Merge branch 'main' into add-failure-store

Author: mdbirnstiehl

.github/CODEOWNERS

@@ -47,6 +47,7 @@
 /solutions/observability/get-started/       @elastic/ski-docs
 /solutions/search/                          @elastic/developer-docs
 /solutions/security/                        @elastic/experience-docs
+/solutions/security/get-started/            @elastic/ingest-docs @elastic/experience-docs
 /solutions/security/cloud/                  @elastic/ingest-docs
 
 /troubleshoot/                              @elastic/docs

cloud-account/multifactor-authentication.md

@@ -99,17 +99,7 @@ No, the Elastic Cloud default MFA enforcement does not apply when selecting **Lo
 
 **My team uses a generic account or distribution/mailing list and shares the password to access Elastic Cloud. How will my team be able to log in and access our Elastic Cloud organization after the MFA enforcement?**
 
-There are ways to work around the limitations of generic account access, but the more secure approach is to use one Elastic account for each Elastic Cloud user.
-
-You can explore the following workarounds:
-
-* Grant your team members access to that account’s Elastic Cloud organization by inviting and making them organization members. This may involve creating additional Elastic user accounts for each team member, depending on their organization access and ownership needs since we have yet to support multi-organization membership. When each team member has their own account to access your Elastic Cloud organization, they will be able to set up their own MFA  method.
-* Use the email MFA method, assuming all of your team members have access to the generic account or distribution list’s mailbox.
-* Keep using the generic account to log in and set up multifactor authentication [using an authenticator app](#ec-account-security-mfa-authenticator).
-
-  During the setup, take a photo of the QR code, or note its numeric version, and share it across your team. This code is sensitive and should be stored and shared securely. For example, it should be stored in an encrypted place using a secure algorithm such as AES-256, and transmitted over a secure encrypted channel such as TLS 1.3.
-
-  This QR code is the "base" number used by the Authenticator app to generate codes based on the current time. There is no danger of synchronization issues. However, there is risk of a breach if the QR code picture or number is compromised.
+The only secure and recommended approach is to use one Elastic account for each {{ecloud}} user. You can grant your team members access to that account’s {{ecloud}} organization by inviting and making them organization members. This may involve creating additional Elastic user accounts for each team member, depending on their organization access and ownership needs, because Elastic does not support multi-organization membership. When each team member has their own account to access your {{ecloud}} organization, they will be able to set up their own MFA method.
 
 
 **After I set up an MFA method, will I need to answer an MFA challenge every time I authenticate through Elastic Cloud?**

deploy-manage/deploy/cloud-enterprise/access-kibana.md

@@ -27,7 +27,9 @@ To access {{kib}}:
 3. Under **Applications**, select the {{kib}} **Open** link and wait for {{kib}} to open.
 
     ::::{note} 
-    Both ports 443 and 9243 can be used to access {{kib}}. SSO only works with 9243 on older deployments, where you will see an option in the Cloud UI to migrate the default to port 443. In addition, any version upgrade will automatically migrate the default port to 443.
+    The URL provided to access {{kib}} is based on the [endpoint URL](/deploy-manage/deploy/cloud-enterprise/change-endpoint-urls.md) configured in the ECE **Settings** UI. This URL should resolve to your [external load balancer](/deploy-manage/deploy/cloud-enterprise/ece-load-balancers.md), which forwards the traffic to ECE proxies on port `9243`.
+
+    If your load balancer is configured to accept traffic on both ports `9243` and `443`, you can use either port when connecting to {{kib}}. However, [built-in SSO](/deploy-manage/users-roles/cloud-enterprise-orchestrator/configure-sso-for-deployments.md) will only work with the URL configured in ECE **Settings** UI.
     ::::
 
 4. Log into {{kib}}. Single sign-on (SSO) is enabled between your {{ece}} account and the {{kib}} instance. If you’re logged in already, then {{kib}} opens without requiring you to log in again. However, if your token has expired, choose from one of these methods to log in:

deploy-manage/deploy/cloud-enterprise/ece-install-offline-images.md

@@ -38,10 +38,10 @@ Enterprise Search is not available in versions 9.0+.
 
 | Required downloads | Minimum required ECE version |
 | --- | --- |
-| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 9.0.1](https://download.elastic.co/cloud-enterprise/versions/9.0.1.zip) | ECE 4.0.0 |
-| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.0.1 | ECE 4.0.0 |
-| docker.elastic.co/cloud-release/kibana-cloud:9.0.1 | ECE 4.0.0 |
-| docker.elastic.co/cloud-release/elastic-agent-cloud:9.0.1 | ECE 4.0.0 |
+| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 9.0.2](https://download.elastic.co/cloud-enterprise/versions/9.0.2.zip) | ECE 4.0.0 |
+| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.0.2 | ECE 4.0.0 |
+| docker.elastic.co/cloud-release/kibana-cloud:9.0.2 | ECE 4.0.0 |
+| docker.elastic.co/cloud-release/elastic-agent-cloud:9.0.2 | ECE 4.0.0 |
 |  |  |
 | [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.18.2](https://download.elastic.co/cloud-enterprise/versions/8.18.2.zip) | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
 | docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.18.2 | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
@@ -67,6 +67,11 @@ Enterprise Search is not available in versions 9.0+.
 ::::{dropdown} Expand to view the full list
 | Required downloads | Minimum required ECE version |
 | --- | --- |
+| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 9.0.2](https://download.elastic.co/cloud-enterprise/versions/9.0.2.zip) | ECE 4.0.0 |
+| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.0.2 | ECE 4.0.0 |
+| docker.elastic.co/cloud-release/kibana-cloud:9.0.2 | ECE 4.0.0 |
+| docker.elastic.co/cloud-release/elastic-agent-cloud:9.0.2 | ECE 4.0.0 |
+|  |  |
 | [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 9.0.1](https://download.elastic.co/cloud-enterprise/versions/9.0.1.zip) | ECE 4.0.0 |
 | docker.elastic.co/cloud-release/elasticsearch-cloud-ess:9.0.1 | ECE 4.0.0 |
 | docker.elastic.co/cloud-release/kibana-cloud:9.0.1 | ECE 4.0.0 |
@@ -95,6 +100,12 @@ Enterprise Search is not available in versions 9.0+.
 | docker.elastic.co/cloud-release/elastic-agent-cloud:8.18.0 | ECE 3.0.0 |
 | docker.elastic.co/cloud-release/enterprise-search-cloud:8.18.0 | ECE 3.0.0 |
 |  |  |
+| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.17.7](https://download.elastic.co/cloud-enterprise/versions/8.17.7.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |
+| docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.17.7 | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
+| docker.elastic.co/cloud-release/kibana-cloud:8.17.7 | ECE 3.0.0 |
+| docker.elastic.co/cloud-release/elastic-agent-cloud:8.17.7 | ECE 3.0.0 |
+| docker.elastic.co/cloud-release/enterprise-search-cloud:8.17.7 | ECE 3.0.0 |
+|  |  |
 | [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.17.6](https://download.elastic.co/cloud-enterprise/versions/8.17.6.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |
 | docker.elastic.co/cloud-release/elasticsearch-cloud-ess:8.17.6 | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
 | docker.elastic.co/cloud-release/kibana-cloud:8.17.6 | ECE 3.0.0 |

