Skip to content

Commit

Permalink
Adjusted wording based on suggestions.
Browse files Browse the repository at this point in the history 
Signed-off-by: AWSHurneyt <[email protected]>
  • Loading branch information
@AWSHurneyt
AWSHurneyt committed Sep 26, 2024
1 parent 558da56 commit 532a3c6
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions _security-analytics/threat-intelligence/getting-started.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ Local files uploaded as the threat intelligence source must use the following sp

When using the `S3_SOURCE` as a remote store, the following connection information must be provided:

- **IAM Role ARN**: The Amazon Resource Name (ARN) for an AWS Identity and Access Management (IAM) role. Please note that, when using AWS OpenSearch Service, this role ARN needs to be in the same account as the OpenSearch domain. E.g.,
- **IAM Role ARN**: The Amazon Resource Name (ARN) for an AWS Identity and Access Management (IAM) role. Note that, when using AWS OpenSearch Service, this role ARN needs to be in the same account as the OpenSearch domain. E.g.,
1. Create a new role with a custom trust policy. The following example trust policy adds OpenSearch as a trusted entity.
```azure
{
Expand All @@ -70,7 +70,7 @@ When using the `S3_SOURCE` as a remote store, the following connection informati
```
2. Click the Next button to progress to the Permissions policies page, and add the `AmazonS3ReadOnlyAccess` permission.
3. Finish creation of the new role on the following page by providing a name, and description.
- **S3 bucket directory**: The name of the Amazon Simple Storage Service (Amazon S3) bucket in which the `STIX2` file is stored. To access an S3 bucket in a different AWS account, [see below](#configuring-cross-account-s3-bucket-connection).
- **S3 bucket directory**: The name of the Amazon Simple Storage Service (Amazon S3) bucket in which the `STIX2` file is stored. To access an S3 bucket in a different AWS account, see the [Configuring cross-account S3 bucket connection](#configuring-cross-account-s3-bucket-connection) section for more details.
- **Specify a file**: The object key for the `STIX2` file in the S3 bucket.
- **Region**: The AWS Region for the S3 bucket.

Expand All @@ -79,9 +79,9 @@ You can also set the **Download schedule**, which determines to where OpenSearch
Alternatively, you can check the **Download on demand** option, which prevents new data from the bucket from being automatically downloaded.

### Configuring cross-account S3 bucket connection
As mentioned [above](#s3_source-connection-information), the role ARN needs to be in the same account as the OpenSearch domain. The example trust policy in that step will allow the OpenSearch domain to download from S3 buckets within that same account.
As mentioned in the [S3_SOURCE connection information](#s3_source-connection-information) section, the role ARN needs to be in the same account as the OpenSearch domain. The example trust policy in that step will allow the OpenSearch domain to download from S3 buckets within that same account.

To download from an S3 bucket in another account, please note that the trust policy for that bucket needs to give your role ARN permission to read from the object. E.g.,
To download from an S3 bucket in another account, note that the trust policy for that bucket needs to give your role ARN permission to read from the object. E.g.,
```azure
{
"Version": "2012-10-17",
Expand Down

0 comments on commit 532a3c6

Please sign in to comment.