Merge branch 'main' into tbs-config-discard-on-write

Author: isaacaflores2

.github/CODEOWNERS

@@ -47,6 +47,7 @@
 /solutions/observability/get-started/       @elastic/ski-docs
 /solutions/search/                          @elastic/developer-docs
 /solutions/security/                        @elastic/experience-docs
+/solutions/security/get-started/            @elastic/ingest-docs @elastic/experience-docs
 /solutions/security/cloud/                  @elastic/ingest-docs
 
 /troubleshoot/                              @elastic/docs

.github/ISSUE_TEMPLATE/z-issue-report.yaml renamed to .github/ISSUE_TEMPLATE/issue-report.yaml

@@ -0,0 +1,77 @@
+name: "Docs preview comment"
+
+on:
+  pull_request_target:
+    types: [opened, reopened, synchronize]
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  preview-links:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Comment preview links for changed docs
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const pr     = context.payload.pull_request;
+            const prNum  = pr.number;
+            const owner  = context.repo.owner;
+            const repo   = context.repo.repo;
+            const base   = `https://docs-v3-preview.elastic.dev/${owner}/${repo}/pull/${prNum}`;
+
+            // 1) List all files in this PR
+            const { data: files } = await github.rest.pulls.listFiles({
+              owner, repo, pull_number: prNum
+            });
+
+            // 2) Filter to only added/modified .md files (skip removed and _snippets/)
+            const links = files
+              .filter(f =>
+                f.status !== 'removed' &&
+                /\.md$/i.test(f.filename) &&
+                !/(^|\/)_snippets\//i.test(f.filename)
+              )
+              .map(f => {
+                let p = f.filename.replace(/\/index\.md$/i, '/');
+                if (p === f.filename) p = p.replace(/\.md$/i, '');
+                return `- [\`${f.filename}\`](${base}/${p})`;
+              });
+
+            if (!links.length) return;  // nothing to do
+
+            // 3) Build the comment body
+            const body = [
+              "🔍 **Preview links for changed docs:**",
+              "",
+              ...links,
+              "",
+              "🔔 *The preview site may take up to **3 minutes** to finish building. These links will become live once it completes.*"
+            ].join("\n");
+
+            // 4) Post or update a single bot comment
+            const { data: comments } = await github.rest.issues.listComments({
+              owner, repo, issue_number: prNum
+            });
+            const existing = comments.find(c =>
+              c.user.type === 'Bot' &&
+              c.body.startsWith("🔍 **Preview links for changed docs:**")
+            );
+
+            if (existing) {
+              await github.rest.issues.updateComment({
+                owner, repo,
+                comment_id: existing.id,
+                body
+              });
+            } else {
+              await github.rest.issues.createComment({
+                owner, repo,
+                issue_number: prNum,
+                body
+              });
+            }

.github/workflows/doc-preview-comment.yml

@@ -0,0 +1,58 @@
+name: Label Community Issues
+
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  label-community-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      contents: read
+    
+    steps:
+      - name: Check organization membership
+        id: check-membership
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.ORG_MEMBER_READ_TOKEN }}
+          script: |
+            const issueAuthor = '${{ github.event.issue.user.login }}';
+            const orgName = 'elastic';
+            
+            try {
+              await github.rest.orgs.getMembershipForUser({
+                org: orgName,
+                username: issueAuthor
+              });
+              
+              console.log(`${issueAuthor} is a member of ${orgName} organization`);
+              return 'member';
+              
+            } catch (error) {
+              if (error.status === 404) {
+                console.log(`${issueAuthor} is not a member of ${orgName} organization`);
+                return 'non-member';
+              } else {
+                console.log('Error checking organization membership:', error);
+                return 'error';
+              }
+            }
+
+      - name: Add community label
+        if: steps.check-membership.outputs.result == 'non-member'
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const issueAuthor = '${{ github.event.issue.user.login }}';
+            
+            await github.rest.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              labels: ['community']
+            });
+            
+            console.log(`Added "community" label to issue by ${issueAuthor}`);

.github/workflows/label-community-issues.yml

@@ -99,17 +99,7 @@ No, the Elastic Cloud default MFA enforcement does not apply when selecting **Lo
 
