About the connector
Amazon Web Services (AWS) provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world. With data center locations in the U.S., Europe, Brazil, Singapore, Japan, and Australia, customers across all industries are taking advantage of the following benefits: Low Cost, Agile, Open and Flexible, and Secure.
This document provides information about the AWS EC2 connector, which facilitates automated interactions, with AWS EC2 services using FortiSOAR™ playbooks. Add the AWS EC2 connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching a new instance, taking snapshots of volumes, detaching volumes and terminating an instance.
Version information
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with AWS EC2 Versions: 2 and later
Installing the connector
For the procedure to install a connector, click here.
Prerequisites to configuring the connector
- You must know your account's AWS region that you will use to access AWS services and have the AWS access key ID and the AWS secret access key to access AWS services.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Connectors page, click the AWS EC2 connector row, and in the Configuration tab enter the required configuration details.
| Parameter |
Description |
| AWS Region |
Your account's AWS region that you will use to access AWS services. |
| AWS Access Key ID |
ID of the AWS Access Key to access AWS services. |
| AWS Secret Access Key |
Key of the AWS Secret Access to access AWS services. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| Get AMIs Detail |
Retrieves details for all AMIs (Amazon Machine Images) from AWS. |
get_ami_details
Miscellaneous |
| Launch Instance |
Launches a new instance on AWS having basic configuration. |
launch_instance
Investigation |
| Get Instance Details |
Retrieves details for an instance you have specified, using the instance ID, from AWS. |
get_instance_info
Investigation |
| Start Instance |
Starts an instance you have specified using the instance ID. |
start_instance
Miscellaneous |
| Stop Instance |
Stops an instance you have specified using the instance ID. |
stop_instance
Miscellaneous |
| Register Instance To ELB |
Registers an instance to the elastic load balancing (ELB) service. |
register_instance
Miscellaneous |
| Attach Instance To Auto Scaling Group |
Attaches a running instance to the auto scaling group. |
attach_instance
Miscellaneous |
| Detach Instance From Auto Scaling Group |
Detaches an EC2 instance to the auto scaling group. |
detach_instance
Miscellaneous |
| Instance API Termination |
Terminates an instance using the REST API, if you have enabled this operation.
Important: This operation is not applicable for spot instance. |
|
| Terminate Instance |
Terminates an EC2 instance you have specified using the instance ID. |
terminate_instance
Miscellaneous |
| Attach Volume |
Attaches a volume to an EC2 instance you have specified using the instance ID. |
attach_volume
Miscellaneous |
| Capture Volume Snapshot |
Captures a snapshot of a volume you have specified using the volume ID. |
get_snapshot_volume
Miscellaneous |
| Detach Volume |
Detaches a volume you have specified, using the volume ID, from an EC2 instance. |
detach_volume
Remediation |
| Delete Volume |
Deletes a volume you have specified, using the volume ID. |
detach_volume
Remediation |
| Add Security Group to Instance |
Adds a security group to an EC2 instance you have specified using the instance ID. |
add_group
Containment |
| Deregister Instance from ELB |
Deregisters an instance from the elastic load balancing (ELB) service. |
deregister_instance
Containment |
| Add Instance Tag |
Adds a tag to an available EC2 instance you have specified using the instance ID.
Tags must be added in a key-value pair. |
add_tag
Miscellaneous |
| Add Network ACL Rule |
Adds a rule to the network access control list (ACL). |
add_rule
Containment |
| Get User Details |
Retrieves details for a user, you have specified using the user name, from AWS. |
get_user_info
Investigation |
operation: Get AMIs Detail
Input parameters
None
Output
The JSON output contains details for all AMIs from AWS.
Following image displays a sample output:
operation: Launch Instance
Input parameters
| Parameter |
Description |
| Image ID |
ID of the AMI on which you want to launch a new instance. You can get the ID of an AMI using the Get AMIs Detail operation. |
| Instance Type |
Type of the instance that you want to launch.
