Fortinet black logo

AWS EC2 v2.0.0

Copy Link
Copy Doc ID e9e598d9-db46-4c59-973a-521f3ad86e79:1

About the connector

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage.

This document provides information about the AWS EC2 connector, which facilitates automated interactions, with AWS EC2 services using FortiSOAR™ playbooks. Add the AWS EC2 connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching a new instance, taking snapshots of volumes, detaching volumes and terminating an instance.

Version information

Connector Version: 2.0.0

FortiSOAR™ Version Tested on: 5.0.0-866

AWS EC2 Version Tested on: 2

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.0.0

Following enhancements have been made to the AWS EC2 connector in version 2.0.0:

  • Added the following new operations and playbooks:
    • Reboot Instance
    • Create Security Groups
    • Get Security Groups
    • Authorize Ingress
    • Authorize Egress
    • Revoke Egress
    • Revoke Ingress
    • Delete Security Groups

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-aws

Prerequisites to configuring the connector

  • You must know your account's AWS region that you will use to access AWS services and have the AWS access key ID and the AWS secret access key to access AWS services.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the AWS EC2 connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
AWS Region Your account's AWS region that you will use to access AWS services.
AWS Access Key ID ID of the AWS Access Key to access AWS services.
AWS Secret Access Key Key of the AWS Secret Access to access AWS services.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get AMIs Detail Retrieves details for all AMIs (Amazon Machine Images) or specific AMIs, based on input parameters you have specified, from AWS. get_ami_details
Miscellaneous
Launch Instance Launches a new instance on AWS having basic configuration based on the image ID, instance type, and other input parameters you have specified. launch_instance
Investigation
Get Instance Details Retrieves details for an instance you have specified, using the instance ID from AWS EC2. get_instance_info
Investigation
Start Instance Starts an instance you have specified using the instance ID on AWS EC2. start_instance
Miscellaneous
Stop Instance Stops an instance you have specified using the instance ID on AWS EC2. stop_instance
Miscellaneous
Reboot Instance Reboots an instance you have specified using the instance ID on AWS EC2. reboot_instance
Miscellaneous
Register Instance To ELB Registers an AWS EC2 instance to the elastic load balancing (ELB) service on AWS based on the ELB name and instance ID you have specified. register_instance
Miscellaneous
Attach Instance To Auto Scaling Group Attaches a running instance to the auto scaling group on AWS EC2 based on the auto scaling group name and instance ID (s) you have specified. attach_instance
Miscellaneous
Detach Instance From Auto Scaling Group Detaches an AWS EC2 instance from the auto scaling group on AWS EC2 based on the auto scaling group name and instance ID (s) you have specified. detach_instance
Miscellaneous
Instance API Termination Terminates an instance on AWS EC2 using the REST API, if you have enabled this operation based on the instance ID and action you have specified.
Important: This operation is not applicable for spot instance.
Terminate Instance Terminates an AWS EC2 instance you have specified using the instance ID. terminate_instance
Miscellaneous
Attach Volume Attaches a volume to an AWS EC2 instance based on the volume ID, Device Name, and instance ID you have specified. attach_volume
Miscellaneous
Capture Volume Snapshot Captures a snapshot of a volume on AWS EC2 based on the volume ID and volume description you have specified. get_snapshot_volume
Miscellaneous
Detach Volume Detaches a volume from an AWS EC2 instance based on the volume ID, Device Name, and instance ID you have specified. detach_volume
Remediation
Delete Volume Deletes a volume you have specified, using the volume ID. detach_volume
Remediation
Add Security Group to Instance Adds a security group to an AWS EC2 instance based on the security group name(s) or ID(s) and instance ID you have specified. add_group
Containment
Deregister Instance from ELB Deregisters an AWS EC2 instance from the elastic load balancing (ELB) service on AWS based on the ELB name and instance ID you have specified. deregister_instance
Containment
Add Instance Tag Adds a tag to an available AWS EC2 instance you have specified using the instance ID.
Note: Tags must be added in a key-value pair.
add_tag
Miscellaneous
Add Network ACL Rule Adds a rule to the network access control list (ACL) on AWS EC2 based on the network ID, egress rule, and other input parameters you have specified. add_rule
Containment
Get User Details Retrieves details for a user you have specified, using the username from AWS. get_user_info
Investigation
Create Security Groups Creates a new security group in the AWS EC2 service based on the group name and description you have specified. create_security_group
Containment
Get Security Groups Retrieves details of all security groups from the AWS EC2 service. get_security_groups
Investigation
Authorize Ingress Adds (authorizes) ingress rules to a security group on AWS EC2 based on the security group ID, CIDR IP value, and other input parameters you have specified. authorize_ingress
Containment
Authorize Egress Adds (authorizes) egress rules to a security group on AWS EC2 based on the security group ID, and IP permissions you have specified. authorize_egress
Containment
Revoke Egress Removes (revokes) egress rules from a security group on AWS EC2 based on the security group ID, and IP permissions you have specified. revoke_egress
Containment
Revoke Ingress Removes (revokes) ingress rules from a security group on AWS EC2 based on the security group ID, CIDR IP value, and other input parameters you have specified. revoke_ingress
Containment
Delete Security Groups Deletes a security group you have specified, using the security group ID. delete_security_group
Remediation

operation: Get AMIs Detail

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Image ID List of IDs of the AMIs whose details you want to retrieve from AWS EC2.
Executable Users List of AWS Account IDs of executable users(s) associated with the AMI(s) whose details you want to retrieve from AWS EC2.
Owners List of AWS Account IDs of owners associated with the AMI(s) whose details you want to retrieve from AWS EC2.
Filters List of filters based on which you want to retrieve details of AMIs from AWS EC2.

