[aws] Add support for external_id to datastreams fetching logs from S3 #13956
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🚀 Benchmarks reportPackage
|
| Data stream | Previous EPS | New EPS | Diff (%) | Result |
|---|---|---|---|---|
guardduty |
1132.5 | 847.46 | -285.04 (-25.17%) | 💔 |
securityhub_findings_full_posture |
1522.07 | 1206.27 | -315.8 (-20.75%) | 💔 |
To see the full report comment with /test benchmark fullreport
efd6
reviewed
Jun 1, 2025
packages/aws/changelog.yml
Outdated
| @@ -1,4 +1,9 @@ | |||
| # newer versions go on top | |||
| - version: "3.5.0" | |||
| changes: | |||
| - description: Add the external_id field to datastreams collecting data from S3. | |||
There was a problem hiding this comment.
Suggested change
| - description: Add the external_id field to datastreams collecting data from S3. | |
| - description: Add the `external_id` field to data streams collecting data from S3. |
packages/aws/manifest.yml
Outdated
| multi: false | ||
| required: false | ||
| show_user: false | ||
| description: External ID to use when assuming a role in another account. |
There was a problem hiding this comment.
Suggest adding text that links to the AWS documentation as we have in the input's documentation.
There was a problem hiding this comment.
@efd6 Added the link to the documentation, please review again.
💚 Build Succeeded
History
|
|
andrewkroh
added
Team:obs-ds-hosted-services
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
efd6
approved these changes
Jun 2, 2025
gpop63
approved these changes
Jun 5, 2025
|
Package aws - 3.5.0 containing this change is available at https://epr.elastic.co/package/aws/3.5.0/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed commit message
The PR adds an option to configure
external_idwhich will be used in conjunction with therole_arnfield to assume the role and establish trust between Elastic and AWS. The change is specifically for datastreams that collect logs from S3. For more info on the use of external ID and how it uses the Assume Role APIs, refer this.Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots