Fortinet black logo

Online Help

Home FortiCASB 24.1.b Online Help

AWS Role Creation

24.1.b
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0
Copy Link
Copy Doc ID df548089-ec91-11ee-8c42-fa163e15d75b:816896

AWS Role Creation

Obtain External ID from FortiCASB

Before creating an AWS Role, you will need an external-ID generated from FortiCASB. The External ID is an unique 32-bit token that meets AWS security requirement that protects the AWS Role.

  1. Log into FortiCASB with your account.
  2. Go to Overview > Dashboard, click on Add New, select AWS S3, then click Add Selected Cloud App.

  3. Enter your AWS Account ID and click Validate to generate External ID for AWS role creation.

  4. The external ID will be appear on the right, click copy to copy the 32-bit external ID token.

If you already have an AWS Role associated with FortiCASB, and only need to update the External ID. Please refer to Update AWS Role External ID (optional)

Create AWS Role.

  1. Click Roles from the menu on the left.
  2. Click Create role.
  3. In Select trusted entity, select AWS account.

  4. Choose Another AWS account, and enter the following Account ID: 897379900121.

    5. Note: This is the Amazon AWS account that FortiCASB uses to monitor the new role that is being created.

  5. Select the box Require external ID and enter in the External ID token generated earlier.

    6. The External ID token must be the one generated earlier through FortiCASB using the same AWS account. If the External ID is not generated from FortiCASB, the AWS account cannot be added to FortiCASB.
  6. Make sure the box Require MFA is not selected. Click Next to continue.
  7. Click Filter, select Type, and then select Type: Customer managed.

  8. Select the policy you created earlier.
  9. Click Next.
  10. Enter a role name of your preference.

  11. Click Create role.
  12. Click the role name created, and copy the AWS Role ARN.

Example of AWS Role ARN: arn:aws:iam::123456123456:role/FortiCASBTester

Please keep the AWS Role ARN later for AWS authentication during installation.

Previous
Next

AWS Role Creation

Obtain External ID from FortiCASB

Before creating an AWS Role, you will need an external-ID generated from FortiCASB. The External ID is an unique 32-bit token that meets AWS security requirement that protects the AWS Role.

  1. Log into FortiCASB with your account.
  2. Go to Overview > Dashboard, click on Add New, select AWS S3, then click Add Selected Cloud App.

  3. Enter your AWS Account ID and click Validate to generate External ID for AWS role creation.

  4. The external ID will be appear on the right, click copy to copy the 32-bit external ID token.

If you already have an AWS Role associated with FortiCASB, and only need to update the External ID. Please refer to Update AWS Role External ID (optional)

Create AWS Role.

  1. Click Roles from the menu on the left.
  2. Click Create role.
  3. In Select trusted entity, select AWS account.

  4. Choose Another AWS account, and enter the following Account ID: 897379900121.

    5. Note: This is the Amazon AWS account that FortiCASB uses to monitor the new role that is being created.

  5. Select the box Require external ID and enter in the External ID token generated earlier.

    6. The External ID token must be the one generated earlier through FortiCASB using the same AWS account. If the External ID is not generated from FortiCASB, the AWS account cannot be added to FortiCASB.
  6. Make sure the box Require MFA is not selected. Click Next to continue.
  7. Click Filter, select Type, and then select Type: Customer managed.

  8. Select the policy you created earlier.
  9. Click Next.
  10. Enter a role name of your preference.

  11. Click Create role.
  12. Click the role name created, and copy the AWS Role ARN.

Example of AWS Role ARN: arn:aws:iam::123456123456:role/FortiCASBTester

Please keep the AWS Role ARN later for AWS authentication during installation.

Previous
Next