aws_inspector: add note about AWS Permissions and Role ARN support

chemamartinez commented 5 days ago

Proposed commit message

inspector2:ListFindings is a required AWS permission for IAM users in order to avoid this error when enabling the Inspector data stream:

{\"message\":\"User: arn:aws:iam::123456789:user/service/elastic is not authorized to perform: inspector2:ListFindings on resource: arn:aws:inspector2:eu-west-1: 123456789:/findings/list\"}"

See https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoninspector2.html.

It also clarifies that Role ARN, which is a global setting for the AWS integration, is not supported for the Inspector data stream as it make requests to the Inspector API through HTTPJSON, while Role ARN is a setting for AWS-based inputs.

Checklist

[ ] I have reviewed tips for building integrations and this pull request is aligned with them.
[ ] I have verified that all data streams collect metrics or logs.
[ ] I have added an entry to my package's changelog.yml file.
[ ] I have verified that Kibana version constraints are current according to guidelines.
[ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices

elasticmachine commented 5 days ago

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

elastic-vault-github-plugin-prod[bot] commented 5 days ago

:rocket: Benchmarks report

Package `aws` :+1:(11) :green_heart:(3) :broken_heart:(5)

Expand to view

Data stream | Previous EPS | New EPS | Diff (%) | Result ----------- | ------------ | ------- | -------- | ------ `route53_resolver_logs` | 5128.21 | 4016.06 | -1112.15 (-21.69%) | :broken_heart: `vpcflow` | 7518.8 | 5235.6 | -2283.2 (-30.37%) | :broken_heart: `cloudwatch_logs` | 500000 | 333333.33 | -166666.67 (-33.33%) | :broken_heart: `elb_logs` | 5524.86 | 3968.25 | -1556.61 (-28.17%) | :broken_heart: `firewall_logs` | 3289.47 | 2659.57 | -629.9 (-19.15%) | :broken_heart:

To see the full report comment with /test benchmark fullreport