Amazon Web Services (AWS) provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world. With data center locations in the U.S., Europe, Brazil, Singapore, Japan, and Australia, customers across all industries are taking advantage of the following benefits: Low Cost, Agile, Open and Flexible, and Secure.
This document provides information about the AWS EC2 connector, which facilitates automated interactions, with AWS EC2 services using FortiSOAR™ playbooks. Add the AWS EC2 connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching a new instance, taking snapshots of volumes, detaching volumes and terminating an instance.
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with AWS EC2 Versions: 2 and later
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the AWS EC2 connector row, and in the Configuration tab enter the required configuration details.
Parameter | Description |
---|---|
AWS Region | Your account's AWS region that you will use to access AWS services. |
AWS Access Key ID | ID of the AWS Access Key to access AWS services. |
AWS Secret Access Key | Key of the AWS Secret Access to access AWS services. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get AMIs Detail | Retrieves details for all AMIs (Amazon Machine Images) from AWS. | get_ami_details Miscellaneous |
Launch Instance | Launches a new instance on AWS having basic configuration. | launch_instance Investigation |
Get Instance Details | Retrieves details for an instance you have specified, using the instance ID, from AWS. | get_instance_info Investigation |
Start Instance | Starts an instance you have specified using the instance ID. | start_instance Miscellaneous |
Stop Instance | Stops an instance you have specified using the instance ID. | stop_instance Miscellaneous |
Register Instance To ELB | Registers an instance to the elastic load balancing (ELB) service. | register_instance Miscellaneous |
Attach Instance To Auto Scaling Group | Attaches a running instance to the auto scaling group. | attach_instance Miscellaneous |
Detach Instance From Auto Scaling Group | Detaches an EC2 instance to the auto scaling group. | detach_instance Miscellaneous |
Instance API Termination | Terminates an instance using the REST API, if you have enabled this operation. Important: This operation is not applicable for spot instance. |
|
Terminate Instance | Terminates an EC2 instance you have specified using the instance ID. | terminate_instance Miscellaneous |
Attach Volume | Attaches a volume to an EC2 instance you have specified using the instance ID. | attach_volume Miscellaneous |
Capture Volume Snapshot | Captures a snapshot of a volume you have specified using the volume ID. | get_snapshot_volume Miscellaneous |
Detach Volume | Detaches a volume you have specified, using the volume ID, from an EC2 instance. | detach_volume Remediation |
Delete Volume | Deletes a volume you have specified, using the volume ID. | detach_volume Remediation |
Add Security Group to Instance | Adds a security group to an EC2 instance you have specified using the instance ID. | add_group Containment |
Deregister Instance from ELB | Deregisters an instance from the elastic load balancing (ELB) service. | deregister_instance Containment |
Add Instance Tag | Adds a tag to an available EC2 instance you have specified using the instance ID. Tags must be added in a key-value pair. |
add_tag Miscellaneous |
Add Network ACL Rule | Adds a rule to the network access control list (ACL). | add_rule Containment |
Get User Details | Retrieves details for a user, you have specified using the user name, from AWS. | get_user_info Investigation |
None
The JSON output contains details for all AMIs from AWS.
Following image displays a sample output:
Parameter | Description |
---|---|
Image ID | ID of the AMI on which you want to launch a new instance. You can get the ID of an AMI using the Get AMIs Detail operation. |
Instance Type | Type of the instance that you want to launch. For example, t1.micro |
Instance MaxCount | Maximum number of instances to launch. If you specify a maximum that is greater than the maximum number of instances Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches the largest possible number of instances above MinCount . |
Instance MinCount | Minimum number of instances to launch. If you specify a minimum that is lesser than the minimum number of instances than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches no instances. |
SubNet ID | (Optional) ID of the subnet associated with the network string. You must specify this only if you are creating a network interface when launching an instance. |
Device Name | Name of the device. For example, /dev/sdh or xvdh . |
Instance Delete on Termination | Select this option if you want to delete the interface when the instance is terminated. |
Security Groups | (Optional) Security group(s) to be assigned to the newly launched instance. |
Purpose For Launch Instance | (Optional) Purpose of launching the instance. |
Customer Name | (Optional) Name of the customer for who you are requesting the launch of the new instance. |
Terminate By Date | (Optional) Date on which the instance will be terminated. |
The JSON output contains the status of whether or not the requested instance has been launched successfully and the request ID that is used to launch the new instance on AWS.
