is Success), but the custom name can be changed. |
To send logs to AWS Security Lake, Security Lake must be configured before adding the AWS account. See Configuring Security Lake. |
To add a new AWS account:
-
In the AWS console, log into this AWS account. The following CloudFormation steps will be performed in your AWS console.
-
In FortiGate CNF, in the Cloud Accounts page, click New and select AWS.
-
In AWS Account Name, enter a name for this account to be displayed in select lists.
-
In AWS Account ID, enter the AWS account number.
-
Click Launch CloudFormation Template.
Enter the AWS account number without dashes.
-
Update the AWS CloudFormation template fields as needed and click Create Stack.
To review the template, click Download CloudFormation Template.
The template does the following:
-
Creates an S3 bucket for storing the FortiGate CNF logs, with write permissions for FortiGate CNF.
-
Allows FortiGate CNF read-only access to your VPCs.
-
Grants access to your AWS Security Lake, if applicable. See Configuring Security Lake.
-
-
After the CloudFormation setup has completed successfully, return to the FortiGate CNF AWS Accounts page and verify that the account has been added and displays a Success message in the Status field.
The instructions displayed on the AWS account edit page are out of date and will be fixed in the March release.
-
2.a: "The custom Source must be created in US West (Oregon)" restriction is removed. The custom source can be created in any supported region.
-
2.b: OCSF Event Class should be Network Activity instead of Security Finding.
-
-
Set the logging S3 bucket region.
-
If needed, set the Security Lake S3 bucket location and enable access to Security Lake