-
Notifications
You must be signed in to change notification settings - Fork 473
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security analytics plugin - added more details for S3 connection setup #8374
Security analytics plugin - added more details for S3 connection setup #8374
Conversation
Signed-off-by: AWSHurneyt <[email protected]>
Thank you for submitting your PR. The PR states are In progress (or Draft) -> Tech review -> Doc review -> Editorial review -> Merged. Before you submit your PR for doc review, make sure the content is technically accurate. If you need help finding a tech reviewer, tag a maintainer. When you're ready for doc review, tag the assignee of this PR. The doc reviewer may push edits to the PR directly or leave comments and editorial suggestions for you to address (let us know in a comment if you have a preference). The doc reviewer will arrange for an editorial review. |
Running the text changes by our team. Will remove from draft state once approved. Will need help from documentation team to confirm formatting is appropriate. |
Signed-off-by: AWSHurneyt <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>
…3.0-threat-intel-s3-setup
@Naarcha-AWS this PR is ready for review. Please feel free to adjust wording/formatting as needed. |
I don't think the CI failures are related to these changes, but let me know if there's a change I can make to fix them. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Let me try rerunning the job to see if that fixes it. |
Signed-off-by: AWSHurneyt <[email protected]>
Signed-off-by: Naarcha-AWS <[email protected]>
Signed-off-by: Naarcha-AWS <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One small point of clarification.
|
||
When using the AWS OpenSearch Service, using the following steps to add a new ARN role: | ||
|
||
1. Create a new role with a custom trust policy. The following example trust policy adds OpenSearch as a trusted entity: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@AWSHurneyt: Where does the procedure occur? The IAM console? If so, we might need to add steps similar to this section in the AWS documentation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html#roles-creatingrole-service-console).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Naarcha-AWS Yes, it would take place in the IAM console.
This step doesn't actually take place as part of the plugin experience; and isn't entirely unique to this plugin. Users were just having trouble creating a role that could be used for this feature, so we wanted to add some tips to our documentation.
We could link to the AWS documentation, or perhaps extract these steps into a sub-section. Whichever you think makes more sense. We do want to include the tips in our documentation though since this has been a pain point for a lot of users.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets link to reduce our general maintenance, while keeping the example policy below. Have a preference on where we should link to?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Naarcha-AWS would it make sense to reword the steps to something like the following? It calls out the configurations that are necessary for this feature while leaving explanation of the specific role creation steps to the AWS documentation.
- IAM Role ARN: The Amazon Resource Name (ARN) for an AWS Identity and Access Management (IAM) role. Note that, when using AWS OpenSearch Service, this role ARN needs to be in the same account as the OpenSearch domain. E.g.,
- Create a new role with a custom trust policy. The following example trust policy adds OpenSearch as a trusted entity.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "opensearchservice.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }
- Add the
AmazonS3ReadOnlyAccess
permission to the role. - For more information on creating a role, see the AWS documentation.
- Create a new role with a custom trust policy. The following example trust policy adds OpenSearch as a trusted entity.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would make sense. I'm going to keep the example as a separate section though, since the formatting can get temperamental with the code block underneath a subitem.
Signed-off-by: Naarcha-AWS <[email protected]>
Signed-off-by: Naarcha-AWS <[email protected]>
Signed-off-by: Naarcha-AWS <[email protected]>
Signed-off-by: Naarcha-AWS <[email protected]>
Signed-off-by: Naarcha-AWS <[email protected]>
Signed-off-by: Naarcha-AWS <[email protected]>
#8374) * Added more details to the s3 connection setup. Signed-off-by: AWSHurneyt <[email protected]> * Adjusted wording for cross-account bucket download. Signed-off-by: AWSHurneyt <[email protected]> * Created subsection for cross-account bucket download. Signed-off-by: AWSHurneyt <[email protected]> * Adjusted wording based on suggestions. Signed-off-by: AWSHurneyt <[email protected]> * Update getting-started.md Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> --------- Signed-off-by: AWSHurneyt <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> Co-authored-by: Naarcha-AWS <[email protected]> (cherry picked from commit 9c54d2c) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
#8374) * Added more details to the s3 connection setup. Signed-off-by: AWSHurneyt <[email protected]> * Adjusted wording for cross-account bucket download. Signed-off-by: AWSHurneyt <[email protected]> * Created subsection for cross-account bucket download. Signed-off-by: AWSHurneyt <[email protected]> * Adjusted wording based on suggestions. Signed-off-by: AWSHurneyt <[email protected]> * Update getting-started.md Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> --------- Signed-off-by: AWSHurneyt <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> Co-authored-by: Naarcha-AWS <[email protected]> (cherry picked from commit 9c54d2c) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Description
Added more details to the S3 connection setup section of the Security Analytics plugin threat intel feature.
Issues Resolved
Closes #[insert issue number]
Version
2.16+
Frontend features
If you're submitting documentation for an OpenSearch Dashboards feature, add a video that shows how a user will interact with the UI step by step. A voiceover is optional.
Checklist
For more information on following Developer Certificate of Origin and signing off your commits, please check here.