The following is an example of SDN connector configuration via the CLI:

config system sdn-connector
    edit "AWS_SDN"
        set use-metadata-iam disable
        set access-key "AXTNTW4N4STAJKLCCBR"
        set region "us-east-2"
        set vpc-id "vpc-0d6f8cf30292xut55"
    next
end

Verify the connection status using the following command:

FortiGate # diagnose sys sdn status
SDN Connector Type Status
-------------------------------------------------------------
AWS_SDN aws Down

Resolution:

1. Make sure the awsd process is running on FortiGate. Verify this with the following command to show the process ID:

diagnose sys process pidof awsd

2. Execute the following debug commands to check the error:

diagnose debug application awsd -1

diagnose debug enable

Output:

awsd sdn connector AWS_SDN start updating
aws curl response err, 401
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error></Errors><RequestID>95c54a8a-9
1bc-464e-bf8d-a2f61d5174ff</RequestID></Response>
aws access/secret key invalid
awsd sdn connector AWS_SDN failed to get instance list
awsd reap child pid: 14429
awsd sdn connector AWS_SDN prepare to update
awsd sdn connector AWS_SDN start updating
aws curl response err, 401

The error message above states that the Secret Access Key used is either incorrect or has a mismatch with the key configured on AWS.

Once this has been corrected, the connector will show as 'up'.

Related articles:

• SDN connector integration with AWS - FortiGate AWS administration guide
• Troubleshooting Tip: AWS SDN connector is failing to update dynamic objects