Fortinet black logo

Online Help

Add AWS Organization Account Checklist

Copy Link
Copy Doc ID 623e79e5-e0e1-11eb-97f7-00505692583a:605932

Add AWS Organization Checklist

This checklist refers to places that needed to be fixed first in the master account in order for CloudFormation to add the AWS organization successfully to FortiCWP. After you have finished fixing these issues, please go back to FortiCWP and click Re-Add.

CloudFormation Stack is successfully created - Must Fix

There is a duplicate of CloudFormation Stack in the master account. Please delete the CloudFormation stack following the steps below.

  1. Log into the AWS console with the master account.
  2. Under Services, search and click "CloudFormation".
  3. Delete the stack named "FortiCWPOrganizaiton".

Role for FortiCWP is successfully created - Must Fix

There is a duplicate of FortiCWP role in the master account that is preventing Cloudformation to create new role. Please delete the FortiCWP role following the steps below.

  1. Log into the AWS console with the master account.
  2. Under Services, search and click "IAM".
  3. Click Roles under Access Management.
  4. Search for "role_for_forticwp_organization_master_cloudtrail_v20.1" (with AWS Cloudtrail) or "role_for_forticwp_organization_master_v20.1" (without AWS cloudtrail)
  5. Delete the "role_for_forticwp_organization_master_cloudtrail_v20.1" (with AWS cloudtrail) or "role_for_forticwp_organization_master_v20.1" (without AWS cloudtrail).

Policies for FortiCWP are attached to Role - Must Fix

There are duplicate policies that are preventing Cloudformation to create new policies. Please follow the steps below to delete the duplicate policies.

  1. Log into the AWS console with the master account.
  2. Under Services, search and click "IAM".
  3. Click Policies under Access Management.
  4. Search for the policies below and delete them:

    forticwp_basic_permission

    forticwp_autofix_permission

    forticwp_integration_permission

    forticwp_organization_permission

A Temporary Policy generated and attached to the Role -Must Fix

There are temporary duplicate policies in sub-accounts that are preventing Cloudformation to create new policies. Please log into each of the sub-account and follow the steps below to delete the duplicate temporary policies.

  1. Log into the AWS console with the master-account.
  2. Under Services, search and click "IAM".
  3. Click Policies under Access Management.
  4. Search for the policy below and delete it:

    forticwp_assume_role_subaccount

    forticwp_temporary _permission

After you have finished deleting the roles and policies above, go back to FortiCWP, and click Re-Add to add the AWS organization again.

Add AWS Organization Checklist

This checklist refers to places that needed to be fixed first in the master account in order for CloudFormation to add the AWS organization successfully to FortiCWP. After you have finished fixing these issues, please go back to FortiCWP and click Re-Add.

CloudFormation Stack is successfully created - Must Fix

There is a duplicate of CloudFormation Stack in the master account. Please delete the CloudFormation stack following the steps below.

  1. Log into the AWS console with the master account.
  2. Under Services, search and click "CloudFormation".
  3. Delete the stack named "FortiCWPOrganizaiton".

Role for FortiCWP is successfully created - Must Fix

There is a duplicate of FortiCWP role in the master account that is preventing Cloudformation to create new role. Please delete the FortiCWP role following the steps below.

  1. Log into the AWS console with the master account.
  2. Under Services, search and click "IAM".
  3. Click Roles under Access Management.
  4. Search for "role_for_forticwp_organization_master_cloudtrail_v20.1" (with AWS Cloudtrail) or "role_for_forticwp_organization_master_v20.1" (without AWS cloudtrail)
  5. Delete the "role_for_forticwp_organization_master_cloudtrail_v20.1" (with AWS cloudtrail) or "role_for_forticwp_organization_master_v20.1" (without AWS cloudtrail).

Policies for FortiCWP are attached to Role - Must Fix

There are duplicate policies that are preventing Cloudformation to create new policies. Please follow the steps below to delete the duplicate policies.

  1. Log into the AWS console with the master account.
  2. Under Services, search and click "IAM".
  3. Click Policies under Access Management.
  4. Search for the policies below and delete them:

    forticwp_basic_permission

    forticwp_autofix_permission

    forticwp_integration_permission

    forticwp_organization_permission

A Temporary Policy generated and attached to the Role -Must Fix

There are temporary duplicate policies in sub-accounts that are preventing Cloudformation to create new policies. Please log into each of the sub-account and follow the steps below to delete the duplicate temporary policies.

  1. Log into the AWS console with the master-account.
  2. Under Services, search and click "IAM".
  3. Click Policies under Access Management.
  4. Search for the policy below and delete it:

    forticwp_assume_role_subaccount

    forticwp_temporary _permission

After you have finished deleting the roles and policies above, go back to FortiCWP, and click Re-Add to add the AWS organization again.