rough draft complete

gitName · gitName · commit b58cc5b66df4 · 2024-12-23T10:53:08.000-08:00
diff --git a/articles/api-center/includes/configure-managed-identity-kv-secret-user.md b/articles/api-center/includes/configure-managed-identity-kv-secret-user.md
@@ -42,16 +42,16 @@ To allow import of APIs, assign your API center's managed identity the **Key Vau
         --query "identity.principalId" --output tsv)
     ```
 
-1. Get the resource ID of your key vault using the [az apim show](/cli/azure/apim#az-apim-show) command. [UPDATE THIS COMMAND]
+1. Get the resource ID of your key vault using the [az keyvault show](/cli/azure/keyvault#az-keyvault-show) command.
  
     ```azurecli
     #! /bin/bash
-    kvID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query "id" --output tsv)
+    kvID=$(az keyvault show --name <kv-name> --resource-group <resource-group-name> --query "id" --output tsv)
     ```
 
     ```azurecli
     # Formatted for PowerShell
-    $kvID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query "id" --output tsv)
+    $kvID=$(az keyvault show --name <kv-name> --resource-group <resource-group-name> --query "id" --output tsv)
     ```
 
 1. Assign the managed identity the **Key Vault Secrets User** role in your key vault the [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create) command.
@@ -61,7 +61,7 @@ To allow import of APIs, assign your API center's managed identity the **Key Vau
     scope="${kvID:1}"
 
     az role assignment create \
-        --role "Key Vault Secrets User \
+        --role "Key Vault Secrets User" \
         --assignee-object-id $apicObjID \
         --assignee-principal-type ServicePrincipal \
         --scope $scope 
@@ -72,7 +72,7 @@ To allow import of APIs, assign your API center's managed identity the **Key Vau
     $scope=$apimID.substring(1)
 
     az role assignment create `
-        --role "API Management Service Reader Role" `
+        --role "Key Vault Secrets User" `
         --assignee-object-id $apicObjID `
         --assignee-principal-type ServicePrincipal `
         --scope $scope 
diff --git a/articles/api-center/includes/delete-api-integration.md b/articles/api-center/includes/delete-api-integration.md
@@ -0,0 +1,25 @@
+---
+title: Include file
+description: Include file
+services: api-center
+author: dlepow
+
+ms.service: azure-api-center
+ms.topic: include
+ms.date: 12/23/2024
+ms.author: danlep
+ms.custom: Include file
+---
+
+## Delete an integration
+
+While an API source is integrated, you can't delete synchronized APIs from your API center. If you need to, you can delete the integration. When you delete an integration:
+
+* The synchronized APIs in your API center inventory are deleted
+* The environment and deployments associated with the API source are deleted
+
+To delete an integration:
+
+1. In the [portal](https://portal.azure.com), navigate to your API center.
+1. Under **Assets**, select **Environments** > **Integration (preview)**.
+1. Select the integration, and then select **Delete** (trash can icon). 
diff --git a/articles/api-center/synchronize-api-management-apis.md b/articles/api-center/synchronize-api-management-apis.md
@@ -4,7 +4,7 @@ description: Link an API Management instance to Azure API Center for automatic s
 author: dlepow
 ms.service: azure-api-center
 ms.topic: how-to
-ms.date: 10/30/2024
+ms.date: 12/23/2024
 ms.author: danlep 
 ms.custom: devx-track-azurecli
 # Customer intent: As an API program manager, I want to integrate my Azure API Management instance with my API center and synchronize API Management APIs to my inventory.
@@ -39,7 +39,7 @@ The following table shows entity properties that can be modified in Azure API Ce
 | Entity       | Properties configurable in API Center                     | Properties determined in API Management                                           |
 |--------------|-----------------------------------------|-----------------|
 | API          | summary<br/>lifecycleStage<br/>termsOfService<br/>license<br/>externalDocumentation<br/>customProperties    | title<br/>description<br/>kind                   |
-| API version  | lifecycleStage      | title                                                |
+| API version  | lifecycleStage      | title<br/>definitions (if synchronized)                            |
 | Environment  | title<br/>description<br/>kind</br>server.managementPortalUri<br/>onboarding<br/>customProperties      | server.type
 | Deployment   |  title<br/>description<br/>server<br/>state<br/>customProperties    |      server.runtimeUri |
 
@@ -75,8 +75,8 @@ You can link an API Management instance using the portal.
 