Output

The JSON output contains details for all AMIs from AWS.

The output contains the following populated JSON schema:
{
"Images": [
{

"Architecture": "",

"CreationDate": "",

"ImageId": "",

"ImageLocation": "",

"ImageType": "",
"Public": "",
"OwnerId": "",
"State": "",
"BlockDeviceMappings": [],
"Description": "",

"Hypervisor": "",
"Name": ""

"RootDeviceName": ""

"RootDeviceType": ""

"SriovNetSupport": ""
"VirtualizationType": ""
}
]

"ResponseMetadata": {

"RequestId": "",

"HTTPStatusCode": "",

"HTTPHeaders": {

"content-type": "",

"content-length": "",
"vary": "",

"date": "",

"server": "",

},

"RetryAttempts": ""

},
}

operation: Launch Instance

Input parameters

Parameter Description
Image ID ID of the AMI on which you want to launch a new instance. You can get the ID of an AMI using the Get AMIs Detail operation.
Instance Type Type of the instance that you want to launch on AWS EC2.
For example, t1.micro
Instance MaxCount Maximum number of instances to launch on AWS EC2.
If you specify a maximum that is greater than the maximum number of instances Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches the largest possible number of instances above MinCount.
Instance MinCount Minimum number of instances to launch on AWS EC2.
If you specify a minimum that is lesser than the minimum number of instances than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches no instances.
SubNet ID (Optional) ID of the subnet associated with the network string. You must specify this only if you are creating a network interface when launching an instance.
Device Name Name of the device. For example, /dev/sdh or xvdh.
Instance Delete on Termination Select this option if you want to delete the interface when the instance is terminated.
Security Group IDs (Optional) ID(s) of the security group(s) to be assigned to the newly launched instance on AWS EC2.
Purpose For Launch Instance (Optional) Purpose of launching the instance on AWS EC2.
Customer Name (Optional) Name of the customer for whom you are requesting the launch of the new instance on AWS EC2.
Terminate By Date (Optional) Date on which the instance will be terminated on AWS EC2.

Output

The JSON output contains the status of whether or not the requested instance has been launched successfully and the request ID that is used to launch the new instance on AWS.

The output contains the following populated JSON schema:
{
"InstanceId": "",
"ResponseMetadata": {
"HTTPHeaders": {
"vary": "",
"date": "",
"transfer-encoding": "",
"content-type": "",
"server": ""
},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
},
"InstanceType": {
"Value": ""
}
}

operation: Get Instance Details

Input parameters

Parameter Description
Instance ID ID of the instance for which you want to retrieve details from AWS EC2.

Output

The JSON output retrieves details of the instance from AWS, based on the instance ID that you have specified.

Following image displays a sample output:

The output contains the following populated JSON schema:
{
"Reservations": [
{
"Groups": [],
"Instances": [
{
"KeyName": "",
"State": {
"Code": "",
"Name": ""
},
"Hypervisor": "",
"SecurityGroups": [],
"AmiLaunchIndex": "",
"EnaSupport": "",
"ClientToken": "",
"LaunchTime": "",
"VirtualizationType": "",
"RootDeviceType": "",
"Architecture": "",
"EbsOptimized": "",
"RootDeviceName": "",
"NetworkInterfaces": [],
"ProductCodes": [],
"PrivateDnsName": "",
"ImageId": "",
"PublicDnsName": "",
"InstanceType": "",
"InstanceId": "",
"Monitoring": {
"State": ""
},
"StateReason": {
"Code": "",
"Message": ""
},
"StateTransitionReason": "",
"Placement": {
"GroupName": "",
"Tenancy": "",
"AvailabilityZone": ""
},
"BlockDeviceMappings": []
}
],
"ReservationId": "",
"OwnerId": "",
"RequesterId": ""
}
],
"ResponseMetadata": {
"HTTPHeaders": {
"vary": "",
"date": "",
"transfer-encoding": "",
"content-type": "",
"server": ""
},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Start Instance

Input parameters

Parameter Description
Instance ID ID of the instance that you want to start on AWS EC2.
Purpose (Optional) Purpose of starting the instance on AWS EC2.

Output

The JSON output contains the status of whether or not the specified instance has been started.

The output contains the following populated JSON schema:
{
"StartingInstances": [
{
"PreviousState": {
"Code": "",
"Name": ""
},
"InstanceId": "",
"CurrentState": {
"Code": "",
"Name": ""
}
}
],
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Stop Instance

Input parameters

Parameter Description
Instance ID ID of the instance that you want to stop on AWS EC2.

Output

The JSON output contains the status of whether or not the specified instance has been stopped.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
},
"StoppingInstances": [
{
"PreviousState": {
"Code": "",
"Name": ""
},
"InstanceId": "",
"CurrentState": {
"Code": "",
"Name": ""
}
}
]
}

operation: Reboot Instance

Input parameters

Parameter Description
Instance ID ID of the instance that you want to reboot on AWS EC2.

Output

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {
"transfer-encoding": "",
"vary": "",
"date": "",
"content-type": "",
"server": ""
},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Register Instance To ELB

Input parameters

Parameter Description
ELB Name Name of the ELB to which you want to register the specified instance on AWS EC2.
Instance ID ID of the instance that you want to register with the specified ELB on AWS EC2.

Output

The JSON output contains the status of whether or not the specified instance has been registered to the specified ELB.

The output contains the following populated JSON schema:
{
"Instances": [
{
"InstanceId": ""
},
{
"InstanceId": ""
}
],
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Attach Instance To Auto Scaling Group

Input parameters

Parameter Description
Auto Scaling Group Name Name of the auto scaling group to which you want to attach the specified instance on AWS EC2.
Instance IDs (In CSV Or List Format) ID(s) of the instance(s) that you want to attach to the specified auto scaling group using the CSV or list format on AWS EC2.

Output

The JSON output contains the status of whether or not the specified instance has been attached to the specified auto scaling group.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Detach Instance From Auto Scaling Group

Input parameters

Parameter Description
Auto Scaling Group Name Name of the auto scaling group from which you want to detach the specified instance on AWS EC2.
Instance IDs ID of the instance that you want to detach from the specified auto scaling group on AWS EC2.

Output

The JSON output contains the status of whether or not the specified instance has been detached from the specified auto scaling group.

The output contains the following populated JSON schema:
{
"Activities": [
{
"AutoScalingGroupName": "",
"StatusCode": "",
"Progress": "",
"Details": "",
"Cause": "",
"ActivityId": "",
"StartTime": "",
"Description": ""
}
],
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Instance API Termination

Input parameters

Parameter Description
Instance ID ID of the instance that you want to terminate on AWS EC2 using the REST API.
Select Action Specify Enable or Disable to either allow or disallow terminating an instance using the REST API.

Output

The JSON output contains the status of whether or not the specified instance has been terminated using the Amazon EC2 console, CLI, or API.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Terminate Instance

Input parameters

Parameter Description
Instance ID ID of the AWS EC2 instance that you want to terminate.

Output

The JSON output contains the status of whether or not the specified instance has been terminated.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
},
"TerminatingInstances": [
{
"PreviousState": {
"Code": "",
"Name": ""
},
"InstanceId": "",
"CurrentState": {
"Code": "",
"Name": ""
}
}
]
}

operation: Attach Volume

Input parameters

Parameter Description
Volume ID ID of the volume that you want to attach to the specified instance on AWS EC2.
Device Name Name (or full path) of the device on the specified instance on AWS EC2. For example, /dev/sdh or xvdh.
Instance ID ID of the instance to which you want to attach the specified volume on AWS EC2.

Output

The JSON output contains the status of whether or not the specified volume has been attached to the specified instance. Following image displays a sample output:

The output contains the following populated JSON schema:
{
"VolumeId": "",
"State": "",
"InstanceId": "",
"Device": "",
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"vary": "",
"date": "",
"transfer-encoding": "",
"content-type": "",
"server": ""
},
"RetryAttempts": "",
"RequestId": ""
},
"AttachTime": ""
}

operation: Capture Volume Snapshot

Input parameters

Parameter Description
Volume ID ID of the volume on AWS EC2 for which you want to capture a snapshot.
Volume Description Description of the snapshot.

Output

The JSON output contains the status of whether or not the snapshot for the specified volume has been captured.

The output contains the following populated JSON schema:
{
"VolumeId": "",
"State": "",
"SnapshotId": "",
"OwnerId": "",
"Encrypted": "",
"StartTime": "",
"ResponseMetadata": {}
}

operation: Detach Volume

Input parameters

Parameter Description
Volume ID ID of the volume that you want to detach from the specified instance on AWS EC2.
Device Name Name (or full path) of the device on the specified instance on AWS EC2. For example, /dev/sdh or xvdh.
Instance ID ID of the instance from which you want to detach the specified volume on AWS EC2.
Force to Detach Select this option if you want to forcefully detach the volume from the specified instance on AWS EC2.

Output

The JSON output contains the status of whether or not the specified volume has been detached from the specified instance.

The output contains the following populated JSON schema:
{
"VolumeId": "",
"State": "",
"InstanceId": "",
"Device": "",
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"vary": "",
"date": "",
"transfer-encoding": "",
"content-type": "",
"server": ""
},
"RetryAttempts": "",
"RequestId": ""
},
"AttachTime": ""
}

operation: Delete Volume

Input parameters

Parameter Description
Volume ID ID of the volume that you want to delete on AWS EC2.

Output

The JSON output contains the status of whether or not the specified volume has been deleted.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Add Security Group To Instance

Input parameters

Parameter Description
Instance ID ID of the instance that you want to add to the specified Security Group(s) on AWS EC2.
Security Group Name or ID (In CSV Or List Format) Name(s) or ID(s) of the Security Group(s) to which you want to add the specified instance on AWS EC2.
The Security Group ID(s) or Name(s) must be specified in the CSV or list format.
For example, ["default", "launch-wizard-3", "sg-9fc7dcf7"]

Output

The JSON output contains the status of whether or not the specified instance has been added to the specified Security Group(s).

The output contains the following populated JSON schema:
{
"Response": {
"ResponseMetadata": {}
}
}

operation: Deregister Instance from ELB

Input parameters

Parameter Description
ELB Name Name of the ELB from which you want to deregister the specified instance on AWS EC2.
Instance ID ID of the instance that you want to deregister from the specified ELB on AWS EC2.