Following image displays a sample output:
Parameter | Description |
---|---|
Instance ID | ID of the instance for which you want to retrieve details. |
The JSON output retrieves details of the instance from AWS, based on the instance ID that you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Instance ID | ID of the instance that you want to start. |
Purpose | (Optional) Purpose of starting the instance. |
The JSON output contains the status of whether or not the specified instance has been started.
Following image displays a sample output:
Parameter | Description |
---|---|
Instance ID | ID of the instance that you want to stop. |
The JSON output contains the status of whether or not the specified instance has been stopped.
Following image displays a sample output:
Parameter | Description |
---|---|
ELB Name | Name of the ELB to which you want to register the specified instance. |
Instance ID | ID of the instance that you want to register with the specified ELB. |
The JSON output contains the status of whether or not the specified instance has been registered to the specified ELB.
Following image displays a sample output:
Parameter | Description |
---|---|
Auto Scaling Group Name | Name of the auto scaling group to which you want to attach the specified instance. |
Instance IDs (In CSV Or List Format) | ID(s) of the instance(s) that you want to attach to the specified auto scaling group using the csv or list format. |
The JSON output contains the status of whether or not the specified instance has been attached to the specified auto scaling group.
Following image displays a sample output:
Parameter | Description |
---|---|
Auto Scaling Group Name | Name of the auto scaling group from which you want to detach the specified instance. |
Instance ID | ID of the instance that you want to detach from the specified auto scaling group. |
The JSON output contains the status of whether or not the specified instance has been detached from the specified auto scaling group.
Following image displays a sample output:
Parameter | Description |
---|---|
Instance ID | ID of the instance that you want to terminate using the REST API. |
Select Action | Specify Enable or Disable to either allow or disallow terminating an instance using the REST API. |
The JSON output contains the status of whether or not the specified instance has been terminated using the Amazon EC2 console, CLI, or API.
Following image displays a sample output when you select Disable in the Select Action
parameter in this operation:
Parameter | Description |
---|---|
Instance ID | ID of the instance that you want to terminate. |
The JSON output contains the status of whether or not the specified instance has been terminated.
Following image displays a sample output:
Parameter | Description |
---|---|
Volume ID | ID of the volume that you want to attach to the specified instance. |
Device Name | Name (or full path) of the device on the specified instance. For example, /dev/sdh or xvdh . |
Instance ID | ID of the instance to which you want to attach the specified volume. |
The JSON output contains the status of whether or not the specified volume has been attached to the specified instance. Following image displays a sample output:
Parameter | Description |
---|---|
Volume ID | ID of the volume for which you want to capture a snapshot. |
Volume Description | Description of the snapshot. |
The JSON output contains the status of whether or not the snapshot for the specified volume has been captured.
Following image displays a sample output:
Parameter | Description |
---|---|
Volume ID | ID of the volume that you want to detach from the specified instance. |
Device Name | Name (or full path) of the device on the specified instance. For example, /dev/sdh or xvdh . |
Instance ID | ID of the instance from which you want to detach the specified volume. |
Force to Detach | Select this option if you want to forcefully detach the volume from the specified instance. |
The JSON output contains the status of whether or not the specified volume has been detached from the specified instance.
Following image displays a sample output:
Parameter | Description |
---|---|
Volume ID | ID of the volume that you want to delete. |
The JSON output contains the status of whether or not the specified volume has been deleted.
