From 2cd6e10ca9273e62dd303eea1511e300847e0292 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Wed, 10 Dec 2025 13:09:32 -0500 Subject: [PATCH] Cloud connector 9.3 updates --- solutions/security/cloud/asset-disc-aws.md | 8 ++------ solutions/security/cloud/asset-disc-azure.md | 2 +- .../security/cloud/get-started-with-cspm-for-aws.md | 11 ++++------- .../security/cloud/get-started-with-cspm-for-azure.md | 2 +- .../get-started/cloud-connector-deployment.md | 6 ++---- 5 files changed, 10 insertions(+), 19 deletions(-) diff --git a/solutions/security/cloud/asset-disc-aws.md b/solutions/security/cloud/asset-disc-aws.md index 8ae3981736..b753bbc984 100644 --- a/solutions/security/cloud/asset-disc-aws.md +++ b/solutions/security/cloud/asset-disc-aws.md @@ -39,12 +39,8 @@ Two deployment technologies are available: agentless and agent-based. 7. Next, you’ll need to authenticate to AWS. The following methods are available: * Option 1: Cloud connector (recommended). {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` - * To use a pre-existing cloud connector for this deployment, select it under **Existing connection**. - * To use a new cloud connector: under **New connection**, expand the **Steps to assume role** section. Complete the instructions to generate a `Role ARN` and `External ID`; enter them in {{kib}}. - - ::::{important} - In order to use cloud connector for an AWS integration, your {{kib}} instance must be hosted on AWS. In other words, you must have chosen AWS hosting during {{kib}} setup. - :::: + * To use a pre-existing cloud connector for this deployment, select **Existing connection** then the cloud connector's name. + * To use a new cloud connector: under **New connection**, enter a **Cloud Connector Name**, then expand the **Steps to assume role** section. Complete the instructions to generate a `Role ARN` and `External ID`; enter them in {{kib}}. * Option 2: Direct access keys/CloudFormation. For **Preferred method**, select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the displayed instructions to automatically create the necessary credentials using CloudFormation. diff --git a/solutions/security/cloud/asset-disc-azure.md b/solutions/security/cloud/asset-disc-azure.md index f6e4126043..b4fcca2136 100644 --- a/solutions/security/cloud/asset-disc-azure.md +++ b/solutions/security/cloud/asset-disc-azure.md @@ -41,7 +41,7 @@ Two deployment technologies are available: agentless and agent-based. 7. Next, you’ll need to authenticate to Azure. The following methods are available: * Option 1: Cloud connector (recommended). {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` - Under **New connection**, expand the **Steps to create Managed User Identity in Azure** section. Complete the instructions to generate a `Client ID`, `Tenant ID`, and `Cloud Connector ID`, then enter them in {{kib}}. + Under **New connection**, enter a **Cloud Connector Name**, then expand the **Steps to create Managed User Identity in Azure** section. Complete the instructions to generate a `Client ID`, `Tenant ID`, and `Cloud Connector ID`, then enter them in {{kib}}. * Option 2: Azure Client ID with Client Secret. Provide a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to [Service principal with client secret](/solutions/security/cloud/asset-disc-azure.md#cad-azure-client-secret). 8. Once you’ve provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes. diff --git a/solutions/security/cloud/get-started-with-cspm-for-aws.md b/solutions/security/cloud/get-started-with-cspm-for-aws.md index db21286981..4c12c29733 100644 --- a/solutions/security/cloud/get-started-with-cspm-for-aws.md +++ b/solutions/security/cloud/get-started-with-cspm-for-aws.md @@ -20,14 +20,14 @@ This page explains how to start monitoring the security posture of your cloud as ## Requirements * Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to [CSPM privilege requirements](/solutions/security/cloud/cspm-privilege-requirements.md). * The CSPM integration is available to all {{ecloud}} users. On-premise deployments require an [appropriate subscription](https://www.elastic.co/pricing) level. -* CSPM supports only the AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. AWS GovCloud is only supported for agent-based deployments — agentless deployments do not work on this platform. Other government cloud platforms are not supported. To request support for other platforms, [open a GitHub issue](https://github.com/elastic/kibana/issues/new/choose). +* CSPM supports only the AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. AWS GovCloud is only supported for agent-based deployments—agentless deployments do not work on this platform. Other government cloud platforms are not supported. To request support for other platforms, [open a GitHub issue](https://github.com/elastic/kibana/issues/new/choose). * The user who gives the CSPM integration AWS permissions must be an AWS account `admin`. ## Set up CSPM for AWS [cspm-setup] -You can set up CSPM for AWS either by enrolling a single cloud account, or by enrolling an organization containing multiple accounts. Either way, first you will add the CSPM integration, then enable cloud account access. +You can set up CSPM for AWS either by enrolling a single cloud account, or by enrolling an organization containing multiple accounts. Either way, you must first add the CSPM integration, then enable cloud account access. Two deployment technologies are available: agentless and agent-based. @@ -50,12 +50,9 @@ Two deployment technologies are available: agentless and agent-based. 8. Next, you’ll need to authenticate to AWS. The following methods are available: * Option 1: Cloud connector (recommended). {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` - * To use a pre-existing cloud connector for this deployment, select it under **Existing connection**. - * To use a new cloud connector: under **New connection**, expand the **Steps to assume role** section. Complete the instructions to generate a `Role ARN` and `External ID`; enter them in {{kib}}. + * To use a pre-existing cloud connector for this deployment, select **Existing connection** then the cloud connector's name. + * To use a new cloud connector: under **New connection**, enter a **Cloud Connector Name**, then expand the **Steps to assume role** section. Complete the instructions to generate a `Role ARN` and `External ID`; enter them in {{kib}}. - ::::{important} - In order to use cloud connector for an AWS integration, your {{kib}} instance must be hosted on AWS. In other words, you must have chosen AWS hosting during {{kib}} setup. - :::: * Option 2: Direct access keys/CloudFormation. For **Preferred method**, select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the instructions to automatically create the necessary credentials using CloudFormation. diff --git a/solutions/security/cloud/get-started-with-cspm-for-azure.md b/solutions/security/cloud/get-started-with-cspm-for-azure.md index f6ed716566..9885c64c16 100644 --- a/solutions/security/cloud/get-started-with-cspm-for-azure.md +++ b/solutions/security/cloud/get-started-with-cspm-for-azure.md @@ -53,7 +53,7 @@ The following deployment technologies are available: agentless and agent-based. 8. Next, you’ll need to authenticate to Azure. The following methods are available: * Option 1: Cloud connector (recommended). {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` - Under **New connection**, expand the **Steps to create Managed User Identity in Azure** section. Complete the instructions to generate a `Client ID`, `Tenant ID`, and `Cloud Connector ID`, then enter them in {{kib}}. + Under **New connection**, enter a **Cloud Connector Name**, then expand the **Steps to create Managed User Identity in Azure** section. Complete the instructions to generate a `Client ID`, `Tenant ID`, and `Cloud Connector ID`, then enter them in {{kib}}. * Option 2: Azure Client ID with Client Secret. Provide a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to [Service principal with client secret](/solutions/security/cloud/get-started-with-cspm-for-azure.md#cspm-azure-client-secret). diff --git a/solutions/security/get-started/cloud-connector-deployment.md b/solutions/security/get-started/cloud-connector-deployment.md index afa24433f5..1f626f864f 100644 --- a/solutions/security/get-started/cloud-connector-deployment.md +++ b/solutions/security/get-started/cloud-connector-deployment.md @@ -12,13 +12,11 @@ Cloud connector authentication for agentless integrations reduces the administra ## Where is cloud connector authentication supported? -At the current stage of this technical preview, a limited selection of cloud providers and integrations are supported. - -You can use cloud connector deployment to authenticate with AWS and Azure while deploying either Elastic's Cloud Security Posture Management (CSPM) or Asset Discovery integration. For deployment instructions, refer to: +Cloud connector authentication currently supports deployments of Elastic's Cloud Security Posture Management (CSPM) and Asset Discovery integrations to AWS and Azure. For deployment instructions, refer to: - Asset Discovery: [Asset Discovery on Azure](/solutions/security/cloud/asset-disc-azure.md); [Asset Discovery on AWS](/solutions/security/cloud/asset-disc-aws.md) - CSPM: [CSPM on Azure](/solutions/security/cloud/get-started-with-cspm-for-azure.md); [CSPM on AWS](/solutions/security/cloud/get-started-with-cspm-for-aws.md) ::::{important} -In order to use cloud connector for an AWS integration, your {{kib}} instance must be hosted on AWS. In other words, you must have chosen AWS hosting during {{kib}} setup. +To use cloud connector authentication for an AWS integration, your {{kib}} instance must be hosted on AWS. In other words, you must have chosen AWS hosting during {{kib}} setup. :::: \ No newline at end of file