Output

The JSON output contains the status of whether or not the specified instance has been deregistered from the specified ELB.

The output contains the following populated JSON schema:
{
"Instances": [],
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Add Instance Tag

Input parameters

Parameter Description
Instance ID ID of the AWS EC2 instance to which you want to add a tag.
Tag Key Key for the tag that you want to add.
Value Value for the tag that you want to add.

Output

The JSON output contains the status of whether or not the specified tag has been added to the specified instance.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Add Network ACL Rule

Input parameters

Parameter Description
Network ID ID of the network in which you want to add the ACL rule on AWS EC2.
Egress Rule Select either Inbound_Rule or Outbound_Rule.
IP Address IP address of the network in which you want to add the ACL rule on AWS EC2.
Rule Action Action that the rule must perform.
Choose between DENY or ALLOW.
Rule Number Position of where the rule must be placed in the ACL rules on AWS EC2.

Output

The JSON output contains the status of whether or not the ACL rule is added to the specified network.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"vary": "",
"date": "",
"transfer-encoding": "",
"content-type": "",
"server": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Get User Details

Input parameters

Parameter Description
Username Name of the user for whom you want to retrieve details from AWS.

Output

The JSON output retrieves details of the user from AWS, based on the username that you have specified.

The output contains the following populated JSON schema:
{
"UserID": "",
"CreateDate": "",
"MFADevices": "",
"UserName": "",
"UserPolicies": "",
"UserGroups": ""
}

operation: Create Security Groups

Input parameters

Parameter Description
Group Name Name of the new security group that you want to create on AWS EC2.
Description Description of the new security group that you want to create on AWS EC2.

Output

The output contains the following populated JSON schema:
{
"GroupId": "",
"ResponseMetadata": {
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"server": ""
},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Get Security Groups

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"SecurityGroups": [
{
"VpcId": "",
"OwnerId": "",
"IpPermissionsEgress": [
{
"IpRanges": [
{
"CidrIp": ""
}
],
"PrefixListIds": [],
"Ipv6Ranges": [],
"IpProtocol": "",
"UserIdGroupPairs": []
}
],
"GroupId": "",
"Description": "",
"GroupName": "",
"IpPermissions": [
{
"IpRanges": [
{
"CidrIp": ""
}
],
"PrefixListIds": [],
"Ipv6Ranges": [],
"IpProtocol": "",
"FromPort": "",
"ToPort": "",
"UserIdGroupPairs": []
}
]
}
],
"ResponseMetadata": {
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"vary": "",
"server": ""
},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Authorize Ingress

Input parameters

Parameter Description
Security Group ID ID of the security group ID on AWS EC2 in which you want to authorize (add) the ingress rule.
CIDR IP Value of the CIDR IP to be used for authorizing the ingress rule on AWS EC2.
From Port Starting port number.
To Port Ending port number.
IP Protocol IP Protocol that you want to use for authorizing the ingress rule. You can specify one of the following options: TCP, UDP, or ICMP.
Source Security Group Name (Optional) Name of the source security group.
Note: You cannot specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.
Source Security Group Owner ID (Optional) AWS account ID of the source security group, if the source security group is in a different account.
Note: You cannot specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.

Output

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"server": ""
},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Authorize Egress

Input parameters

Parameter Description
Security Group ID ID of the security group ID on AWS EC2 in which you want to authorize (add) egress rules.
IP Permissions IP permissions required to authorize egress rules.

Output

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"server": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Revoke Egress

Input parameters

Parameter Description
Security Group ID ID of the security group ID on AWS EC2 from which you want to revoke (remove) egress rules.
IP Permissions IP permissions required to revoke egress rules.

Output

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"server": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Revoke Ingress

Input parameters

Parameter Description
Security Group ID ID of the security group ID on AWS EC2 from which you want to revoke (remove) the ingress rule.
CIDR IP Value of the CIDR IP to be used for revoking the ingress rule on AWS EC2.
From Port Starting port number.
To Port Ending port number.
IP Protocol IP Protocol that you want to use for revoking the ingress rule. You can specify one of the following options: TCP, UDP, or ICMP.
Source Security Group Name (Optional) Name of the source security group.
Note: You cannot specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. For EC2-VPC, the source security group must be in the same VPC. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.
Source Security Group Owner ID (Optional) AWS account ID of the source security group, if the source security group is in a different account.
Note: You cannot specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.

Output

The output contains the following populated JSON schema:
{
"env": {},
"operation": "",
"data": {
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
&nbsnbsp; "server": ""
},
"RetryAttempts": "",
"RequestId": ""
}
},
"status": "",
"message": ""
}

operation: Delete Security Groups

Input parameters

Parameter Description
Security Group ID ID of the security group ID that you want to delete from AWS EC2.

Output

The output contains the following populated JSON schema:
{
"message": "",
"operation": "",
"data": {
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"server": ""
},
"RetryAttempts": "",
"RequestId": ""
}
},
"status": "",
"env": {}
}

Included playbooks

The Sample - AWS EC2 - 2.0.0 playbook collection comes bundled with the AWS EC2 connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS EC2 connector.