deploy-manage/deploy/cloud-enterprise/manage-elastic-stack-versions.md

@@ -37,7 +37,7 @@ $$$ece-elastic-stack-stackpacks-recent$$$
 
 | Stack pack download link | Minimum required ECE version |
 | --- | --- |
-| [{{es}}, {{kib}}, and APM stack pack: 9.0.1](https://download.elastic.co/cloud-enterprise/versions/9.0.1.zip) | ECE 4.0.0 |
+| [{{es}}, {{kib}}, and APM stack pack: 9.0.2](https://download.elastic.co/cloud-enterprise/versions/9.0.2.zip) | ECE 4.0.0 |
 | [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.18.2](https://download.elastic.co/cloud-enterprise/versions/8.18.2.zip) | ECE 3.0.0<br>(+ Docker 20.10.10+ required for 8.16+) |
 | [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 7.17.27](https://download.elastic.co/cloud-enterprise/versions/7.17.27.zip) | ECE 2.2.2 |
 | [{{es}}, {{kib}}, and APM stack pack: 6.8.23](https://download.elastic.co/cloud-enterprise/versions/6.8.23.zip) | ECE 1.1.4 |
@@ -50,11 +50,13 @@ Following is the full list of available packs containing {{stack}} versions. Not
 ::::{dropdown} Expand to view the full list
 | Stack pack download link | Minimum required ECE version |
 | --- | --- |
+| [{{es}}, {{kib}}, and APM stack pack: 9.0.2](https://download.elastic.co/cloud-enterprise/versions/9.0.2.zip) | ECE 4.0.0 |
 | [{{es}}, {{kib}}, and APM stack pack: 9.0.1](https://download.elastic.co/cloud-enterprise/versions/9.0.1.zip) | ECE 4.0.0 |
 | [{{es}}, {{kib}}, and APM stack pack: 9.0.0](https://download.elastic.co/cloud-enterprise/versions/9.0.0.zip) | ECE 4.0.0 |
 | [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.18.2](https://download.elastic.co/cloud-enterprise/versions/8.18.2.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |
 | [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.18.1](https://download.elastic.co/cloud-enterprise/versions/8.18.1.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |
 | [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.18.0](https://download.elastic.co/cloud-enterprise/versions/8.18.0.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |
+| [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.17.7](https://download.elastic.co/cloud-enterprise/versions/8.17.7.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |
 | [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.17.6](https://download.elastic.co/cloud-enterprise/versions/8.17.6.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |
 | [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.17.5](https://download.elastic.co/cloud-enterprise/versions/8.17.5.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |
 | [{{es}}, {{kib}}, APM, and Enterprise Search stack pack: 8.17.4](https://download.elastic.co/cloud-enterprise/versions/8.17.4.zip) | ECE 3.0.0<br>(+ docker 20.10.10+ required for 8.16+) |

deploy-manage/deploy/elastic-cloud/create-an-organization.md

@@ -76,7 +76,7 @@ During the free 14 day trial, Elastic provides access to one hosted deployment a
 
 * You can have one active deployment at a time
 * The deployment size is limited to 8GB RAM and approximately 360GB of storage, depending on the specified hardware profile
-* Machine learning nodes are available up to 4GB RAM
+* Machine learning nodes are available up to 4GB RAM, or up to 8GB when using Reranker
 * Custom {{es}} plugins are not enabled
 
 For more information, check the [{{ech}} documentation](cloud-hosted.md).

deploy-manage/distributed-architecture/reading-and-writing-documents.md

@@ -16,7 +16,7 @@ Each index in {{es}} is [divided into shards](../../deploy-manage/index.md) and
 
 Elasticsearch’s data replication model is based on the *primary-backup model* and is described very well in the [PacificA paper](https://www.microsoft.com/en-us/research/publication/pacifica-replication-in-log-based-distributed-storage-systems/) of Microsoft Research. That model is based on having a single copy from the replication group that acts as the primary shard. The other copies are called *replica shards*. The primary serves as the main entry point for all indexing operations. It is in charge of validating them and making sure they are correct. Once an index operation has been accepted by the primary, the primary is also responsible for replicating the operation to the other copies.
 
-This purpose of this section is to give a high level overview of the {{es}} replication model and discuss the implications it has for various interactions between write and read operations.
+The purpose of this section is to give a high level overview of the {{es}} replication model and discuss the implications it has for various interactions between write and read operations.
 
 ## Basic write model [basic-write-model]
 

deploy-manage/monitor/autoops/ec-autoops-regions.md

@@ -10,24 +10,36 @@ products:
 
 # AutoOps regions [ec-autoops-regions]
 
-A region is the geographic area where the cloud provider’s data center that hosts your deployments is located. Based on a planned release schedule, Elastic is enabling the AutoOps service on the following cloud service providers: AWS, Azure, and GCP.
+A region is where a cloud service provider's data center that hosts your deployments is located. Based on a planned release schedule, Elastic is enabling AutoOps on the following cloud service providers: AWS, Azure, and GCP.
 
