Closed alaudazzi closed 5 months ago
@zmoog While testing the procedure you drafted in https://github.com/zmoog/public-notes/issues/80, I created this draft PR to check how this fits within the overall doc structure.
Note about the drawings: I find them really cool and very useful, however, I'm not sure about the accessibility/readability of the font.
I went through the steps and we might want to clarify the following points:
InsufficientEncryptionPolicyException
Insufficient permissions to access S3 bucket aws-cloudtrail-logs-627286350134-b09fb06a or KMS key arn:aws:kms:eu-north-1:627286350134:key/38ce7701-5485-4275-827a-c853d7cb1b61.
Note about the drawings: I find them really cool and very useful, however, I'm not sure about the accessibility/readability of the font.
Good point! I'll review the ones who survive the edits from this perspective.
how to use the AWS KMS alias. Without that, you cannot move to the next panel.
Got it.
I edited that section in the issue thread so clarify what's expected from the user at that point.
Encryption options When exporting data from CloudTrail to S3, it is recommended to enable "Log file SSE-KMS encryption". You can pick your > preferred option using an existing or creating a new AWS KMS key.
Novice users can probably opt for creating a new key for simplicity. More experienced user probably have their opinions and maybe event company policy mandating how to set up AWS KMS keys and probably don't need much guidance.
Content finalized with https://github.com/elastic/observability-docs/pull/3823. Closing.
Description
Add a new section on how to collect CloudTrail events and send them to an Elastic Cloud deployment using Amazon Data Firehose.
Resources
Initial content has been drafted in https://github.com/zmoog/public-notes/issues/80. The procedure needs to be tested.
Which documentation set does this change impact?
Stateful and Serverless
Feature differences
None
What release is this request related to?
N/A
Collaboration model
The documentation team
Point of contact.
@zmoog