terraform-provider-fortios icon indicating copy to clipboard operation
terraform-provider-fortios copied to clipboard

Published 20 hours ago verified publisher icon fortinetdev

AWS SDN Connector

Open waleedrady opened this issue 4 years ago • 1 comments

Hello,

When I try to create an AWS SDN Connector I get this error

"Error creating SystemSdnConnector resource: Forbidden - Request is missing CSRF token or administrator is missing access profile permissions (403)"

the API user have super admin rights

provider "fortios" { hostname = "host:port" token = "xxxxxxxxx" insecure = "true" alias = "Global" }

resource "fortios_system_sdnconnector" "aws_sdn" { provider = fortios.Global status = "enable" type = "aws" access_key = "-----------" secret_key = "---------------------" region = "us-east-1" }

waleedrady avatar May 01 '21 15:05 waleedrady

Hi @waleedrady Thank you for submitting this. I failed to reproduce the problem. Looks like that the name argument is missing in your fortios_system_sdnconnector resource. Can you please provide your FortiGate firemware version (GUI: Dashboard->Status->System Information->Fireware or CLI: get system status->Version) ? The following are the steps that I successfully deployed on FortiOS 6.4.2 for your reference:

Validation:

provider "fortios" {
  hostname = "192.168.52.177"
  insecure = "true"
  token    = "GNH7r40H65GNb46kd4rG8rtrmn0fr1"
}

resource "fortios_system_sdnconnector" "aws_sdn" {
  name       = "aws-test-connect"   #<==================
  status     = "enable"
  type       = "aws"
  access_key = "AKIAIOSFODNN7EXAMPLE"
  secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
  region     = "us-east-1"
}

# terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # fortios_system_sdnconnector.aws_sdn will be created
  + resource "fortios_system_sdnconnector" "aws_sdn" {
      + access_key            = (sensitive value)
      + azure_region          = (known after apply)
      + client_id             = (known after apply)
      + compartment_id        = (known after apply)
      + compute_generation    = (known after apply)
      + domain                = (known after apply)
      + dynamic_sort_subtable = "false"
      + gcp_project           = (known after apply)
      + group_name            = (known after apply)
      + ha_status             = (known after apply)
      + ibm_region            = (known after apply)
      + id                    = (known after apply)
      + login_endpoint        = (known after apply)
      + name                  = "aws-test-connect"
      + oci_cert              = (known after apply)
      + oci_fingerprint       = (known after apply)
      + oci_region            = (known after apply)
      + oci_region_type       = (known after apply)
      + password              = (sensitive value)
      + private_key           = (sensitive value)
      + region                = "us-east-1"
      + resource_group        = (known after apply)
      + resource_url          = (known after apply)
      + secret_key            = (sensitive value)
      + secret_token          = (sensitive value)
      + server                = (known after apply)
      + server_port           = (known after apply)
      + service_account       = (known after apply)
      + status                = "enable"
      + subscription_id       = (known after apply)
      + tenant_id             = (known after apply)
      + type                  = "aws"
      + update_interval       = (known after apply)
      + use_metadata_iam      = (known after apply)
      + user_id               = (known after apply)
      + username              = (known after apply)
      + vcenter_server        = (known after apply)
      + vcenter_username      = (known after apply)
      + vpc_id                = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

fortios_system_sdnconnector.aws_sdn: Creating...
fortios_system_sdnconnector.aws_sdn: Creation complete after 0s [id=aws-test-connect]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

# terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

fortios_system_sdnconnector.aws_sdn: Refreshing state... [id=aws-test-connect]

------------------------------------------------------------------------

No changes. Infrastructure is up-to-date.

This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.


Labfirewall (sdn-connector) # show
config system sdn-connector
    edit "aws-test-connect"
        set access-key "AKIAIOSFODNN7EXAMPLE"
        set secret-key ENC aun4XgGBLeZZ3prQBzcVswfnADw23TNjgbRu8EL6zJPF9zrRMoY9dwo+q3GC0+DBFDA1zvsWxCjyxYbZCYN+f86dc65I5HI10DXbH80ZCZmJkWz5cs8MnV+0LHyharfEFFYLuHbxeyKHW4Vr+1sdhO8+BrcUxWkSlHIEqVsACxLUvWLnWdA/RzqCxSLuo4kV27CNjw==
        set region "us-east-1"
    next
end

Thanks!

frankshen01 avatar May 06 '21 03:05 frankshen01

Hi all,

I will go ahead to close this case, please feel free to reopen it or another case if you still have questions.

Thanks, Maxx

MaxxLiu22 avatar Jul 07 '23 20:07 MaxxLiu22