-AutoOps is currently available in the following regions:
+AutoOps is currently available in the following regions for AWS:
 
-| Provider | Region | Name |
+| Region | Name |
 | --- | --- | --- | --- |
-| AWS | us-east-1 | US East (N. Virginia) |
-| AWS | us-east-2 | Ohio | 
-| AWS | us-west-2 | Oregon |
-| AWS | eu-west-1 | Ireland |
-| AWS | eu-west-2 | London |
-| AWS | eu-central-1 | Frankfurt |
-| AWS | ap-southeast-1 | Singapore |
-| AWS | ap-northeast-1| Tokyo | 
-| AWS | ap-south-1 | Mumbai | 
+| us-east-1 | N. Virginia |
+| us-east-2 | Ohio |
+| us-west-1 | N. California |
+| us-west-2 | Oregon |
+| ca-central-1 | Canada |
+| eu-west-1 | Ireland |
+| eu-west-2 | London |
+| eu-west-3 | Paris |
+| eu-north-1 | Stockholm |
+| eu-central-1 | Frankfurt |
+| eu-central-2 | Zurich |
+| eu-south-1 | Milan |
+| me-south-1 | Bahrain |
+| ap-east-1 | Hong Kong |
+| ap-northeast-1 | Tokyo |
+| ap-northeast-2 | Seoul |
+| ap-southeast-1 | Singapore |
+| ap-southeast-2 | Sydney |
+| ap-south-1 | Mumbai |
+| sa-east-1 | Sao Paulo |
+| af-south-1 | Cape Town |
+
+Regions for Azure and GCP will be added in the future.
 
 ::::{note} 
-Currently, a limited number of AWS regions are available. More regions for AWS, Azure and GCP will be added in the future. Also, AutoOps is currently not available for GovCloud customers.
+AutoOps is currently not available for GovCloud customers.
 ::::
-
-

deploy-manage/monitor/stack-monitoring/eck-stack-monitoring.md

@@ -38,7 +38,7 @@ However, for maximum efficiency and minimizing resource consumption, or advanced
 
 To enable stack monitoring, reference the monitoring {{es}} cluster in the `spec.monitoring` section of their specification. 
 
-The monitoring cluster must be managed by ECK in the same Kubernetes cluster as the monitored one. To learn how to connect an external monitoring cluster, refer to [Connect ot an external monitoring {{es}} cluster](#k8s_connect_to_an_external_monitoring_elasticsearch_cluster).
+The monitoring cluster must be managed by ECK in the same Kubernetes cluster as the monitored one. To learn how to connect an external monitoring cluster, refer to [Connect to an external monitoring {{es}} cluster](#k8s_connect_to_an_external_monitoring_elasticsearch_cluster).
 
 The following example shows how {{stack}} components can be configured to send their monitoring data to a separate {{es}} cluster in the same Kubernetes cluster. 
 

deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md

@@ -52,9 +52,9 @@ If you run into any issues, refer to [Troubleshooting](/troubleshoot/elasticsear
 * Copy the encoded key (`encoded` in the response) to a safe location. You will need it in the next step.
 
 
-### Add the cross-cluster API key to the keystore of the local deployment [ec_add_the_cross_cluster_api_key_to_the_keystore_of_the_local_deployment]
+### Add the cross-cluster API key to the local deployment [ec_add_the_cross_cluster_api_key_to_the_local_deployment]
 
-The API key created previously will be used by the local deployment to authenticate with the corresponding set of permissions to the remote deployment. For that, you need to add the API key to the local deployment’s keystore.
+The API key created previously will be used by the local deployment to authenticate with the corresponding set of permissions to the remote deployment. For that, you need to add the API key to the local deployment.
 
 1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
 2. On the home page, find your hosted deployment and select **Manage** to access it directly. Or, select **Hosted deployments** to go to the **Hosted deployments** page to view all of your deployments.
@@ -69,12 +69,12 @@ The API key created previously will be used by the local deployment to authentic
         * For the **Setting name**, enter the the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
         * For the **Secret**, paste the encoded cross-cluster API key.
 
-    2. Click **Add** to save the API key to the keystore.
+    2. Click **Add** to save the API key.
 
-5. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
+5. Restart the local deployment to reload the new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
 
     ::::{note}
-    If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
+    If the local deployment runs on version 8.14 or greater, you no longer need to perform this step.
     ::::