Fortinet black logo

Online Help

Home FortiCASB 23.1.0 Online Help
23.1.0
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0

AWS S3

AWS S3

FortiCASB offers an API-based approach, pulling data directly from AWS S3 via RESTful API. Then FortiCASB portal accesses the data collected through API queries with OAuth2.0 authentication. Subsequently, FortiCASB combines these data to monitor and track AWS S3 user activities, provides DLP Data Analysis for files stored on AWS S3.

Prerequisites

1. Account Requirement

Before adding your AWS S3 account to FortiCASB, make sure the AWS account user you use is an Administrator User. For instructions on creating an "Administrative User" in your AWS account, please refer to:

https://docs.aws.amazon.com/mediapackage/latest/ug/setting-up-create-iam-user.html

2. Activate Security Token Service (STS)

FortiCASB uses regional Security Token Service (STS) to reduce latency and provide smoother user experience.

Follow these steps to turn on Security Token Service (STS) on AWS console.

  1. From your AWS console dashboard, go to Identity and Access Management (IAM).
  2. Click Account settings from the left navigation panel, and click to expand Security Token Service (STS).

  3. Based on your location, activate EU (Ireland) if you are located in European Union, otherwise, activate US West (Oregon).

Add AWS S3 Account

Use the Administrator User to create new AWS Policy, Role, and configure the CloudTrail setting:

  1. AWS Policy Creation
  2. AWS Role Creation
  3. Update AWS Role External ID (optional)
  4. AWS Configure CloudTrail Setting
  5. Add AWS S3 Account

Previous
Next

AWS S3

FortiCASB offers an API-based approach, pulling data directly from AWS S3 via RESTful API. Then FortiCASB portal accesses the data collected through API queries with OAuth2.0 authentication. Subsequently, FortiCASB combines these data to monitor and track AWS S3 user activities, provides DLP Data Analysis for files stored on AWS S3.

Prerequisites

1. Account Requirement

Before adding your AWS S3 account to FortiCASB, make sure the AWS account user you use is an Administrator User. For instructions on creating an "Administrative User" in your AWS account, please refer to:

https://docs.aws.amazon.com/mediapackage/latest/ug/setting-up-create-iam-user.html

2. Activate Security Token Service (STS)

FortiCASB uses regional Security Token Service (STS) to reduce latency and provide smoother user experience.

Follow these steps to turn on Security Token Service (STS) on AWS console.

  1. From your AWS console dashboard, go to Identity and Access Management (IAM).
  2. Click Account settings from the left navigation panel, and click to expand Security Token Service (STS).

  3. Based on your location, activate EU (Ireland) if you are located in European Union, otherwise, activate US West (Oregon).

Add AWS S3 Account

Use the Administrator User to create new AWS Policy, Role, and configure the CloudTrail setting:

  1. AWS Policy Creation
  2. AWS Role Creation
  3. Update AWS Role External ID (optional)
  4. AWS Configure CloudTrail Setting
  5. Add AWS S3 Account

Previous
Next