 **My team uses a generic account or distribution/mailing list and shares the password to access Elastic Cloud. How will my team be able to log in and access our Elastic Cloud organization after the MFA enforcement?**
 
-There are ways to work around the limitations of generic account access, but the more secure approach is to use one Elastic account for each Elastic Cloud user.
-
-You can explore the following workarounds:
-
-* Grant your team members access to that account’s Elastic Cloud organization by inviting and making them organization members. This may involve creating additional Elastic user accounts for each team member, depending on their organization access and ownership needs since we have yet to support multi-organization membership. When each team member has their own account to access your Elastic Cloud organization, they will be able to set up their own MFA  method.
-* Use the email MFA method, assuming all of your team members have access to the generic account or distribution list’s mailbox.
-* Keep using the generic account to log in and set up multifactor authentication [using an authenticator app](#ec-account-security-mfa-authenticator).
-
-  During the setup, take a photo of the QR code, or note its numeric version, and share it across your team. This code is sensitive and should be stored and shared securely. For example, it should be stored in an encrypted place using a secure algorithm such as AES-256, and transmitted over a secure encrypted channel such as TLS 1.3.
-
-  This QR code is the "base" number used by the Authenticator app to generate codes based on the current time. There is no danger of synchronization issues. However, there is risk of a breach if the QR code picture or number is compromised.
+The only secure and recommended approach is to use one Elastic account for each {{ecloud}} user. You can grant your team members access to that account’s {{ecloud}} organization by inviting and making them organization members. This may involve creating additional Elastic user accounts for each team member, depending on their organization access and ownership needs, because Elastic does not support multi-organization membership. When each team member has their own account to access your {{ecloud}} organization, they will be able to set up their own MFA method.
 
 
 **After I set up an MFA method, will I need to answer an MFA challenge every time I authenticate through Elastic Cloud?**

cloud-account/multifactor-authentication.md

@@ -13,6 +13,8 @@ products:
 
 Each {{ecloud}} account has a primary email associated with it. By default, the primary email address is used to sign up for {{ecloud}} and to log in. If needed, you can change this primary email address.
 
+Your email address is used to uniquely identify you. It can’t be used for more than one {{ecloud}} account, whether that account is a trial account, a standard {{ecloud}} account, or a subscription account through a marketplace. An {{ecloud}} account can belong to only one organization at a time.
+ 
 ## Change your email address (native sign-in)
 
 If you log in using a standard email and password, follow these steps to update your email address:
@@ -34,3 +36,15 @@ If you log in using Google or Microsoft Sign-In, follow these steps to update yo
 ## Changing your email address with an Azure Marketplace account
 
 If your organization is associated with [Azure Marketplace](../deploy-manage/deploy/elastic-cloud/azure-native-isv-service.md), you can’t change your primary email address using the above methods. Instead, [invite another user](../deploy-manage/users-roles/cloud-organization/manage-users.md) with the desired email address to join your organization.
+
+## Sign up using an existing email address [sign-up-existing]
+
+In some situations, you might want to create a new {{ecloud}} account using an email address that is already associated with an existing account. To sign up to {{ecloud}} using an email address associated with another {{ecloud}} account, you must remove the email address from your previous account and replace it with a new address.
+
+1. Use your current email address (for example, `[email protected]`) to log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
+2. Follow the steps from one of the procedures on this page to update that email address to another email address, such as `[email protected]`.
+
+You can now use the email address from step 1 to do the following:
+
+* [Sign up for a new account](/deploy-manage/deploy/elastic-cloud/create-an-organization.md).
+* [Join an existing organization](/cloud-account/join-or-leave-an-organization.md).

cloud-account/update-your-email-address.md

@@ -27,8 +27,8 @@ These keys provides access to the API that enables you to manage your deployment
 
 1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
 2. Go to your avatar in the upper right corner and choose **Organization**.
-3. On the API keys tab of the **Organization** page, click **Create API Key**.
-4. From the **Create API Key** page, you can configure your new key by adding a name, set expiration, or assign [roles](../users-roles/cloud-organization/user-roles.md).
+3. On the **API keys** tab of the **Organization** page, click **Create API key**.
+4. On the **Create API key** flyout, you can configure your new key by adding a name, set expiration, or assign [roles](../users-roles/cloud-organization/user-roles.md).
 
