Add AWS Organization Checklist
This checklist refers to places that needed to be fixed first in the master account in order for CloudFormation to add the AWS organization successfully to FortiCWP. After you have finished fixing these issues, please go back to FortiCWP and click Re-Add.
CloudFormation Stack is successfully created - Must Fix
There is a duplicate of CloudFormation Stack in the master account. Please delete the CloudFormation stack following the steps below.
- Log into the AWS console with the master account.
- Under Services, search and click "CloudFormation".
- Delete the stack named "FortiCWPOrganizaiton".
Role for FortiCWP is successfully created - Must Fix
There is a duplicate of FortiCWP role in the master account that is preventing Cloudformation to create new role. Please delete the FortiCWP role following the steps below.
- Log into the AWS console with the master account.
- Under Services, search and click "IAM".
- Click Roles under Access Management.
- Search for "role_for_forticwp_organization_master_cloudtrail_v20.1" (with AWS Cloudtrail) or "role_for_forticwp_organization_master_v20.1" (without AWS cloudtrail)
- Delete the "role_for_forticwp_organization_master_cloudtrail_v20.1" (with AWS cloudtrail) or "role_for_forticwp_organization_master_v20.1" (without AWS cloudtrail).
Policies for FortiCWP are attached to Role - Must Fix
There are duplicate policies that are preventing Cloudformation to create new policies. Please follow the steps below to delete the duplicate policies.
- Log into the AWS console with the master account.
- Under Services, search and click "IAM".
- Click Policies under Access Management.
- Search for the policies below and delete them:
forticwp_basic_permission
forticwp_autofix_permission
forticwp_integration_permission
forticwp_organization_permission
A Temporary Policy generated and attached to the Role -Must Fix
There are temporary duplicate policies in sub-accounts that are preventing Cloudformation to create new policies. Please log into each of the sub-account and follow the steps below to delete the duplicate temporary policies.
- Log into the AWS console with the master-account.
- Under Services, search and click "IAM".
- Click Policies under Access Management.
- Search for the policy below and delete it:
forticwp_assume_role_subaccount
forticwp_temporary _permission
After you have finished deleting the roles and policies above, go back to FortiCWP, and click Re-Add to add the AWS organization again. |