Fortinet Document Library

Version:


Table of Contents

AWS Cookbook

Resources

Upgrade Path Tool

AWS Cookbook

6.4.0
Download PDF
Copy Link

Creating an address using the CLI

To create an address using the CLI:
  1. Open the FortiOS CLI with administrator credentials.
  2. Go to Policy & Objects > Addresses. Create a new address, or select an existing address. Right-click the address and select Edit in CLI.
  3. Configure the filtering rule. This means the Fabric connector automatically populates and updates only instances belonging to the specified VPC that match this filtering condition. You can use the following keys:

    Description

    Key

    Example value

    Architecture architecture

    x86

    Autoscaling group AutoScaleGroup

    10703c-4f731e90-fortigate-payg-auto-scaling-group

    AZ placement.availabilityzone

    us-east-1a

    Group name placement.groupname

     

    Image ID imageId

    ami-123456

    Instance ID instanceId

    i-12345678

    Instance type instanceType

    t2.micro

    Key name keyName

     

    Kubernetes cluster k8s_cluster

     

    Kubernetes label and its name k8s_label.Name

     

    Kubernetes namespace k8s_namespace

     

    Kubernetes node name k8s_nodename

     

    Kubernetes pod name k8s_podname

     

    Kubernetes region k8s_region

     

    Kubernetes service name k8s_servicename

     

    Kubernetes zone k8s_zone

     

    Private DNS name privateDnsName

    ip-172-31-10-211.us-west-2.compute.internal

    Public DNS name publicDnsName

    ec2-54-202-168-254.us-west-2.compute.amazonaws.com

    Security group ID SecurityGroupId

     

    Subnet ID subnetId

    sub-123456

    Tag and its name. This key supports a maximum of eight tags. tag.Name

     

    Tenancy placement placement.tenancy

     

    VPC ID VpcId

     

    For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using subnetID. First, check the subnet ID in the AWS management portal.

  4. Enter set filter "subnetId=subnet-fb2506a0", as well as other commands to configure the address as desired. In this example, the subnet is 10.0.2.0/24. At this point, show shows the following:

    Three instances with IP addresses 10.0.2.111, 10.0.2.112, and 10.0.2.114 have just been populated and are updated automatically as you set the filtering condition above and the update interval specified in the GUI has been reached. Since these three instances have been up and running in the specified VPC, the Fabric connector found them through APIs that FortiOS called to AWS.

    You can set the filtering condition using multiple entries with & (and) and | (or) button for each entry. When you use both & and |, FortiOS interprets & before |. For example, you can enter subnetId=subnet-fb2506a0 & tag.Name=abc123. In this case, an IP address of the instance that matches both the subnet ID and the tag “Name” shows up. Filters support wildcard values.

Resources

Creating an address using the CLI

To create an address using the CLI:
  1. Open the FortiOS CLI with administrator credentials.
  2. Go to Policy & Objects > Addresses. Create a new address, or select an existing address. Right-click the address and select Edit in CLI.
  3. Configure the filtering rule. This means the Fabric connector automatically populates and updates only instances belonging to the specified VPC that match this filtering condition. You can use the following keys:

    Description

    Key

    Example value

    Architecture architecture

    x86

    Autoscaling group AutoScaleGroup

    10703c-4f731e90-fortigate-payg-auto-scaling-group

    AZ placement.availabilityzone

    us-east-1a

    Group name placement.groupname

     

    Image ID imageId

    ami-123456

    Instance ID instanceId

    i-12345678

    Instance type instanceType

    t2.micro

    Key name keyName

     

    Kubernetes cluster k8s_cluster

     

    Kubernetes label and its name k8s_label.Name

     

    Kubernetes namespace k8s_namespace

     

    Kubernetes node name k8s_nodename

     

    Kubernetes pod name k8s_podname

     

    Kubernetes region k8s_region

     

    Kubernetes service name k8s_servicename

     

    Kubernetes zone k8s_zone

     

    Private DNS name privateDnsName

    ip-172-31-10-211.us-west-2.compute.internal

    Public DNS name publicDnsName

    ec2-54-202-168-254.us-west-2.compute.amazonaws.com

    Security group ID SecurityGroupId

     

    Subnet ID subnetId

    sub-123456

    Tag and its name. This key supports a maximum of eight tags. tag.Name

     

    Tenancy placement placement.tenancy

     

    VPC ID VpcId

     

    For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using subnetID. First, check the subnet ID in the AWS management portal.

  4. Enter set filter "subnetId=subnet-fb2506a0", as well as other commands to configure the address as desired. In this example, the subnet is 10.0.2.0/24. At this point, show shows the following:

    Three instances with IP addresses 10.0.2.111, 10.0.2.112, and 10.0.2.114 have just been populated and are updated automatically as you set the filtering condition above and the update interval specified in the GUI has been reached. Since these three instances have been up and running in the specified VPC, the Fabric connector found them through APIs that FortiOS called to AWS.

    You can set the filtering condition using multiple entries with & (and) and | (or) button for each entry. When you use both & and |, FortiOS interprets & before |. For example, you can enter subnetId=subnet-fb2506a0 & tag.Name=abc123. In this case, an IP address of the instance that matches both the subnet ID and the tag “Name” shows up. Filters support wildcard values.