Fortigate HA High Availability with 3 network ports

Hi,

I've been attempting to setup a High Availability pair of virtual Fortigate firewalls under AWS.

https://docs.fortinet.com/document/fortigate-public-cloud/7.6.0/aws-administration-guide/229470/deploying-fortigate-vm-active-passive-ha-aws-between-multiple-zones

From what I can gather the normal approach is to have 4 network ports to do this

WAN, LAN, HA, Management.

However I've been attempting to set this up on a c6in.large image which is limited to 3 network ports (because c6in.xlarge is double the cost)

I nearly got this to work by avoiding the use of a management port and logging onto the secondary firewall using the virtual serial port via the EC2 Serial port console under AWS. This allowed me to setup both firewalls with ports for WAN, LAN, HA only.

I found that switching from the Primary to the Secondary works, but switching back from the Secondary to the Primary fails to call the AWS API calls to update the routing tables / elastic ips

Based on this link it's probably because I'm missing the management port

https://community.fortinet.com/t5/FortiGate-Cloud/Technical-Tip-Ensuring-Smooth-HA-A-P-FortiGate-Deployment-and/ta-p/288369

Does anyone know if there's a way to get this to work with just 3 network ports?

It seems as if there should be an option to tell the firewall which port to use to make the api calls, such as just fire them out the HA or WAN port for example.