Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiSandbox VM on AWS

    Home FortiSandbox Public Cloud 4.4.0 FortiSandbox VM on AWS
    4.4.0
    5.0.0
    4.4.0
    4.2.3
    4.2.1
    4.2.0
    4.0.0
    3.2.0
    3.1.0
    3.0.0

    Attach policies

    Attach policies

    You must have the correct permissions to attach policies to a group. Add the following policies to the group you created (QA_FortiSandbox).

    Basic IAM policies for FortiSandbox deployment, HA-cluster and importing custom VM from AMI:

    AmazonEC2FullAccess Provides full access to FortiSandbox EC2 instance and custom VM clone EC2 instance via the AWS Management Console.
    IAMReadOnlyAccess Provides read only access to IAM (IAM is a web service that helps you securely control access to AWS resources) via the AWS Management Console.
    AdministratorAccess Provides full access to Amazon VPC via the AWS Management Console.
    AmazonVPCReadOnlyAccess Provides read only access to Amazon VPC via the AWS Management Console.

    Optional IAM policies for importing custom VM from VHD:

    AmazonS3FullAccess Provides full access to all buckets via the AWS Management Console.
    AWSImportExportFullAccess Provides read and write access to the jobs created under the AWS account.
    VMImportExportRoleForAWSConnector Default policy for the VM Import/Export service role, for customers using the AWS Connector. The VM Import/Export service assumes a role with this policy to fulfill virtual machine migration requests from the AWS Connector virtual appliance. Provides the ability to create AMIs and EBS snapshots, modify EBS snapshot attributes, make Describe* calls on EC2 objects, and read from S3 buckets starting with import-to-ec2-.
    1. Click Filter and enter AmazonEC2FullAccess.
    2. Select the checkbox beside AmazonEC2FullAccess, and click Clear filters.

    3. Repeat this for all policies.
    4. Click Create Group.
    5. Check the group you created (QA_FortiSandbox) to review the group summary.
    6. In the Permissions tab, review the attached policies.

    7. Click Add permissions > Create Inline Policies. Select Custom Policy and use the policy editor to customize your own set of permissions.

    8. You can use the AWS Visual editor or a JSON editor to create policies. If the validation is successful, click Review Policy.
      • To create the policy by using AWS Visual editor:

      • To create the policy in JSON format:

    9. Under Review policy, enter a policy Name and then click Create policy.
    10. Under Permissions policies, review the policies you created.
    Previous
    Next

    Attach policies

    Attach policies

    You must have the correct permissions to attach policies to a group. Add the following policies to the group you created (QA_FortiSandbox).

    Basic IAM policies for FortiSandbox deployment, HA-cluster and importing custom VM from AMI:

    AmazonEC2FullAccess Provides full access to FortiSandbox EC2 instance and custom VM clone EC2 instance via the AWS Management Console.
    IAMReadOnlyAccess Provides read only access to IAM (IAM is a web service that helps you securely control access to AWS resources) via the AWS Management Console.
    AdministratorAccess Provides full access to Amazon VPC via the AWS Management Console.
    AmazonVPCReadOnlyAccess Provides read only access to Amazon VPC via the AWS Management Console.

    Optional IAM policies for importing custom VM from VHD:

    AmazonS3FullAccess Provides full access to all buckets via the AWS Management Console.
    AWSImportExportFullAccess Provides read and write access to the jobs created under the AWS account.
    VMImportExportRoleForAWSConnector Default policy for the VM Import/Export service role, for customers using the AWS Connector. The VM Import/Export service assumes a role with this policy to fulfill virtual machine migration requests from the AWS Connector virtual appliance. Provides the ability to create AMIs and EBS snapshots, modify EBS snapshot attributes, make Describe* calls on EC2 objects, and read from S3 buckets starting with import-to-ec2-.
    1. Click Filter and enter AmazonEC2FullAccess.
    2. Select the checkbox beside AmazonEC2FullAccess, and click Clear filters.

    3. Repeat this for all policies.
    4. Click Create Group.
    5. Check the group you created (QA_FortiSandbox) to review the group summary.
    6. In the Permissions tab, review the attached policies.

    7. Click Add permissions > Create Inline Policies. Select Custom Policy and use the policy editor to customize your own set of permissions.

    8. You can use the AWS Visual editor or a JSON editor to create policies. If the validation is successful, click Review Policy.
      • To create the policy by using AWS Visual editor:

      • To create the policy in JSON format:

    9. Under Review policy, enter a policy Name and then click Create policy.
    10. Under Permissions policies, review the policies you created.
    Previous
    Next