Skip to content

[Cloud Security Posture] Add cloud connector support for Asset Discovery Integration #13992

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

Omolola-Akinleye
Copy link
Contributor

@Omolola-Akinleye Omolola-Akinleye commented May 23, 2025

Proposed commit message

In This PR, we are adding cloud connector support for Asset Discovery Integration and enable Agentless agent to use the trusted Cloud Connector authorization flow. We are add configuration Cloud Connector configuration settings such as

  • External ID field - secret field used to assume role in Cloudbeat

  • Cloud Formation Template Url - link will create a cloud formatiion stack that generates Role ARN and External Id.

The Role ARN field and External Id fields will be used to assume the role and establish trust between Elastic and AWS.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Screenshots

@Omolola-Akinleye Omolola-Akinleye self-assigned this May 23, 2025
@Omolola-Akinleye Omolola-Akinleye added the enhancement New feature or request label May 23, 2025
@Omolola-Akinleye Omolola-Akinleye requested a review from a team as a code owner May 23, 2025 20:44
@elasticmachine
Copy link

elasticmachine commented May 23, 2025

💔 Build Failed

Failed CI Steps

History

cc @Omolola-Akinleye

@andrewkroh andrewkroh added Integration:cloud_asset_inventory Cloud Asset Discovery Team:Cloud Security Cloud Security team [elastic/cloud-security-posture] labels May 26, 2025
@moukoublen
Copy link
Member

moukoublen commented May 28, 2025

We'd also need the supports_cloud_connectors
on this file:
packages/cloud_asset_inventory/data_stream/asset_inventory/agent/stream/aws.yml.hbs

like this

      account_type: {{aws.account_type}}
      {{#if aws.supports_cloud_connectors}}
      supports_cloud_connectors: {{aws.supports_cloud_connectors}}
      {{/if}}

this is how the aws.supports_cloud_connectors from the manifest is propagated to the configuration that arrives to the cloudbeat.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
8.19 candidate enhancement New feature or request Integration:cloud_asset_inventory Cloud Asset Discovery Team:Cloud Security Cloud Security team [elastic/cloud-security-posture]
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants