Skip to content

Commit fa74c7e

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #274671 from yaelrbergman/docs-editor/connect-aws-1715174712
Update connect-aws.md
2 parents bb4f493 + 4382be1 commit fa74c7e

File tree

1 file changed

+6
-17
lines changed

1 file changed

+6
-17
lines changed

articles/sentinel/connect-aws.md

Lines changed: 6 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -181,27 +181,16 @@ Microsoft recommends using the automatic setup script to deploy this connector.
181181
| **Thumbprint** | `626d44e704d1ceabe3bf0d53397464ac8080142c` | If created in the IAM console, selecting **Get thumbprint** should give you this result. |
182182
| **Audience** | Commercial:<br>`api://1462b192-27f7-4cb9-8523-0f4ecb54b47e`<br><br>Government:<br>`api://d4230588-5f84-4281-a9c7-2c15194b28f7` | |
183183

184-
3. Create an **IAM assumed role**. Follow these instructions in the AWS documentation:<br>[Creating a role for web identity or OpenID Connect Federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html#idp_oidc_Create).
185-
186-
**Use the values in this table for Azure Commercial Cloud.**
187-
188-
| Parameter | Selection/Value | Comments |
189-
| - | - | - |
190-
| **Trusted entity type** | *Web identity* | Instead of default *AWS service*. |
191-
| **Identity provider** | `sts.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d/` | The provider you created in the previous step. |
192-
| **Audience** | `api://1462b192-27f7-4cb9-8523-0f4ecb54b47e` | The audience you defined for the identity provider in the previous step. |
193-
| **Permissions to assign** | <ul><li>`AmazonSQSReadOnlyAccess`<li>`AWSLambdaSQSQueueExecutionRole`<li>`AmazonS3ReadOnlyAccess`<li>`ROSAKMSProviderPolicy`<li>Additional policies for ingesting the different types of AWS service logs | For information on these policies, see the [AWS S3 connector permissions policies page](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-S3/AwsRequiredPolicies.md), in the Microsoft Sentinel GitHub repository. |
194-
| **Name** | Example: "OIDC_*MicrosoftSentinelRole*". | Choose a meaningful name that includes a reference to Microsoft Sentinel.<br><br>The name must include the exact prefix `OIDC_`, otherwise the connector will not function properly. |
195-
196-
**Use the values in this table for Azure Government Cloud.**
184+
1. Create an **IAM assumed role**. Follow these instructions in the AWS documentation:<br>[Creating a role for web identity or OpenID Connect Federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html#idp_oidc_Create).
197185

198186
| Parameter | Selection/Value | Comments |
199187
| - | - | - |
200188
| **Trusted entity type** | *Web identity* | Instead of default *AWS service*. |
201-
| **Identity provider** | `sts.windows.net/cab8a31a-1906-4287-a0d8-4eef66b95f6e/` | The provider you created in the previous step. |
202-
| **Audience** | `api://d4230588-5f84-4281-a9c7-2c15194b28f7` | The audience you defined for the identity provider in the previous step. |
203-
| **Permissions to assign** | <ul><li>`AmazonSQSReadOnlyAccess`<li>`AWSLambdaSQSQueueExecutionRole`<li>`AmazonS3ReadOnlyAccess`<li>`ROSAKMSProviderPolicy`<li>Additional policies for ingesting the different types of AWS service logs. | For information on these policies, see the [AWS S3 connector permissions policies page](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-S3/AwsRequiredPoliciesForGov.md) for Government, in the Microsoft Sentinel GitHub repository. |
204-
| **Name** | Example: "OIDC_*MicrosoftSentinelRole*". | Choose a meaningful name that includes a reference to Microsoft Sentinel.<br><br>The name must include the exact prefix `OIDC_`, otherwise the connector will not function properly. |
189+
| **Identity provider** | Commercial:<br>`sts.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d/`<br><br>Government:<br>`sts.windows.net/cab8a31a-1906-4287-a0d8-4eef66b95f6e/` | The provider you created in the previous step. |
190+
| **Audience** | Commercial:<br>`api://1462b192-27f7-4cb9-8523-0f4ecb54b47e`<br><br>Government:<br>`api://d4230588-5f84-4281-a9c7-2c15194b28f7` | The audience you defined for the identity provider in the previous step. |
191+
| **Permissions to assign** | <ul><li>`AmazonSQSReadOnlyAccess`<li>`AWSLambdaSQSQueueExecutionRole`<li>`AmazonS3ReadOnlyAccess`<li>`ROSAKMSProviderPolicy`<li>Additional policies for ingesting the different types of AWS service logs | For information on these policies, see the relevant AWS S3 connector permissions policies page, in the Microsoft Sentinel GitHub repository.<ul><li>[AWS Commercial S3 connector permissions policies page](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-S3/AwsRequiredPolicies.md)<li>[AWS Government S3 connector permissions policies page](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-S3/AwsRequiredPoliciesForGov.md)|
192+
| **Name** | "OIDC_*MicrosoftSentinelRole*"| Choose a meaningful name that includes a reference to Microsoft Sentinel.<br><br>The name must include the exact prefix `OIDC_`, otherwise the connector will not function properly. |
193+
205194
1. Edit the new role's trust policy and add another condition:<br>`"sts:RoleSessionName": "MicrosoftSentinel_{WORKSPACE_ID)"`
206195

207196
> [!IMPORTANT]

0 commit comments

Comments
 (0)