 1. In the [portal](https://portal.azure.com), navigate to your API center.
 1. Under **Assets**, select **Environments**.
-1. Select **Links (preview)** > **+ New link**.
-1. In the **Link your Azure API Management Service** page:
+1. Select **Integrations (preview)** > **+ New integration** > **From Azure API Management**.
+1. In the **Integrate your Azure API Management Service** page:
     1. Select the **Subscription**, **Resource group**, and **Azure API Management service** that you want to link.
     1. In **Link details**, enter an identifier.
     1. In **Environment details**, enter an **Environment title** (name), **Environment type**, and optional **Environment description**.
@@ -89,19 +89,7 @@ The environment is added in your API center. The API Management APIs are importe
 
 :::image type="content" source="media/synchronize-api-management-apis/environment-link-list.png" alt-text="Screenshot of environment list in the portal.":::
 
-
-## Delete a link
-
-While an API Management instance is linked, you can't delete synchronized APIs from your API center. If you need to, you can delete the link. When you delete a link:
-
-* The synchronized API Management APIs in your API center inventory are deleted
-* The environment and deployments associated with the API Management instance are deleted
-
-To delete an API Management link:
-
-1. In the [portal](https://portal.azure.com), navigate to your API center.
-1. Under **Assets**, select **Environments** > **Link (preview)**.
-1. Select the link, and then select **Delete** (trash can icon). 
+[!INCLUDE [delete-api-integration](includes/delete-api-integration.md)]
 
 ## Related content
  
diff --git a/articles/api-center/synchronize-aws-gateway-apis.md b/articles/api-center/synchronize-aws-gateway-apis.md
@@ -4,7 +4,7 @@ description: Integrate an Amazon API Gateway to Azure API Center for automatic s
 author: dlepow
 ms.service: azure-api-center
 ms.topic: how-to
-ms.date: 12/20/2024
+ms.date: 12/23/2024
 ms.author: danlep 
 ms.custom: devx-track-azurecli
 # Customer intent: As an API program manager, I want to integrate my Azure API Management instance with my API center and synchronize API Management APIs to my inventory.
@@ -28,18 +28,18 @@ Synchronization is one-way from Amazon API Gateway to your Azure API center, mea
 
 > [!NOTE]
 > * There are [limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=/azure/api-center/toc.json&bc=/azure/api-center/breadcrumb/toc.json#api-center-limits) for the number of integrated API sources.
-> * API updates in Amazon API Gateway synchronize to your API center every hour.
+> * APIs in your Amazon API Gateway synchronize to your API center once per hour.
 
 ### Entities synchronized from Amazon API Gateway
 
 You can add or update metadata properties and documentation in your API center to help stakeholders discover, understand, and consume the synchronized APIs. Learn more about Azure API Center's [built-in and custom metadata properties](add-metadata-properties.md).
 
 The following table shows entity properties that can be modified in Azure API Center and properties that are determined based on their values in Amazon API Gateway. Also, entities' resource or system identifiers in Azure API Center are generated automatically and can't be modified.
 
-| Entity       | Properties configurable in API Center                     | Properties determined in API Gateway                                           |
+| Entity       | Properties configurable in API Center                     | Properties determined in Amazon API Gateway                                           |
 |--------------|-----------------------------------------|-----------------|
 | API          | summary<br/>lifecycleStage<br/>termsOfService<br/>license<br/>externalDocumentation<br/>customProperties    | title<br/>description<br/>kind                   |
-| API version  | lifecycleStage      | title                                                |
+| API version  | lifecycleStage      | title<br/>definitions (if synchronized)                      |
 | Environment  | title<br/>description<br/>kind</br>server.managementPortalUri<br/>onboarding<br/>customProperties      | server.type
 | Deployment   |  title<br/>description<br/>server<br/>state<br/>customProperties    |      server.runtimeUri |
 
@@ -68,56 +68,27 @@ For property details, see the [Azure API Center REST API reference](/rest/api/ap
 
 [!INCLUDE [enable-managed-identity](includes/enable-managed-identity.md)]
 
-
 ## Create IAM user access keys
 
 To authenticate your API center with Amazon API Gateway, you need access keys for an AWS IAM user. 
 
-To generate the required access key ID and secret key using the AWS Management Console, see [Create an access key for yourself](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-key-self-managed.html#Using_CreateAccessKey). 
+To generate the required access key ID and secret key using the AWS Management Console, see [Create an access key for yourself](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-key-self-managed.html#Using_CreateAccessKey) in the AWS documentation. 
 
 Save your access keys in a safe location. You'll store them in Azure Key Vault in the next steps.
 