Following image displays a sample output:
Parameter | Description |
---|---|
Instance ID | ID of the instance that you want to add to the specified Security Group(s). |
Security Group Name or ID (In CSV Or List Format) | Name(s) or ID(s) of the Security Group(s) to which you want to add the specified instance. The Security Group ID(s) or Name(s) must be specified in the csv or list format. For example, ["default", "launch-wizard-3", "sg-9fc7dcf7"] |
The JSON output contains the status of whether or not the specified instance has been added to the specified Security Group(s).
Following image displays a sample output:
Parameter | Description |
---|---|
ELB Name | Name of the ELB from which you want to deregister the specified instance. |
Instance ID | ID of the instance that you want to deregister from the specified ELB. |
The JSON output contains the status of whether or not the specified instance has been deregistered from the specified ELB.
Following image displays a sample output:
Parameter | Description |
---|---|
Instance ID | ID of the instance to which you want to add a tag. |
Tag Key | Key for the tag that you want to add. |
Value | Value for the tag that you want to add. |
The JSON output contains the status of whether or not the specified tag has been added to the specified instance.
Following image displays a sample output:
Parameter | Description |
---|---|
Network ID | ID of the network in which you want to add the ACL rule. |
Egress Rule | Select either Inbound_Rule or Outbound_Rule. |
IP Address | IP address of the network in which you want to add the ACL rule. |
Rule Action | Action that the rule must perform. Choose between DENY or ALLOW. |
Rule Number | Position of where the rule must be placed in the ACL rules. |
The JSON output contains the status of whether or not the ACL rule is added to the specified network.
Following image displays a sample output:
Parameter | Description |
---|---|
User Name | Name of the user for who you want to retrieve details. |
The JSON output retrieves details of the user from AWS, based on the username that you have specified.
Following image displays a sample output:
The Sample - AWS EC2 - 1.0.0
playbook collection comes bundled with the AWS EC2 connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS EC2 connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Amazon Web Services (AWS) provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world. With data center locations in the U.S., Europe, Brazil, Singapore, Japan, and Australia, customers across all industries are taking advantage of the following benefits: Low Cost, Agile, Open and Flexible, and Secure.
This document provides information about the AWS EC2 connector, which facilitates automated interactions, with AWS EC2 services using FortiSOAR™ playbooks. Add the AWS EC2 connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching a new instance, taking snapshots of volumes, detaching volumes and terminating an instance.
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with AWS EC2 Versions: 2 and later
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the AWS EC2 connector row, and in the Configuration tab enter the required configuration details.
Parameter | Description |
---|---|
AWS Region | Your account's AWS region that you will use to access AWS services. |
AWS Access Key ID | ID of the AWS Access Key to access AWS services. |
AWS Secret Access Key | Key of the AWS Secret Access to access AWS services. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get AMIs Detail | Retrieves details for all AMIs (Amazon Machine Images) from AWS. | get_ami_details Miscellaneous |
Launch Instance | Launches a new instance on AWS having basic configuration. | launch_instance Investigation |
Get Instance Details | Retrieves details for an instance you have specified, using the instance ID, from AWS. | get_instance_info Investigation |
Start Instance | Starts an instance you have specified using the instance ID. | start_instance Miscellaneous |
Stop Instance | Stops an instance you have specified using the instance ID. | stop_instance Miscellaneous |
Register Instance To ELB | Registers an instance to the elastic load balancing (ELB) service. | register_instance Miscellaneous |
Attach Instance To Auto Scaling Group | Attaches a running instance to the auto scaling group. | attach_instance Miscellaneous |
Detach Instance From Auto Scaling Group | Detaches an EC2 instance to the auto scaling group. | detach_instance Miscellaneous |
Instance API Termination | Terminates an instance using the REST API, if you have enabled this operation. Important: This operation is not applicable for spot instance. |
|
Terminate Instance | Terminates an EC2 instance you have specified using the instance ID. | terminate_instance Miscellaneous |
