Fortinet black logo

Online Help

Home FortiCASB 21.1.0 Online Help
21.1.0
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0

AWS Role Creation

AWS Role Creation

Obtain External ID from FortiCASB

Before creating an AWS Role, you will need to create an External ID from FortiCASB. The External ID is an unique 32-bit token that meets AWS security requirement that protects the AWS Role.

  1. Log into FortiCASB with your account.
  2. Go to Overview > Dashboard, click on the AWS S3 account navigation button and select Add Cloud Account.

  1. Enter your "AWS Account ID" and click Validate to validate the account, then click Generate to generate "FortiCASB-generated external ID". Click copy to save it later for creating AWS Role.

Note: If you already generated an External ID a few hours earlier, after you click Validate with your account ID, the external ID will be retrieved automatically without clicking Generate.

If you already have an AWS Role associated with FortiCASB, and only need to update the External ID. Please refer to Update AWS Role External ID (optional)

Create AWS Role.

  1. Click Roles from the menu on the left.
  2. Click Create role.
  3. Click Another AWS account.

  4. Enter the following Account ID: 854209929931.

    5. Note: This is the Amazon AWS account that FortiCASB uses to monitor the new role that is being created.

  5. Select the box Require external ID and enter in an External ID generated earlier.
    6. The External ID must be the one generated earlier through FortiCASB using the same AWS account. If the External ID is not generated from FortiCASB, the AWS account cannot be added to FortiCASB.
  6. Make sure the box Require MFA is not selected.
  7. Click Next: Permissions.
  8. Click Filter, then select Customer managed.

  9. Select the box for the policy you created earlier.
  10. Click Next: Tag, and then click Next: Review.
  11. Enter a name of your preference for the role name.
  12. Click Create role.
  13. Click the role name, and copy the AWS Role ARN.

Example of AWS Role ARN: arn:aws:iam::123456123456:role/FortiCASBTester

Please keep the AWS Role ARN later for AWS authentication during installation.

Previous
Next

AWS Role Creation

Obtain External ID from FortiCASB

Before creating an AWS Role, you will need to create an External ID from FortiCASB. The External ID is an unique 32-bit token that meets AWS security requirement that protects the AWS Role.

  1. Log into FortiCASB with your account.
  2. Go to Overview > Dashboard, click on the AWS S3 account navigation button and select Add Cloud Account.

  1. Enter your "AWS Account ID" and click Validate to validate the account, then click Generate to generate "FortiCASB-generated external ID". Click copy to save it later for creating AWS Role.

Note: If you already generated an External ID a few hours earlier, after you click Validate with your account ID, the external ID will be retrieved automatically without clicking Generate.

If you already have an AWS Role associated with FortiCASB, and only need to update the External ID. Please refer to Update AWS Role External ID (optional)

Create AWS Role.

  1. Click Roles from the menu on the left.
  2. Click Create role.
  3. Click Another AWS account.

  4. Enter the following Account ID: 854209929931.

    5. Note: This is the Amazon AWS account that FortiCASB uses to monitor the new role that is being created.

  5. Select the box Require external ID and enter in an External ID generated earlier.
    6. The External ID must be the one generated earlier through FortiCASB using the same AWS account. If the External ID is not generated from FortiCASB, the AWS account cannot be added to FortiCASB.
  6. Make sure the box Require MFA is not selected.
  7. Click Next: Permissions.
  8. Click Filter, then select Customer managed.

  9. Select the box for the policy you created earlier.
  10. Click Next: Tag, and then click Next: Review.
  11. Enter a name of your preference for the role name.
  12. Click Create role.
  13. Click the role name, and copy the AWS Role ARN.

Example of AWS Role ARN: arn:aws:iam::123456123456:role/FortiCASBTester

Please keep the AWS Role ARN later for AWS authentication during installation.

Previous
Next