From 14f60c0336afc9ef28de54705ec0a3781a9a0f30 Mon Sep 17 00:00:00 2001 From: Sean Rathier Date: Fri, 16 Jan 2026 10:59:40 -0500 Subject: [PATCH 1/6] var-groups: selection working --- packages/aws/changelog.yml | 5 +++++ packages/aws/manifest.yml | 42 ++++++++++++++++++++++++++++++++------ 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml index 3c0f24bf4cf..dc09338a1f9 100644 --- a/packages/aws/changelog.yml +++ b/packages/aws/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "6.0.0" + changes: + - description: Add var_groups for credential type selection with Cloud Connector support for agentless deployments. + type: enhancement + link: https://github.com/elastic/security-team/issues/15398 - version: "5.6.1" changes: - description: Fix Cloudtrail's Lambda event parsing of `vpcConfig.securityGroupIds` and `vpcConfig.subnetIds` fields. diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index 45bbbc6d9dd..8067e6b2b30 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -1,7 +1,7 @@ -format_version: 3.4.0 +format_version: 3.6.0 name: aws title: AWS -version: 5.6.1 +version: 6.0.0 description: Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent. type: integration categories: @@ -38,14 +38,14 @@ vars: title: Shared Credential File multi: false required: false - show_user: false + show_user: true description: Directory of the shared credentials file - name: credential_profile_name type: text title: Credential Profile Name multi: false required: false - show_user: false + show_user: true - name: access_key_id type: password title: Access Key ID @@ -72,13 +72,13 @@ vars: title: Role ARN multi: false required: false - show_user: false + show_user: true - name: external_id type: text title: External ID multi: false required: false - show_user: false + show_user: true description: External ID to use when assuming a role in another account, see [the AWS documentation for use of external IDs](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) - name: default_region type: text @@ -95,6 +95,34 @@ vars: required: false show_user: false description: URL to proxy connections in the form of http\[s\]://:@: +var_groups: + - name: credential_type + required: true + title: Setup Access + selector_title: Preferred method + options: + - name: direct_access_key + title: Direct Access Keys + vars: [access_key_id, secret_access_key] + - name: temporary_access_key + title: Temporary Access Keys + vars: [access_key_id, secret_access_key, session_token] + - name: cloud_connectors + title: Cloud Connector + vars: [role_arn, external_id] + hide_in_deployment_modes: [default] + provider: aws + iac_template_url: https://console.aws.amazon.com/cloudformation/home#/stacks/quickcreate?templateURL=https://elastic-cspm-cft.s3.eu-central-1.amazonaws.com/cloudformation-cloud-connectors-ACCOUNT_TYPE-9.2.0.yml¶m_ElasticResourceId=RESOURCE_ID + - name: assume_role + title: Assume Role + vars: [role_arn] + - name: assume_role_external_id + title: Assume Role with External ID + vars: [role_arn, external_id] + - name: shared_credentials + title: Shared Credentials + vars: [shared_credential_file, credential_profile_name] + hide_in_deployment_modes: [agentless] policy_templates: - name: awshealth title: AWS Health @@ -873,6 +901,8 @@ policy_templates: - type: aws-s3 title: Collect Amazon GuardDuty logs via AWS S3 or SQS description: Collecting Amazon GuardDuty logs via AWS S3 or SQS input. + hide_in_var_group_options: + credential_type: [cloud_connectors] screenshots: - src: /img/guardduty-findings-overview.png title: GuardDuty Findings Overview dashboard screenshot From dc1f3edccdc34906f88df9a6447dd5fad600c458 Mon Sep 17 00:00:00 2001 From: Sean Rathier Date: Fri, 23 Jan 2026 10:26:42 -0500 Subject: [PATCH 2/6] up the kibana version --- packages/aws/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index 8067e6b2b30..b53c5148464 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -21,7 +21,7 @@ conditions: elastic: subscription: basic kibana: - version: "^8.19.4 || ^9.2.1" + version: "^9.4.0" screenshots: - src: /img/metricbeat-aws-overview.png title: metricbeat aws overview From dd663c662d871df279bf04a420810510d60c9492 Mon Sep 17 00:00:00 2001 From: Sean Rathier Date: Fri, 23 Jan 2026 11:37:36 -0500 Subject: [PATCH 3/6] Added backward compatibility --- packages/aws/changelog.yml | 2 +- packages/aws/manifest.yml | 43 +++++++------------------------------- 2 files changed, 9 insertions(+), 36 deletions(-) diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml index dc09338a1f9..b58b40ae6e7 100644 --- a/packages/aws/changelog.yml +++ b/packages/aws/changelog.yml @@ -1,5 +1,5 @@ # newer versions go on top -- version: "6.0.0" +- version: "5.6.2" changes: - description: Add var_groups for credential type selection with Cloud Connector support for agentless deployments. type: enhancement diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index b53c5148464..3e6454314c1 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.6.0 name: aws title: AWS -version: 6.0.0 +version: 5.6.2 description: Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent. type: integration categories: @@ -21,7 +21,7 @@ conditions: elastic: subscription: basic kibana: - version: "^9.4.0" + version: "^8.19.4 || ^9.2.1" screenshots: - src: /img/metricbeat-aws-overview.png title: metricbeat aws overview @@ -38,14 +38,14 @@ vars: title: Shared Credential File multi: false required: false - show_user: true + show_user: false description: Directory of the shared credentials file - name: credential_profile_name type: text title: Credential Profile Name multi: false required: false - show_user: true + show_user: false - name: access_key_id type: password title: Access Key ID @@ -66,19 +66,19 @@ vars: secret: true multi: false required: false - show_user: true + show_user: false - name: role_arn type: text title: Role ARN multi: false required: false - show_user: true + show_user: false - name: external_id type: text title: External ID multi: false required: false - show_user: true + show_user: false description: External ID to use when assuming a role in another account, see [the AWS documentation for use of external IDs](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) - name: default_region type: text @@ -95,34 +95,7 @@ vars: required: false show_user: false description: URL to proxy connections in the form of http\[s\]://:@: -var_groups: - - name: credential_type - required: true - title: Setup Access - selector_title: Preferred method - options: - - name: direct_access_key - title: Direct Access Keys - vars: [access_key_id, secret_access_key] - - name: temporary_access_key - title: Temporary Access Keys - vars: [access_key_id, secret_access_key, session_token] - - name: cloud_connectors - title: Cloud Connector - vars: [role_arn, external_id] - hide_in_deployment_modes: [default] - provider: aws - iac_template_url: https://console.aws.amazon.com/cloudformation/home#/stacks/quickcreate?templateURL=https://elastic-cspm-cft.s3.eu-central-1.amazonaws.com/cloudformation-cloud-connectors-ACCOUNT_TYPE-9.2.0.yml¶m_ElasticResourceId=RESOURCE_ID - - name: assume_role - title: Assume Role - vars: [role_arn] - - name: assume_role_external_id - title: Assume Role with External ID - vars: [role_arn, external_id] - - name: shared_credentials - title: Shared Credentials - vars: [shared_credential_file, credential_profile_name] - hide_in_deployment_modes: [agentless] + policy_templates: - name: awshealth title: AWS Health From 6be60311b2d3bf9075d58b0e6090d654cda45d22 Mon Sep 17 00:00:00 2001 From: Sean Rathier Date: Fri, 23 Jan 2026 11:39:54 -0500 Subject: [PATCH 4/6] oops --- packages/aws/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index 3e6454314c1..99307fea544 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -66,7 +66,7 @@ vars: secret: true multi: false required: false - show_user: false + show_user: true - name: role_arn type: text title: Role ARN From 817f4672f4cb5b3bd982cb2c09b23ca717192da0 Mon Sep 17 00:00:00 2001 From: Sean Rathier Date: Fri, 23 Jan 2026 11:40:17 -0500 Subject: [PATCH 5/6] oops --- packages/aws/manifest.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index 99307fea544..2af3ec21ab4 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -95,7 +95,6 @@ vars: required: false show_user: false description: URL to proxy connections in the form of http\[s\]://:@: - policy_templates: - name: awshealth title: AWS Health From ccc4eb5ab9172a61620dd44d830a771dd6c73613 Mon Sep 17 00:00:00 2001 From: Sean Rathier Date: Fri, 23 Jan 2026 11:42:00 -0500 Subject: [PATCH 6/6] added var groups again --- packages/aws/manifest.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index 2af3ec21ab4..3d63ec8a6a1 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -95,6 +95,34 @@ vars: required: false show_user: false description: URL to proxy connections in the form of http\[s\]://:@: +var_groups: + - name: credential_type + required: true + title: Setup Access + selector_title: Preferred method + options: + - name: cloud_connectors + title: Cloud Connector + vars: [role_arn, external_id] + hide_in_deployment_modes: [default] + provider: aws + iac_template_url: https://console.aws.amazon.com/cloudformation/home#/stacks/quickcreate?templateURL=https://elastic-cspm-cft.s3.eu-central-1.amazonaws.com/cloudformation-cloud-connectors-ACCOUNT_TYPE-9.2.0.yml¶m_ElasticResourceId=RESOURCE_ID + - name: direct_access_key + title: Direct Access Keys + vars: [access_key_id, secret_access_key] + - name: temporary_access_key + title: Temporary Access Keys + vars: [access_key_id, secret_access_key, session_token] + - name: assume_role + title: Assume Role + vars: [role_arn] + - name: assume_role_external_id + title: Assume Role with External ID + vars: [role_arn, external_id] + - name: shared_credentials + title: Shared Credentials + vars: [shared_credential_file, credential_profile_name] + hide_in_deployment_modes: [agentless] policy_templates: - name: awshealth title: AWS Health