When you create an AWS connector, you are authorizing FortiWeb to periodically get information of AWS instances and dynamically populates it in server pool configuration.
To create an AWS Connector:
- Go to Security Fabric > External Connectors.
To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.
- Click Create New.
- Under Public SDN, select Amazon Web Services (AWS). The AWS screen is displayed.
- Configure the following options, and then click Save.
Name Type a name for the external connector object. Status
Toggle on to enable the external connector object.
Toggle off to disable the external connector object.
Update Interval (s)
Specify the update interval for the connector to get AWS objects and dynamically populates the information in the server pool configuration.
Access Key ID
Specify the access key ID.
An access key on AWS grants programmatic access to your resources. If you have security considerations, it's recommended to create an IAM role specially for FortiWeb and grant read-only access.
See this article for how to get access key ID and secret access key on AWS: HTTPs://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html.
Secret Access Key
Specify the secret access key.
Specify the region where your instances are deployed.
After the connector is created, you can configure the Server Type, SDN address type, SDN Connector, and Filter options in Server Objects > Server > Server Pool. FortiWeb will then get the IP addresses of the compute instances from Azure and dynamically populates the objects in server pool configuration. See Defining your web servers.
Make sure the system time of the FortiWeb is the same with the time of the AWS instances, otherwise the connector can't work.
Please note that sometimes the NTP server breakdown may cause the time to be incorrectly synchronized, which leads to connection failure. If you are troubleshooting the connection issue, highly recommend to check the time on both FortiWeb and AWS instance. If the time is not the same, use the Set Time option in Time Settings, then set FortiWeb's time as the same with the time on AWS instance.