Attach Volume | Attaches a volume to an EC2 instance you have specified using the instance ID. | attach_volume Miscellaneous |
Capture Volume Snapshot | Captures a snapshot of a volume you have specified using the volume ID. | get_snapshot_volume Miscellaneous |
Detach Volume | Detaches a volume you have specified, using the volume ID, from an EC2 instance. | detach_volume Remediation |
Delete Volume | Deletes a volume you have specified, using the volume ID. | detach_volume Remediation |
Add Security Group to Instance | Adds a security group to an EC2 instance you have specified using the instance ID. | add_group Containment |
Deregister Instance from ELB | Deregisters an instance from the elastic load balancing (ELB) service. | deregister_instance Containment |
Add Instance Tag | Adds a tag to an available EC2 instance you have specified using the instance ID. Tags must be added in a key-value pair. |
add_tag Miscellaneous |
Add Network ACL Rule | Adds a rule to the network access control list (ACL). | add_rule Containment |
Get User Details | Retrieves details for a user, you have specified using the user name, from AWS. | get_user_info Investigation |
None
The JSON output contains details for all AMIs from AWS.
Following image displays a sample output:
Parameter | Description |
---|---|
Image ID | ID of the AMI on which you want to launch a new instance. You can get the ID of an AMI using the Get AMIs Detail operation. |
Instance Type | Type of the instance that you want to launch. For example, t1.micro |
Instance MaxCount | Maximum number of instances to launch. If you specify a maximum that is greater than the maximum number of instances Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches the largest possible number of instances above MinCount . |
Instance MinCount | Minimum number of instances to launch. If you specify a minimum that is lesser than the minimum number of instances than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches no instances. |
SubNet ID | (Optional) ID of the subnet associated with the network string. You must specify this only if you are creating a network interface when launching an instance. |
Device Name | Name of the device. For example, /dev/sdh or xvdh . |
Instance Delete on Termination | Select this option if you want to delete the interface when the instance is terminated. |
Security Groups | (Optional) Security group(s) to be assigned to the newly launched instance. |
Purpose For Launch Instance | (Optional) Purpose of launching the instance. |
Customer Name | (Optional) Name of the customer for who you are requesting the launch of the new instance. |
Terminate By Date | (Optional) Date on which the instance will be terminated. |
The JSON output contains the status of whether or not the requested instance has been launched successfully and the request ID that is used to launch the new instance on AWS.
Following image displays a sample output:
Parameter | Description |
---|---|
Instance ID | ID of the instance for which you want to retrieve details. |
The JSON output retrieves details of the instance from AWS, based on the instance ID that you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Instance ID | ID of the instance that you want to start. |
Purpose | (Optional) Purpose of starting the instance. |
The JSON output contains the status of whether or not the specified instance has been started.
Following image displays a sample output:
Parameter | Description |
---|---|
Instance ID | ID of the instance that you want to stop. |
The JSON output contains the status of whether or not the specified instance has been stopped.
Following image displays a sample output:
Parameter | Description |
---|---|
ELB Name | Name of the ELB to which you want to register the specified instance. |
Instance ID | ID of the instance that you want to register with the specified ELB. |
The JSON output contains the status of whether or not the specified instance has been registered to the specified ELB.
Following image displays a sample output:
Parameter | Description |
---|---|
Auto Scaling Group Name | Name of the auto scaling group to which you want to attach the specified instance. |
Instance IDs (In CSV Or List Format) | ID(s) of the instance(s) that you want to attach to the specified auto scaling group using the csv or list format. |
The JSON output contains the status of whether or not the specified instance has been attached to the specified auto scaling group.
Following image displays a sample output:
Parameter | Description |
---|---|
Auto Scaling Group Name | Name of the auto scaling group from which you want to detach the specified instance. |
Instance ID | ID of the instance that you want to detach from the specified auto scaling group. |
The JSON output contains the status of whether or not the specified instance has been detached from the specified auto scaling group.