 > [!CAUTION]
-> Access keys are long-term credentials and you should manage them as securely as you would a password. Learn more about [securing access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/securing_access-keys.html)
+> Access keys are long-term credentials, and you should manage them as securely as you would a password. Learn more about [securing access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/securing_access-keys.html)
 
 ## Store IAM user access keys in Azure Key Vault
 
-Manually upload and securely store the two IAM user access keys in Azure Key Vault using the configuration in the following table. For more information, see [Quickstart: Set and retrieve a secret from Azure Key Vault using the Azure portal](/azure/key-vault/secrets/quick-create-portal). 
+Manually upload and securely store the two IAM user access keys in Azure Key Vault using the configuration recommended in the following table. For more information, see [Quickstart: Set and retrieve a secret from Azure Key Vault using the Azure portal](/azure/key-vault/secrets/quick-create-portal). 
 
 | AWS secret | Upload options | Name | Secret value | 
+|------------|----------------|------|--------------|
+| Access key | Manual | *aws-access-key* | Access key ID retrieved from AWS |
+| Secret access key | Manual | *aws-secret-access-key* | Secret access key retrieved from AWS |
 
-
-Upload option 
-
-Manual 
-
-Name 
-
-aws-access-key 
-
-Secret value 
-
-Access key retrieved from AWS 
-
-One secret for secret access key: 
-
-Upload option 
-
-Manual 
-
-Name 
-
-aws-secret-access-key 
-
-Secret value 
-
-Secret access key retrieved from AWS 
-
-
-
-
-
-
+Take note of the **Secret identifier** URI of each secret. You'll use these identifiers in the next steps.
 
 
 ## Add a managed identity in your API center
@@ -126,17 +97,21 @@ Secret access key retrieved from AWS
 
 ## Assign the managed identity the Key Vault Secrets User role
 
-[!INCLUDE [configure-managed-identity-apim-reader](includes/configure-managed-identity-apim-reader.md)]
+[!INCLUDE [configure-managed-identity-kv-secret-user](includes/configure-managed-identity-kv-secret-user.md)]
+
 
 ## Integrate an Amazon API Gateway 
 
-You can integrate an API Gateway using the portal.
+You can integrate an Amazon API Gateway to your API center using the portal or the Azure CLI.
+
+#### [Portal](#tab/portal)
 
 1. In the [portal](https://portal.azure.com), navigate to your API center.
 1. Under **Assets**, select **Environments**.
-1. Select **Integrations (preview)** > **+ New integration**.
-1. In the **Link your Azure API Gateway** page:
-    1. TBD...    
+1. Select **Integrations (preview)** > **+ New integration** > **From Amazon API Gateway**.
+1. In the **Integrate your Amazon API Gateway service** page:
+    1. Under **Configure AWS credentials using Azure Key Vault**, enter or select the Key Vault secret identifiers for the **AWS access key** and **AWS secret access key** you stored previously. Also, select the **AWS region** where the Amazon API Gateway is deployed.
+    1. In **Integration details**, enter an identifier.
     1. In **Environment details**, enter an **Environment title** (name), **Environment type**, and optional **Environment description**.
     1. In **API details**, select a **Lifecycle stage** for the synchronized APIs. (You can update this value for your APIs after they're added to your API center.) Also, select whether to synchronize API definitions.
 1. Select **Create**.
@@ -145,27 +120,28 @@ You can integrate an API Gateway using the portal.
 :::image type="content" source="media/synchronize-api-management-apis/link-api-management-service.png" alt-text="Screenshot of linking an Azure API Management Service in the portal.":::
 
 --->
-The environment is added in your API center. The API Management APIs are imported to the API center inventory.
 
-<!--
-:::image type="content" source="media/synchronize-api-management-apis/environment-link-list.png" alt-text="Screenshot of environment list in the portal.":::
--->
+#### [Azure CLI](#tab/cli)
+
+Run the `az apic integration create aws` command to integrate an Amazon API Gateway to your API center. Provide the Key Vault secret identifiers for the AWS access key and secret access key, and the AWS region where the Amazon API Gateway is deployed.
 
-## Delete an integration
+```azurecli
 
-While an API source is integrated, you can't delete synchronized APIs from your API center. If you need to, you can delete the integration. When you delete an integration:
+az apic integration create aws --name <api-center-name> \
+    --integration-name <aws-integration-name> \
+    --aws-access-key-reference <access-key-uri> \
+    --aws-secret-access-key-reference <secret-access-key-uri> \
+    --aws-region-name <aws-region>
+``` 
+---
 
-* The synchronized APIs in your API center inventory are deleted
-* The environment and deployments associated with the API source are deleted
 
-To delete an integration:
+The environment is added in your API center. The Amazon API Gateway APIs are imported to the API center inventory.
 
-1. In the [portal](https://portal.azure.com), navigate to your API center.
-1. Under **Assets**, select **Environments** > **Integration (preview)**.
-1. Select the integration, and then select **Delete** (trash can icon). 
+
+[!INCLUDE [delete-api-integration](includes/delete-api-integration.md)]
 
 ## Related content
  
 * [Manage API inventory with Azure CLI commands](manage-apis-azure-cli.md)
-* [Import APIs from API Management to your Azure API center](import-api-management-apis.md)
-* [Azure API Management documentation](../api-management/index.yml)
+* [Synchronize APIs from API Management to your Azure API center](synchronize-api-management-apis.md)