For example, t1.micro |
| Instance MaxCount |
Maximum number of instances to launch.
If you specify a maximum that is greater than the maximum number of instances Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches the largest possible number of instances above MinCount. |
| Instance MinCount |
Minimum number of instances to launch.
If you specify a minimum that is lesser than the minimum number of instances than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches no instances. |
| SubNet ID |
(Optional) ID of the subnet associated with the network string. You must specify this only if you are creating a network interface when launching an instance. |
| Device Name |
Name of the device. For example, /dev/sdh or xvdh. |
| Instance Delete on Termination |
Select this option if you want to delete the interface when the instance is terminated. |
| Security Groups |
(Optional) Security group(s) to be assigned to the newly launched instance. |
| Purpose For Launch Instance |
(Optional) Purpose of launching the instance. |
| Customer Name |
(Optional) Name of the customer for who you are requesting the launch of the new instance. |
| Terminate By Date |
(Optional) Date on which the instance will be terminated. |
Output
The JSON output contains the status of whether or not the requested instance has been launched successfully and the request ID that is used to launch the new instance on AWS.
Following image displays a sample output:
operation: Get Instance Details
Input parameters
| Parameter |
Description |
| Instance ID |
ID of the instance for which you want to retrieve details. |
Output
The JSON output retrieves details of the instance from AWS, based on the instance ID that you have specified.
Following image displays a sample output:
operation: Start Instance
Input parameters
| Parameter |
Description |
| Instance ID |
ID of the instance that you want to start. |
| Purpose |
(Optional) Purpose of starting the instance. |
Output
The JSON output contains the status of whether or not the specified instance has been started.
Following image displays a sample output:
operation: Stop Instance
Input parameters
| Parameter |
Description |
| Instance ID |
ID of the instance that you want to stop. |
Output
The JSON output contains the status of whether or not the specified instance has been stopped.
Following image displays a sample output:
operation: Register Instance To ELB
Input parameters
| Parameter |
Description |
| ELB Name |
Name of the ELB to which you want to register the specified instance. |
| Instance ID |
ID of the instance that you want to register with the specified ELB. |
Output
The JSON output contains the status of whether or not the specified instance has been registered to the specified ELB.
Following image displays a sample output:
operation: Attach Instance To Auto Scaling Group
Input parameters
| Parameter |
Description |
| Auto Scaling Group Name |
Name of the auto scaling group to which you want to attach the specified instance. |
| Instance IDs (In CSV Or List Format) |
ID(s) of the instance(s) that you want to attach to the specified auto scaling group using the csv or list format. |
Output
The JSON output contains the status of whether or not the specified instance has been attached to the specified auto scaling group.
Following image displays a sample output:
operation: Detach Instance From Auto Scaling Group
Input parameters
| Parameter |
Description |
| Auto Scaling Group Name |
Name of the auto scaling group from which you want to detach the specified instance. |
| Instance ID |
ID of the instance that you want to detach from the specified auto scaling group. |
Output
The JSON output contains the status of whether or not the specified instance has been detached from the specified auto scaling group.
Following image displays a sample output:
operation: Instance API Termination
Input parameters
| Parameter |
Description |
| Instance ID |
ID of the instance that you want to terminate using the REST API. |
| Select Action |
Specify Enable or Disable to either allow or disallow terminating an instance using the REST API. |
Output
The JSON output contains the status of whether or not the specified instance has been terminated using the Amazon EC2 console, CLI, or API.
Following image displays a sample output when you select Disable in the Select Actionparameter in this operation:
operation: Terminate Instance
Input parameters
| Parameter |
Description |
| Instance ID |
ID of the instance that you want to terminate. |
Output
The JSON output contains the status of whether or not the specified instance has been terminated.