  • Add Instance Tag
  • Add Network ACL Rule
  • Add Security Group to Instance
  • Attach Instance To Auto Scaling Group
  • Attach Volume
  • Authorize Egress
  • Authorize Ingress
  • Capture Volume Snapshot
  • Create Security Groups
  • Delete Security Groups
  • Delete Volume
  • Deregister Instance from ELB
  • Detach Instance From Auto Scaling Group
  • Detach Volume
  • Get AMIs Detail
  • Get Instance Details
  • Get Security Groups
  • Get User Details
  • Instance API Termination
  • Launch Instance
  • Reboot Instance
  • Register Instance To ELB
  • Revoke Egress
  • Revoke Ingress
  • Start Instance
  • Stop Instance
  • Terminate Instance

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage.

This document provides information about the AWS EC2 connector, which facilitates automated interactions, with AWS EC2 services using FortiSOAR™ playbooks. Add the AWS EC2 connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching a new instance, taking snapshots of volumes, detaching volumes and terminating an instance.

Version information

Connector Version: 2.0.0

FortiSOAR™ Version Tested on: 5.0.0-866

AWS EC2 Version Tested on: 2

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.0.0

Following enhancements have been made to the AWS EC2 connector in version 2.0.0:

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-aws

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the AWS EC2 connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
AWS Region Your account's AWS region that you will use to access AWS services.
AWS Access Key ID ID of the AWS Access Key to access AWS services.
AWS Secret Access Key Key of the AWS Secret Access to access AWS services.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get AMIs Detail Retrieves details for all AMIs (Amazon Machine Images) or specific AMIs, based on input parameters you have specified, from AWS. get_ami_details
Miscellaneous
Launch Instance Launches a new instance on AWS having basic configuration based on the image ID, instance type, and other input parameters you have specified. launch_instance
Investigation
Get Instance Details Retrieves details for an instance you have specified, using the instance ID from AWS EC2. get_instance_info
Investigation
Start Instance Starts an instance you have specified using the instance ID on AWS EC2. start_instance
Miscellaneous
Stop Instance Stops an instance you have specified using the instance ID on AWS EC2. stop_instance
Miscellaneous
Reboot Instance Reboots an instance you have specified using the instance ID on AWS EC2. reboot_instance
Miscellaneous
Register Instance To ELB Registers an AWS EC2 instance to the elastic load balancing (ELB) service on AWS based on the ELB name and instance ID you have specified. register_instance
Miscellaneous
Attach Instance To Auto Scaling Group Attaches a running instance to the auto scaling group on AWS EC2 based on the auto scaling group name and instance ID (s) you have specified. attach_instance
Miscellaneous
Detach Instance From Auto Scaling Group Detaches an AWS EC2 instance from the auto scaling group on AWS EC2 based on the auto scaling group name and instance ID (s) you have specified. detach_instance
Miscellaneous
Instance API Termination Terminates an instance on AWS EC2 using the REST API, if you have enabled this operation based on the instance ID and action you have specified.
Important: This operation is not applicable for spot instance.
Terminate Instance Terminates an AWS EC2 instance you have specified using the instance ID. terminate_instance
Miscellaneous
Attach Volume Attaches a volume to an AWS EC2 instance based on the volume ID, Device Name, and instance ID you have specified. attach_volume
Miscellaneous
Capture Volume Snapshot Captures a snapshot of a volume on AWS EC2 based on the volume ID and volume description you have specified. get_snapshot_volume
Miscellaneous
Detach Volume Detaches a volume from an AWS EC2 instance based on the volume ID, Device Name, and instance ID you have specified. detach_volume
Remediation
Delete Volume Deletes a volume you have specified, using the volume ID. detach_volume
Remediation
Add Security Group to Instance Adds a security group to an AWS EC2 instance based on the security group name(s) or ID(s) and instance ID you have specified. add_group
Containment
Deregister Instance from ELB Deregisters an AWS EC2 instance from the elastic load balancing (ELB) service on AWS based on the ELB name and instance ID you have specified. deregister_instance
Containment
Add Instance Tag Adds a tag to an available AWS EC2 instance you have specified using the instance ID.
Note: Tags must be added in a key-value pair.
add_tag
Miscellaneous
Add Network ACL Rule Adds a rule to the network access control list (ACL) on AWS EC2 based on the network ID, egress rule, and other input parameters you have specified. add_rule
Containment
Get User Details Retrieves details for a user you have specified, using the username from AWS. get_user_info
Investigation
Create Security Groups Creates a new security group in the AWS EC2 service based on the group name and description you have specified. create_security_group
Containment
Get Security Groups Retrieves details of all security groups from the AWS EC2 service. get_security_groups
Investigation
Authorize Ingress Adds (authorizes) ingress rules to a security group on AWS EC2 based on the security group ID, CIDR IP value, and other input parameters you have specified. authorize_ingress
Containment
Authorize Egress Adds (authorizes) egress rules to a security group on AWS EC2 based on the security group ID, and IP permissions you have specified. authorize_egress
Containment
Revoke Egress Removes (revokes) egress rules from a security group on AWS EC2 based on the security group ID, and IP permissions you have specified. revoke_egress
Containment
Revoke Ingress Removes (revokes) ingress rules from a security group on AWS EC2 based on the security group ID, CIDR IP value, and other input parameters you have specified. revoke_ingress
Containment
Delete Security Groups Deletes a security group you have specified, using the security group ID. delete_security_group
Remediation

operation: Get AMIs Detail

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Image ID List of IDs of the AMIs whose details you want to retrieve from AWS EC2.
Executable Users List of AWS Account IDs of executable users(s) associated with the AMI(s) whose details you want to retrieve from AWS EC2.
Owners List of AWS Account IDs of owners associated with the AMI(s) whose details you want to retrieve from AWS EC2.
Filters List of filters based on which you want to retrieve details of AMIs from AWS EC2.

