When adding the Amazon Web Services (AWS) account to the FortiCNP, you must follow these three
mandatory configuration steps:
Add AWS accounts through FortiCNP. This is the first step to enable cloud protection for your AWS
account. You can add one or multiple accounts automatically or manually. You need to provide the
AWS account ID and a name for the account. You also need to select the optional permissions to be
granted to FortiCNP as needed1.
Accept FortiCNP to create CloudTrail for the account. This is required for FortiCNP to collect and
analyze the AWS API calls and events. You can choose to let FortiCNP create a CloudTrail for the
account or use an existing one. You also need to specify the aggregation region for the CloudTrail1.
Launch the CloudFormation template. This is required for FortiCNP to create a stack and a role in
your AWS account. The stack contains the resources that FortiCNP needs to access and monitor your
AWS account. The role allows FortiCNP to assume it and perform actions on your behalf. You need to
enter a custom or default role name and a unique UUID that is designated for your company on
FortiCNP1.
Reference: Add AWS Account Automatically
https://docs.fortinet.com/document/forticnp/22.4.a/online-help/246021/add-aws-accountautomatically
