Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Security implications

It is highly recommended that you create a dedicated AWS IAM role to run this Lambda function. The role should have limited permissions in order to restrict operation on a dedicated S3 bucket resource for this project only.

It is never suggested to attach a full control policy such as 'AmazonS3FullAccess', which has full permissions to all resources under your Amazon AWS account, to the role which runs the Lambda function. Allowing full-access permissions to all resources may put your resources at risk.

Following is a list of permissions required for the IAM role to run this project across the required AWS services:

AWS service

Permission

S3

ListBucket, HeadBucket, GetObject, PutObject, PutObjectAcl

DynamoDB

DescribeStream, ListStreams, Scan, GetShardIterator, GetRecords, UpdateItem

Resources

Security implications

It is highly recommended that you create a dedicated AWS IAM role to run this Lambda function. The role should have limited permissions in order to restrict operation on a dedicated S3 bucket resource for this project only.

It is never suggested to attach a full control policy such as 'AmazonS3FullAccess', which has full permissions to all resources under your Amazon AWS account, to the role which runs the Lambda function. Allowing full-access permissions to all resources may put your resources at risk.

Following is a list of permissions required for the IAM role to run this project across the required AWS services:

AWS service

Permission

S3

ListBucket, HeadBucket, GetObject, PutObject, PutObjectAcl

DynamoDB

DescribeStream, ListStreams, Scan, GetShardIterator, GetRecords, UpdateItem