Output

The JSON output contains details for all AMIs from AWS.

The output contains the following populated JSON schema:
{
"Images": [
{

"Architecture": "",

"CreationDate": "",

"ImageId": "",

"ImageLocation": "",

"ImageType": "",
"Public": "",
"OwnerId": "",
"State": "",
"BlockDeviceMappings": [],
"Description": "",

"Hypervisor": "",
"Name": ""

"RootDeviceName": ""

"RootDeviceType": ""

"SriovNetSupport": ""
"VirtualizationType": ""
}
]

"ResponseMetadata": {

"RequestId": "",

"HTTPStatusCode": "",

"HTTPHeaders": {

"content-type": "",

"content-length": "",
"vary": "",

"date": "",

"server": "",

},

"RetryAttempts": ""

},
}

operation: Launch Instance

Input parameters

Parameter Description
Image ID ID of the AMI on which you want to launch a new instance. You can get the ID of an AMI using the Get AMIs Detail operation.
Instance Type Type of the instance that you want to launch on AWS EC2.
For example, t1.micro
Instance MaxCount Maximum number of instances to launch on AWS EC2.
If you specify a maximum that is greater than the maximum number of instances Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches the largest possible number of instances above MinCount.
Instance MinCount Minimum number of instances to launch on AWS EC2.
If you specify a minimum that is lesser than the minimum number of instances than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches no instances.
SubNet ID (Optional) ID of the subnet associated with the network string. You must specify this only if you are creating a network interface when launching an instance.
Device Name Name of the device. For example, /dev/sdh or xvdh.
Instance Delete on Termination Select this option if you want to delete the interface when the instance is terminated.
Security Group IDs (Optional) ID(s) of the security group(s) to be assigned to the newly launched instance on AWS EC2.
Purpose For Launch Instance (Optional) Purpose of launching the instance on AWS EC2.
Customer Name (Optional) Name of the customer for whom you are requesting the launch of the new instance on AWS EC2.
Terminate By Date (Optional) Date on which the instance will be terminated on AWS EC2.

Output

The JSON output contains the status of whether or not the requested instance has been launched successfully and the request ID that is used to launch the new instance on AWS.

The output contains the following populated JSON schema:
{
"InstanceId": "",
"ResponseMetadata": {
"HTTPHeaders": {
"vary": "",
"date": "",
"transfer-encoding": "",
"content-type": "",
"server": ""
},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
},
"InstanceType": {
"Value": ""
}
}

operation: Get Instance Details

Input parameters

Parameter Description
Instance ID ID of the instance for which you want to retrieve details from AWS EC2.

Output

The JSON output retrieves details of the instance from AWS, based on the instance ID that you have specified.

Following image displays a sample output:

The output contains the following populated JSON schema:
{
"Reservations": [
{
"Groups": [],
"Instances": [
{
"KeyName": "",
"State": {
"Code": "",
"Name": ""
},
"Hypervisor": "",
"SecurityGroups": [],
"AmiLaunchIndex": "",
"EnaSupport": "",
"ClientToken": "",
"LaunchTime": "",
"VirtualizationType": "",
"RootDeviceType": "",
"Architecture": "",
"EbsOptimized": "",
"RootDeviceName": "",
"NetworkInterfaces": [],
"ProductCodes": [],
"PrivateDnsName": "",
"ImageId": "",
"PublicDnsName": "",
"InstanceType": "",
"InstanceId": "",
"Monitoring": {
"State": ""
},
"StateReason": {
"Code": "",
"Message": ""
},
"StateTransitionReason": "",
"Placement": {
"GroupName": "",
"Tenancy": "",
"AvailabilityZone": ""
},
"BlockDeviceMappings": []
}
],
"ReservationId": "",
"OwnerId": "",
"RequesterId": ""
}
],
"ResponseMetadata": {
"HTTPHeaders": {
"vary": "",
"date": "",
"transfer-encoding": "",
"content-type": "",
"server": ""
},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Start Instance

Input parameters

Parameter Description
Instance ID ID of the instance that you want to start on AWS EC2.
Purpose (Optional) Purpose of starting the instance on AWS EC2.

Output

The JSON output contains the status of whether or not the specified instance has been started.

The output contains the following populated JSON schema:
{
"StartingInstances": [
{
"PreviousState": {
"Code": "",
"Name": ""
},
"InstanceId": "",
"CurrentState": {
"Code": "",
"Name": ""
}
}
],
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Stop Instance

Input parameters

Parameter Description
Instance ID ID of the instance that you want to stop on AWS EC2.

Output

The JSON output contains the status of whether or not the specified instance has been stopped.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
},
"StoppingInstances": [
{
"PreviousState": {
"Code": "",
"Name": ""
},
"InstanceId": "",
"CurrentState": {
"Code": "",
"Name": ""
}
}
]
}

operation: Reboot Instance

Input parameters

Parameter Description
Instance ID ID of the instance that you want to reboot on AWS EC2.

