AWS S3
Prerequisites
Account Requirement
Before adding your AWS S3 account to FortiCASB, make sure the AWS account user you use is an Administrator User. For instructions on creating an "Administrative User" in your AWS account, please refer to: https://docs.aws.amazon.com/mediapackage/latest/ug/setting-up-create-iam-user.html.
Activate Security Token Service (STS)
FortiCASB uses regional Security Token Service (STS) to reduce latency and provide smoother user experience.
Follow these steps to turn on Security Token Service (STS) on AWS console.
- From your AWS console dashboard, go to Identity and Access Management (IAM).
- Click Account settings from the left navigation panel, and click to expand Security Token Service (STS).
- Based on your location, activate EU (Ireland) if you are located in European Union, otherwise, activate US West (Oregon).
Add AWS S3 Account
Use the Administrator User to create new AWS Policy, Role, and configure the CloudTrail setting:
- AWS Policy Creation
- AWS Role Creation
- Update AWS Role External ID (optional)
- AWS Configure CloudTrail Setting
- Add AWS S3 Account
After all 3 steps are completed, go back to FortiCASB to finish adding the AWS account.