Following image displays a sample output:
Parameter | Description |
---|---|
Instance ID | ID of the instance that you want to terminate using the REST API. |
Select Action | Specify Enable or Disable to either allow or disallow terminating an instance using the REST API. |
The JSON output contains the status of whether or not the specified instance has been terminated using the Amazon EC2 console, CLI, or API.
Following image displays a sample output when you select Disable in the Select Action
parameter in this operation:
Parameter | Description |
---|---|
Instance ID | ID of the instance that you want to terminate. |
The JSON output contains the status of whether or not the specified instance has been terminated.
Following image displays a sample output:
Parameter | Description |
---|---|
Volume ID | ID of the volume that you want to attach to the specified instance. |
Device Name | Name (or full path) of the device on the specified instance. For example, /dev/sdh or xvdh . |
Instance ID | ID of the instance to which you want to attach the specified volume. |
The JSON output contains the status of whether or not the specified volume has been attached to the specified instance. Following image displays a sample output:
Parameter | Description |
---|---|
Volume ID | ID of the volume for which you want to capture a snapshot. |
Volume Description | Description of the snapshot. |
The JSON output contains the status of whether or not the snapshot for the specified volume has been captured.
Following image displays a sample output:
Parameter | Description |
---|---|
Volume ID | ID of the volume that you want to detach from the specified instance. |
Device Name | Name (or full path) of the device on the specified instance. For example, /dev/sdh or xvdh . |
Instance ID | ID of the instance from which you want to detach the specified volume. |
Force to Detach | Select this option if you want to forcefully detach the volume from the specified instance. |
The JSON output contains the status of whether or not the specified volume has been detached from the specified instance.
Following image displays a sample output:
Parameter | Description |
---|---|
Volume ID | ID of the volume that you want to delete. |
The JSON output contains the status of whether or not the specified volume has been deleted.
Following image displays a sample output:
Parameter | Description |
---|---|
Instance ID | ID of the instance that you want to add to the specified Security Group(s). |
Security Group Name or ID (In CSV Or List Format) | Name(s) or ID(s) of the Security Group(s) to which you want to add the specified instance. The Security Group ID(s) or Name(s) must be specified in the csv or list format. For example, ["default", "launch-wizard-3", "sg-9fc7dcf7"] |
The JSON output contains the status of whether or not the specified instance has been added to the specified Security Group(s).
Following image displays a sample output:
Parameter | Description |
---|---|
ELB Name | Name of the ELB from which you want to deregister the specified instance. |
Instance ID | ID of the instance that you want to deregister from the specified ELB. |
The JSON output contains the status of whether or not the specified instance has been deregistered from the specified ELB.
Following image displays a sample output:
Parameter | Description |
---|---|
Instance ID | ID of the instance to which you want to add a tag. |
Tag Key | Key for the tag that you want to add. |
Value | Value for the tag that you want to add. |
The JSON output contains the status of whether or not the specified tag has been added to the specified instance.
Following image displays a sample output:
Parameter | Description |
---|---|
Network ID | ID of the network in which you want to add the ACL rule. |
Egress Rule | Select either Inbound_Rule or Outbound_Rule. |
IP Address | IP address of the network in which you want to add the ACL rule. |
Rule Action | Action that the rule must perform. Choose between DENY or ALLOW. |
Rule Number | Position of where the rule must be placed in the ACL rules. |
The JSON output contains the status of whether or not the ACL rule is added to the specified network.
Following image displays a sample output:
Parameter | Description |
---|---|
User Name | Name of the user for who you want to retrieve details. |
The JSON output retrieves details of the user from AWS, based on the username that you have specified.
Following image displays a sample output:
The Sample - AWS EC2 - 1.0.0
playbook collection comes bundled with the AWS EC2 connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS EC2 connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.