{"id":13719173,"url":"https://github.com/fortinet/aws-cloudformation-resource-provider","last_synced_at":"2025-05-07T11:31:17.632Z","repository":{"id":89526218,"uuid":"215657156","full_name":"fortinet/aws-cloudformation-resource-provider","owner":"fortinet","description":"AWS CloudFormation Resource Provider","archived":false,"fork":false,"pushed_at":"2019-11-18T22:15:38.000Z","size":273,"stargazers_count":3,"open_issues_count":1,"forks_count":2,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-11-14T08:35:48.437Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fortinet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-10-16T22:41:52.000Z","updated_at":"2024-01-16T19:53:23.000Z","dependencies_parsed_at":"2023-05-04T00:05:53.689Z","dependency_job_id":null,"html_url":"https://github.com/fortinet/aws-cloudformation-resource-provider","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fortinet%2Faws-cloudformation-resource-provider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fortinet%2Faws-cloudformation-resource-provider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fortinet%2Faws-cloudformation-resource-provider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fortinet%2Faws-cloudformation-resource-provider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fortinet","download_url":"https://codeload.github.com/fortinet/aws-cloudformation-resource-provider/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252868744,"owners_count":21816919,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T01:00:43.775Z","updated_at":"2025-05-07T11:31:17.182Z","avatar_url":"https://github.com/fortinet.png","language":"Java","funding_links":[],"categories":["Third Party Resource Types"],"sub_categories":["Hooks"],"readme":"# Introduction\nForitGate CloudFormation resources allow you to interact with components of the FortiGate API through AWS CloudFormation.\n\n# Requirements\n* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)\n* FortiGate must have a public IP address that is reachable from the Internet.\n\n# Set up\n1. Install the `cfn` package.\n2. Download the ZIP file for the required resource from S3.\n    The Following resources are currently availble:\n    [Create an Admin user](https://cloudformation-resource-provider.s3-us-west-2.amazonaws.com/fortinet-fortigate-systemadmin.zip)\u003cbr\u003e\n    [Create a Vlan interface](https://cloudformation-resource-provider.s3-us-west-2.amazonaws.com/fortinet-fortigate-systeminterface.zip)\u003cbr\u003e\n    [Update DNS](https://cloudformation-resource-provider.s3-us-west-2.amazonaws.com/fortinet-fortigate-systemdns.zip)\u003cbr\u003e\n3. Locate the downloaded package and upload it to AWS CloudFormation using the command:\n   ```sh\n   cfn submit -v --region \u003cregion\u003e\n   ```\n4. Use the token output to monitor the registration process:\n   ```sh\n   aws cloudformation describe-type-registration --registration-token \u003ctoken\u003e\n   ```\n5. Once the registration is marked as complete you will be able to view the resource in your respective region.\n6. Example CloudFormation Templates are available in the [Templates folder](./CloudFormationTemplates). These will provide a starting point for the resource used in CloudFormation.\n\n\n# The API key\nIn order to use the custom FortiGate CloudFormation resources you will need to set up an API key on the FortiGate.\n\n## Create an Administrator profile\n1. Log in to your FortiGate.\n2. Select **System \u003e Admin Profiles \u003e Create new**.\n3. Populate the fields as show in the image:\u003cbr\u003e\n   ![FortiOS Admin Profile](./imgs/APIProfileExample.png)\n4. Click **OK**.\n\n## Create the REST API Admin\n1. Select **System \u003e Administrators \u003e Create new \u003e REST API Admin**.\n2. Use the **Administrtor Profile** you created.\n3. Add these **Trusted Hosts**:\n   * 63.0.0.0/3\n   * 64.0.0.0/2\n   * 128.0.0.0/1\n   \u003e **Note:** The 0.0.0.0/0 range is not supported. A call may come from many different AWS IP addresses. A full list of AWS ranges is available [here](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html).\n4. Click **OK**.\n\n# Usage\nTo use a resource in AWS CloudFormation you will need to supply the required parameters. A resource schema can be viewed from the registry in AWS CloudFormation.\n\nEach FortiGate resource requires an API key and a FortiGate IP address or hostname.\nDynamic secrets are not currently supported.\n\n1. In the AWS console, click **Services \u003e Management \u0026 Governance \u003e CloudFormation**.\n2. Click **Create Stack**.\n3. Upload your CloudFormation Template. Examples can be found [here](./CloudFormationTemplates).\n4. Specify the required parameters as shown in the image:\u003cbr\u003e\n![FortiOS Security Fabric Automation Screenshot](./imgs/CloudFormationExample.png)\n\n# Troubleshooting\n A Log group in CloudWatch is automatically created when submitting the resource. To locate it, look in CloudWatch under the resource name.\n\nFollowing are potential errors that may be returned by the FortiGate:\n* 400 : Bad Request: Request cannot be processed by the AP\n* 401 : Not Authorized: Request without successful login session\n* 403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.\n* 404 : Resource Not Found: Unable to find the specified resource.\n* 405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.\n* 424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value.\n\nFurther troubleshooting can be done by logging into the FortiGate via `ssh` and entering the following commands:\n```\ndiagnose debug enable\n\ndiagnose debug application httpsd -1\n```\nThis will print debugging information when an API request is made.\n\n# Support\nFortinet-provided scripts in this and other GitHub projects do not fall under the regular Fortinet technical support scope and are not supported by FortiCare Support Services.\nFor direct issues, please refer to the [Issues](https://github.com/fortinet/azure-security-group-update/issues) tab of this GitHub project.\nFor other questions related to this project, contact [github@fortinet.com](mailto:github@fortinet.com).\n\n## License\n[License](./LICENSE) © Fortinet Technologies. All rights reserved.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffortinet%2Faws-cloudformation-resource-provider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffortinet%2Faws-cloudformation-resource-provider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffortinet%2Faws-cloudformation-resource-provider/lists"}