Output

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {
"transfer-encoding": "",
"vary": "",
"date": "",
"content-type": "",
"server": ""
},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Register Instance To ELB

Input parameters

Parameter Description
ELB Name Name of the ELB to which you want to register the specified instance on AWS EC2.
Instance ID ID of the instance that you want to register with the specified ELB on AWS EC2.

Output

The JSON output contains the status of whether or not the specified instance has been registered to the specified ELB.

The output contains the following populated JSON schema:
{
"Instances": [
{
"InstanceId": ""
},
{
"InstanceId": ""
}
],
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Attach Instance To Auto Scaling Group

Input parameters

Parameter Description
Auto Scaling Group Name Name of the auto scaling group to which you want to attach the specified instance on AWS EC2.
Instance IDs (In CSV Or List Format) ID(s) of the instance(s) that you want to attach to the specified auto scaling group using the CSV or list format on AWS EC2.

Output

The JSON output contains the status of whether or not the specified instance has been attached to the specified auto scaling group.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Detach Instance From Auto Scaling Group

Input parameters

Parameter Description
Auto Scaling Group Name Name of the auto scaling group from which you want to detach the specified instance on AWS EC2.
Instance IDs ID of the instance that you want to detach from the specified auto scaling group on AWS EC2.

Output

The JSON output contains the status of whether or not the specified instance has been detached from the specified auto scaling group.

The output contains the following populated JSON schema:
{
"Activities": [
{
"AutoScalingGroupName": "",
"StatusCode": "",
"Progress": "",
"Details": "",
"Cause": "",
"ActivityId": "",
"StartTime": "",
"Description": ""
}
],
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Instance API Termination

Input parameters

Parameter Description
Instance ID ID of the instance that you want to terminate on AWS EC2 using the REST API.
Select Action Specify Enable or Disable to either allow or disallow terminating an instance using the REST API.

Output

The JSON output contains the status of whether or not the specified instance has been terminated using the Amazon EC2 console, CLI, or API.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Terminate Instance

Input parameters

Parameter Description
Instance ID ID of the AWS EC2 instance that you want to terminate.

Output

The JSON output contains the status of whether or not the specified instance has been terminated.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
},
"TerminatingInstances": [
{
"PreviousState": {
"Code": "",
"Name": ""
},
"InstanceId": "",
"CurrentState": {
"Code": "",
"Name": ""
}
}
]
}

operation: Attach Volume

Input parameters

Parameter Description
Volume ID ID of the volume that you want to attach to the specified instance on AWS EC2.
Device Name Name (or full path) of the device on the specified instance on AWS EC2. For example, /dev/sdh or xvdh.
Instance ID ID of the instance to which you want to attach the specified volume on AWS EC2.

Output

The JSON output contains the status of whether or not the specified volume has been attached to the specified instance. Following image displays a sample output:

The output contains the following populated JSON schema:
{
"VolumeId": "",
"State": "",
"InstanceId": "",
"Device": "",
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"vary": "",
"date": "",
"transfer-encoding": "",
"content-type": "",
"server": ""
},
"RetryAttempts": "",
"RequestId": ""
},
"AttachTime": ""
}

operation: Capture Volume Snapshot

Input parameters

Parameter Description
Volume ID ID of the volume on AWS EC2 for which you want to capture a snapshot.
Volume Description Description of the snapshot.

Output

The JSON output contains the status of whether or not the snapshot for the specified volume has been captured.

The output contains the following populated JSON schema:
{
"VolumeId": "",
"State": "",
"SnapshotId": "",
"OwnerId": "",
"Encrypted": "",
"StartTime": "",
"ResponseMetadata": {}
}

operation: Detach Volume

Input parameters

Parameter Description
Volume ID ID of the volume that you want to detach from the specified instance on AWS EC2.
Device Name Name (or full path) of the device on the specified instance on AWS EC2. For example, /dev/sdh or xvdh.
Instance ID ID of the instance from which you want to detach the specified volume on AWS EC2.
Force to Detach Select this option if you want to forcefully detach the volume from the specified instance on AWS EC2.

Output

The JSON output contains the status of whether or not the specified volume has been detached from the specified instance.

The output contains the following populated JSON schema:
{
"VolumeId": "",
"State": "",
"InstanceId": "",
"Device": "",
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"vary": "",
"date": "",
"transfer-encoding": "",
"content-type": "",
"server": ""
},
"RetryAttempts": "",
"RequestId": ""
},
"AttachTime": ""
}

operation: Delete Volume

Input parameters

Parameter Description
Volume ID ID of the volume that you want to delete on AWS EC2.

Output

The JSON output contains the status of whether or not the specified volume has been deleted.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Add Security Group To Instance

Input parameters

Parameter Description
Instance ID ID of the instance that you want to add to the specified Security Group(s) on AWS EC2.
Security Group Name or ID (In CSV Or List Format) Name(s) or ID(s) of the Security Group(s) to which you want to add the specified instance on AWS EC2.
The Security Group ID(s) or Name(s) must be specified in the CSV or list format.
For example, ["default", "launch-wizard-3", "sg-9fc7dcf7"]

Output

The JSON output contains the status of whether or not the specified instance has been added to the specified Security Group(s).

The output contains the following populated JSON schema:
{
"Response": {
"ResponseMetadata": {}
}
}

operation: Deregister Instance from ELB

Input parameters

Parameter Description
ELB Name Name of the ELB from which you want to deregister the specified instance on AWS EC2.
Instance ID ID of the instance that you want to deregister from the specified ELB on AWS EC2.

