[AWS] Automated credentials creation flow #2062
Comments
|
@tinnytintin10 and @maxcold Regarding AWS part of the epic: elastic/kibana#175977, The ticket is ready (pending some last tests and will be merged). Currently, it supports creating only Direct Access Keys (not temporary ones). There are 2 (two) CloudFormation files, one for a single AWS account and one for an organization account. The URLs for CloudFormation files are similar to those of the AWS agent ones:
Example for 8.14.0: AWS Temporary Security CredentialsTemporary security credentials seem to be a bit more complex to implement. There is no direct way to implement them with CloudFormation. One way is to implement an AWS Lambda custom resource beforehand (that creates the credentials using the AWS SDK) and then trigger this lambda from CloudFormation. This scenario seems a bit difficult to implement since it requires creating the lambda on the target cloud before CloudFormation deployment. A second way (not verified) is to create the user and the role we need, then spin up an EC2, run AWS CLI commands inside of it, and perhaps destroy it (or not). Implementing temporary security credentials seems to require more effort because of each solution's complications, and the result does not seem to be assured. |
|
Hey @moukoublen / @oren-zohar does this issue relate to agentless epic? if so can you please assign to it the correct epic? |
The manual credentials flow for CSPM in AWS requires the user to create Direct Access Keys or Temporary Keys manually.
Based on elastic/kibana#175977, this task is for creating CloudFormation script that generates those credentials.
The text was updated successfully, but these errors were encountered: