Skip to content

aws_inspector: add note about AWS Permissions and Role ARN support #11794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 0 commits into from
Nov 22, 2024
Merged

aws_inspector: add note about AWS Permissions and Role ARN support #11794

merged 0 commits into from
Nov 22, 2024

Conversation

chemamartinez
Copy link
Contributor

@chemamartinez chemamartinez commented Nov 20, 2024
edited
Loading

Proposed commit message

inspector2:ListFindings is a required AWS permission for IAM users in order to avoid this error when enabling the Inspector data stream:

{\"message\":\"User: arn:aws:iam::123456789:user/service/elastic is not authorized to perform: inspector2:ListFindings on resource: arn:aws:inspector2:eu-west-1: 123456789:/findings/list\"}"

See https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoninspector2.html.

It also clarifies that Role ARN, which is a global setting for the AWS integration, is not supported for the Inspector data stream as it make requests to the Inspector API through HTTPJSON, while Role ARN is a setting for AWS-based inputs.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@chemamartinez chemamartinez added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:aws AWS bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Nov 20, 2024
@chemamartinez chemamartinez self-assigned this Nov 20, 2024
@chemamartinez chemamartinez requested review from a team as code owners November 20, 2024 17:51
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@andrewkroh andrewkroh added the Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] label Nov 20, 2024
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 20, 2024
edited
Loading

🚀 Benchmarks report

Package aws 👍(11) 💚(3) 💔(5)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
route53_resolver_logs 5128.21 4016.06 -1112.15 (-21.69%) 💔
vpcflow 7518.8 5235.6 -2283.2 (-30.37%) 💔
cloudwatch_logs 500000 333333.33 -166666.67 (-33.33%) 💔
elb_logs 5524.86 3968.25 -1556.61 (-28.17%) 💔
firewall_logs 3289.47 2659.57 -629.9 (-19.15%) 💔

To see the full report comment with /test benchmark fullreport

efd6
efd6 reviewed Nov 20, 2024
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does need a changelog entry, otherwise it won't be presented to users in the visible documentation.

@chemamartinez chemamartinez requested a review from efd6 November 21, 2024 15:36
@efd6
Copy link
Contributor

efd6 commented Nov 21, 2024

/test

1 similar comment
@chemamartinez
Copy link
Contributor Author

/test

@elasticmachine
Copy link

💚 Build Succeeded

History

  • 💚 Build #18574 succeeded fb09f5ac0c32e4b54758fdb193e7aae34d038bb4
  • 💔 Build #18548 failed fb09f5ac0c32e4b54758fdb193e7aae34d038bb4
  • 💚 Build #18510 succeeded 0db3d97ca10ce6052097cddad05a0d79fb4c5e3d

cc @chemamartinez

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

kcreddy
kcreddy approved these changes Nov 22, 2024
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chemamartinez , you can remove the Note from the PR description since you have the changelog entry.

@chemamartinez chemamartinez merged commit 09bb3ab into elastic:main Nov 22, 2024
5 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package aws - 2.31.4 containing this change is available at https://epr.elastic.co/package/aws/2.31.4/

qcorporation pushed a commit that referenced this pull request Feb 3, 2025
@chemamartinez @flexitrev
aws_inspector: add note about AWS Permissions and Role ARN support (#…
c11ecb2 
…11794)

Warn about required permissions and role ARN setting in AWS Inspector docs.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@chemamartinez
aws_inspector: add note about AWS Permissions and Role ARN support (e…
5a2981b 
…lastic#11794)

Warn about required permissions and role ARN setting in AWS Inspector docs.
qcorporation pushed a commit that referenced this pull request Feb 4, 2025
@chemamartinez @flexitrev
aws_inspector: add note about AWS Permissions and Role ARN support (#…
49894fe 
…11794)

Warn about required permissions and role ARN setting in AWS Inspector docs.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@chemamartinez
aws_inspector: add note about AWS Permissions and Role ARN support (e…
a6e5e98 
…lastic#11794)

Warn about required permissions and role ARN setting in AWS Inspector docs.
@chemamartinez chemamartinez deleted the aws-inspector-docs-note branch February 6, 2025 10:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kcreddy kcreddy kcreddy approved these changes

@ShourieG ShourieG ShourieG approved these changes

@efd6 efd6 Awaiting requested review from efd6

Assignees

@chemamartinez chemamartinez

Labels
bugfix Pull request that fixes a bug issue documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:aws AWS Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@chemamartinez @elasticmachine @efd6 @kcreddy @ShourieG @andrewkroh