Output

The JSON output contains the status of whether or not the specified instance has been deregistered from the specified ELB.

The output contains the following populated JSON schema:
{
"Instances": [],
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Add Instance Tag

Input parameters

Parameter Description
Instance ID ID of the AWS EC2 instance to which you want to add a tag.
Tag Key Key for the tag that you want to add.
Value Value for the tag that you want to add.

Output

The JSON output contains the status of whether or not the specified tag has been added to the specified instance.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Add Network ACL Rule

Input parameters

Parameter Description
Network ID ID of the network in which you want to add the ACL rule on AWS EC2.
Egress Rule Select either Inbound_Rule or Outbound_Rule.
IP Address IP address of the network in which you want to add the ACL rule on AWS EC2.
Rule Action Action that the rule must perform.
Choose between DENY or ALLOW.
Rule Number Position of where the rule must be placed in the ACL rules on AWS EC2.

Output

The JSON output contains the status of whether or not the ACL rule is added to the specified network.

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"vary": "",
"date": "",
"transfer-encoding": "",
"content-type": "",
"server": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Get User Details

Input parameters

Parameter Description
Username Name of the user for whom you want to retrieve details from AWS.

Output

The JSON output retrieves details of the user from AWS, based on the username that you have specified.

The output contains the following populated JSON schema:
{
"UserID": "",
"CreateDate": "",
"MFADevices": "",
"UserName": "",
"UserPolicies": "",
"UserGroups": ""
}

operation: Create Security Groups

Input parameters

Parameter Description
Group Name Name of the new security group that you want to create on AWS EC2.
Description Description of the new security group that you want to create on AWS EC2.

Output

The output contains the following populated JSON schema:
{
"GroupId": "",
"ResponseMetadata": {
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"server": ""
},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Get Security Groups

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"SecurityGroups": [
{
"VpcId": "",
"OwnerId": "",
"IpPermissionsEgress": [
{
"IpRanges": [
{
"CidrIp": ""
}
],
"PrefixListIds": [],
"Ipv6Ranges": [],
"IpProtocol": "",
"UserIdGroupPairs": []
}
],
"GroupId": "",
"Description": "",
"GroupName": "",
"IpPermissions": [
{
"IpRanges": [
{
"CidrIp": ""
}
],
"PrefixListIds": [],
"Ipv6Ranges": [],
"IpProtocol": "",
"FromPort": "",
"ToPort": "",
"UserIdGroupPairs": []
}
]
}
],
"ResponseMetadata": {
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"vary": "",
"server": ""
},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Authorize Ingress

Input parameters

Parameter Description
Security Group ID ID of the security group ID on AWS EC2 in which you want to authorize (add) the ingress rule.
CIDR IP Value of the CIDR IP to be used for authorizing the ingress rule on AWS EC2.
From Port Starting port number.
To Port Ending port number.
IP Protocol IP Protocol that you want to use for authorizing the ingress rule. You can specify one of the following options: TCP, UDP, or ICMP.
Source Security Group Name (Optional) Name of the source security group.
Note: You cannot specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.
Source Security Group Owner ID (Optional) AWS account ID of the source security group, if the source security group is in a different account.
Note: You cannot specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.

Output

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"server": ""
},
"HTTPStatusCode": "",
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Authorize Egress

Input parameters

Parameter Description
Security Group ID ID of the security group ID on AWS EC2 in which you want to authorize (add) egress rules.
IP Permissions IP permissions required to authorize egress rules.

Output

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"server": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Revoke Egress

Input parameters

Parameter Description
Security Group ID ID of the security group ID on AWS EC2 from which you want to revoke (remove) egress rules.
IP Permissions IP permissions required to revoke egress rules.

Output

The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"server": ""
},
"RetryAttempts": "",
"RequestId": ""
}
}

operation: Revoke Ingress

Input parameters

Parameter Description
Security Group ID ID of the security group ID on AWS EC2 from which you want to revoke (remove) the ingress rule.
CIDR IP Value of the CIDR IP to be used for revoking the ingress rule on AWS EC2.
From Port Starting port number.
To Port Ending port number.
IP Protocol IP Protocol that you want to use for revoking the ingress rule. You can specify one of the following options: TCP, UDP, or ICMP.
Source Security Group Name (Optional) Name of the source security group.
Note: You cannot specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. For EC2-VPC, the source security group must be in the same VPC. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.
Source Security Group Owner ID (Optional) AWS account ID of the source security group, if the source security group is in a different account.
Note: You cannot specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.

Output

The output contains the following populated JSON schema:
{
"env": {},
"operation": "",
"data": {
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
&nbsnbsp; "server": ""
},
"RetryAttempts": "",
"RequestId": ""
}
},
"status": "",
"message": ""
}

operation: Delete Security Groups

Input parameters

Parameter Description
Security Group ID ID of the security group ID that you want to delete from AWS EC2.

Output

The output contains the following populated JSON schema:
{
"message": "",
"operation": "",
"data": {
"ResponseMetadata": {
"HTTPStatusCode": "",
"HTTPHeaders": {
"content-length": "",
"date": "",
"content-type": "",
"server": ""
},
"RetryAttempts": "",
"RequestId": ""
}
},
"status": "",
"env": {}
}

Included playbooks

The Sample - AWS EC2 - 2.0.0 playbook collection comes bundled with the AWS EC2 connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS EC2 connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next