Technical Tip: Configuration requirements for adding the Amazon Web Services (AWS) account to the FortiCNP

When adding the Amazon Web Services (AWS) account to the FortiCNP, follow these three mandatory configuration steps:

1. Add AWS accounts through FortiCNP. This is the first step to enable cloud protection for an AWS account. Add one or multiple accounts automatically or manually. Provide the AWS account ID and a name for the account.

It is also necessary to select the optional permissions to be granted to FortiCNP as needed.

2. Accept FortiCNP to create CloudTrail for the account. This is required for FortiCNP to collect and analyze the AWS API calls and events. Either choose to let FortiCNP create a CloudTrail for the account or use an existing one. It is also necessary to specify the aggregation region for the CloudTrail.
   
   
3. Launch the CloudFormation template. This is required for FortiCNP to create a stack and a role in the AWS account.
   
   

Note: Do not change the UUID. The UUID is a unique parameter designated for the specific Company on FortiCNP.

The stack contains the resources that FortiCNP needs to access and monitor the AWS account. The role allows FortiCNP to assume it and perform actions on the user's behalf. It is necessary to enter a custom or default role name and a unique UUID that is designated for the company on FortiCNP.

Related documents:

• Add AWS Account Automatically - FortiCNP.
• Manage Cloud Risk Through Actionable Insights | FortiCNP for AWS - YouTube.