Skip to content

Commit f6ed8d9

Browse files
yaelrbergmanyelevin
yaelrbergman
and
yelevin
authored
Update articles/sentinel/connect-aws.md
Co-authored-by: Yechiel Levin <[email protected]>
1 parent 338c8fd commit f6ed8d9

File tree

1 file changed

+9
-1
lines changed

1 file changed

+9
-1
lines changed

articles/sentinel/connect-aws.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -195,7 +195,15 @@ Microsoft recommends using the automatic setup script to deploy this connector.
195195
| **Permissions to assign** |`AmazonSQSReadOnlyAccess`<li>`AmazonSQSReadOnlyAccess`<li>`AWSLambdaSQSQueueExecutionRole`<li>`AmazonS3ReadOnlyAccess`<li>`ROSAKMSProviderPolicy` Additional policies for ingesting the different types of AWS service logs| <ul><li>`AmazonSQSReadOnlyAccess`<li>`AWSLambdaSQSQueueExecutionRole`<li>`AmazonS3ReadOnlyAccess`<li>`ROSAKMSProviderPolicy`Additional policies for ingesting the different types of AWS service logs. | For information on these policies, see the [AWS S3 connector permissions policies page](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-S3/AwsRequiredPoliciesForGov.md) for Government, in the Microsoft Sentinel GitHub repository. |
196196
| **Name** |Example: "OIDC_MicrosoftSentinelRole" | Example: "OIDC_*MicrosoftSentinelRole*". |The value of the parameter must have the exact prefix `OIDC_`, otherwise the connector will not function properly. |
197197

198-
198+
**Use the values in this table for Azure Government Cloud.**
199+
200+
| Parameter | Selection/Value | Comments |
201+
| - | - | - |
202+
| **Trusted entity type** | *Web identity* | Instead of default *AWS service*. |
203+
| **Identity provider** | `sts.windows.net/cab8a31a-1906-4287-a0d8-4eef66b95f6e/` | The provider you created in the previous step. |
204+
| **Audience** | `api://d4230588-5f84-4281-a9c7-2c15194b28f7` | The audience you defined for the identity provider in the previous step. |
205+
| **Permissions to assign** | <ul><li>`AmazonSQSReadOnlyAccess`<li>`AWSLambdaSQSQueueExecutionRole`<li>`AmazonS3ReadOnlyAccess`<li>`ROSAKMSProviderPolicy`<li>Additional policies for ingesting the different types of AWS service logs. | For information on these policies, see the [AWS S3 connector permissions policies page](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-S3/AwsRequiredPoliciesForGov.md) for Government, in the Microsoft Sentinel GitHub repository. |
206+
| **Name** | Example: "*MicrosoftSentinelRole*". | Choose a meaningful name that includes a reference to Microsoft Sentinel. |
199207
1. Edit the new role's trust policy and add another condition:<br>`"sts:RoleSessionName": "MicrosoftSentinel_{WORKSPACE_ID)"`
200208

201209
> [!IMPORTANT]

0 commit comments

Comments
 (0)