Following image displays a sample output:
operation: Attach Volume
Input parameters
| Parameter |
Description |
| Volume ID |
ID of the volume that you want to attach to the specified instance. |
| Device Name |
Name (or full path) of the device on the specified instance. For example, /dev/sdh or xvdh. |
| Instance ID |
ID of the instance to which you want to attach the specified volume. |
Output
The JSON output contains the status of whether or not the specified volume has been attached to the specified instance. Following image displays a sample output:
operation: Capture Volume Snapshot
Input parameters
| Parameter |
Description |
| Volume ID |
ID of the volume for which you want to capture a snapshot. |
| Volume Description |
Description of the snapshot. |
Output
The JSON output contains the status of whether or not the snapshot for the specified volume has been captured.
Following image displays a sample output:
operation: Detach Volume
Input parameters
| Parameter |
Description |
| Volume ID |
ID of the volume that you want to detach from the specified instance. |
| Device Name |
Name (or full path) of the device on the specified instance. For example, /dev/sdh or xvdh. |
| Instance ID |
ID of the instance from which you want to detach the specified volume. |
| Force to Detach |
Select this option if you want to forcefully detach the volume from the specified instance. |
Output
The JSON output contains the status of whether or not the specified volume has been detached from the specified instance.
Following image displays a sample output:
operation: Delete Volume
Input parameters
| Parameter |
Description |
| Volume ID |
ID of the volume that you want to delete. |
Output
The JSON output contains the status of whether or not the specified volume has been deleted.
Following image displays a sample output:
operation: Add Security Group To Instance
Input parameters
| Parameter |
Description |
| Instance ID |
ID of the instance that you want to add to the specified Security Group(s). |
| Security Group Name or ID (In CSV Or List Format) |
Name(s) or ID(s) of the Security Group(s) to which you want to add the specified instance.
The Security Group ID(s) or Name(s) must be specified in the csv or list format.
For example, ["default", "launch-wizard-3", "sg-9fc7dcf7"] |
Output
The JSON output contains the status of whether or not the specified instance has been added to the specified Security Group(s).
Following image displays a sample output:
operation: Deregister Instance from ELB
Input parameters
| Parameter |
Description |
| ELB Name |
Name of the ELB from which you want to deregister the specified instance. |
| Instance ID |
ID of the instance that you want to deregister from the specified ELB. |
Output
The JSON output contains the status of whether or not the specified instance has been deregistered from the specified ELB.
Following image displays a sample output:
operation: Add Instance Tag
Input parameters
| Parameter |
Description |
| Instance ID |
ID of the instance to which you want to add a tag. |
| Tag Key |
Key for the tag that you want to add. |
| Value |
Value for the tag that you want to add. |
Output
The JSON output contains the status of whether or not the specified tag has been added to the specified instance.
Following image displays a sample output:
operation: Add Network ACL Rule
Input parameters
| Parameter |
Description |
| Network ID |
ID of the network in which you want to add the ACL rule. |
| Egress Rule |
Select either Inbound_Rule or Outbound_Rule. |
| IP Address |
IP address of the network in which you want to add the ACL rule. |
| Rule Action |
Action that the rule must perform.
Choose between DENY or ALLOW. |
| Rule Number |
Position of where the rule must be placed in the ACL rules. |
Output
The JSON output contains the status of whether or not the ACL rule is added to the specified network.
Following image displays a sample output:
operation: Get User Details
Input parameters
| Parameter |
Description |
| User Name |
Name of the user for who you want to retrieve details. |
Output
The JSON output retrieves details of the user from AWS, based on the username that you have specified.
Following image displays a sample output:
Included playbooks
The Sample - AWS EC2 - 1.0.0 playbook collection comes bundled with the AWS EC2 connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS EC2 connector.
- Attach Instance To Auto Scaling Group
- Add Network ACL Rule
- Add Security Group to Instance
- Add Instance Tag
- Attach Volume
- Capture Volume Snapshot
- Delete Volume
- Detach Instance From Auto Scaling Group
- Deregister Instance from ELB
- Detach Volume
- Get AMIs Detail
- Get Instance Details
- Get User Details
- Instance API Termination
- Launch Instance
- Register Instance To ELB
- Start Instance
- Stop Instance
- Terminate Instance
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