     By default, API keys expire after three months. You can set the expiration to a different preset value or to a specific date, up to one year. If you need the key to work indefinitely, you can also set its expiration to Never. In this case, the key won’t expire.
 

deploy-manage/api-keys/elastic-cloud-api-keys.md

@@ -71,7 +71,7 @@ For a data tier, an autoscaling event can be triggered in the following cases:
 
 * Through ILM  policies. For example, if a deployment has only hot nodes and autoscaling is enabled, it automatically creates warm or cold nodes, if an ILM policy is trying to move data from hot to warm or cold nodes.
 
-On machine learning nodes, scaling is determined by an estimate of the memory and CPU requirements for the currently configured jobs and trained models. When a new machine learning job tries to start, it looks for a node with adequate native memory and CPU capacity. If one cannot be found, it stays in an `opening` state. If this waiting job exceeds the queueing limit set in the machine learning decider, a scale up is requested. Conversely, as machine learning jobs run, their memory and CPU usage might decrease or other running jobs might finish or close. In this case, if the duration of decreased resource usage exceeds the set value for `down_scale_delay`, a scale down is requested. Check [Machine learning decider](autoscaling-deciders.md)for more detail. To learn more about machine learning jobs in general, check [Create anomaly detection jobs](../../explore-analyze/machine-learning/anomaly-detection/ml-ad-run-jobs.md#ml-ad-create-job)
+On machine learning nodes, scaling is determined by an estimate of the memory and CPU requirements for the currently configured jobs and trained models. When a new machine learning job tries to start, it looks for a node with adequate native memory and CPU capacity. If one cannot be found, it stays in an `opening` state. If this waiting job exceeds the queueing limit set in the machine learning decider, a scale up is requested. Conversely, as machine learning jobs run, their memory and CPU usage might decrease or other running jobs might finish or close. In this case, if the duration of decreased resource usage exceeds the set value for `down_scale_delay`, a scale down is requested. Check [Machine learning decider](autoscaling-deciders.md) for more detail. To learn more about machine learning jobs in general, check [Create anomaly detection jobs](../../explore-analyze/machine-learning/anomaly-detection/ml-ad-run-jobs.md#ml-ad-create-job).
 
 On a highly available deployment, autoscaling events are always applied to instances in each availability zone simultaneously, to ensure consistency.
 
@@ -650,4 +650,4 @@ curl -XPOST \
 
 :::
 
-::::
+::::

deploy-manage/autoscaling/autoscaling-in-ece-and-ech.md

@@ -24,8 +24,9 @@ Trials get converted to paid subscriptions and billing starts when you add a cre
 To add your billing details:
 
 1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
-2. Select the user icon on the header bar and select **Billing** from the menu.
-3. On the **Overview** page, select **Add billing information**.
-4. If prompted, complete the multifactor authentication (MFA) required by your bank.
+2. From a deployment or project on the home page, select **Manage**.
+3. From the lower navigation menu, select **Billing and Subscription**.
+4. On the **Overview** page, select **Add billing information**.
+5. If prompted, complete the multifactor authentication (MFA) required by your bank.
 
 If you want, you can stop new charges by [deleting your project or deployment](/deploy-manage/uninstall/delete-a-cloud-deployment.md).

deploy-manage/cloud-organization/billing/add-billing-details.md

@@ -33,10 +33,11 @@ If, at any time during your monthly subscription with {{ecloud}}, you decide you
 To change your subscription level:
 
 1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
-2. Select the user icon on the header bar and select **Billing** from the menu.
-3. On the **Overview** page, select **Update subscription**.
-4. Choose a new subscription level.
-5. Save your changes.
+2. From a deployment or project on the home page, select **Manage**.
+3. From the lower navigation menu, select **Billing and Subscription**.
+4. On the **Overview** page, select **Update subscription**.
+5. Choose a new subscription level.
+6. Save your changes.
 
 ::::{important}
 * Changing to a higher subscription level takes place immediately. Moving to a lower subscription level takes effect 30 days after you most recently changed to a higher subscription level. In the interim, you pay the current rate. If you haven’t performed a self-service change in the past 30 days, then the change to the lower subscription level is immediate.