AWS Organization is added through the master account when adding to FortiCWP. Once the master account is added, the sub accounts can be selected to be added to FortiCWP.
There are 4 types of permissions to be granted to FortiCWP to add the AWS organization and the accounts under it. For more details, see AWS Permission and Resource Requirements
- From the FortiCWP navigation pane, go to Admin > Account, click +Add New.
- Select AWS as the cloud platform, and Add AWS Organization as the method, then click Add New Cloud Account.
- Enter the master AWS Account ID of the AWS organization and give a name for the account. In Select Permission section, select optional permissions to be granted to FortiCWP if needed.
- In CloudTrail section, select "Yes" to allow FortiCWP to create a CloudTrail for the account, or "No" if you already created one.
- Click Next to continue to the next page.
- Click Go to AWS CloudFormation Guide to be directed to AWS CloudFormation guide to create stack and cloutrail.
- A new page will pop up and redirect you to AWS CloudFormation Guide, click Next at the bottom of each page until the last page, and click Create Stack.
- Refresh the stack creation process of FortiCWPOrganization until the status becomes "CREATE_COMPLETE".
- Go back to FortiCWP add AWS organization page, and click Next. FortiCWP will check master account's configuration.
- The check status will show details on the stack configuration, then click Next
- Select the sub accounts to be added to the AWS Organization, and click Add AWS Organization to finish.