elastic · benironside · Oct 6, 2025 · Oct 7, 2025 · Oct 7, 2025 · Oct 7, 2025
@@ -36,15 +36,19 @@ Two deployment technologies are available: agentless and agent-based.
 4. Select **AWS**, then either **AWS Organization** to onboard multiple accounts, or **Single Account** to onboard an individual account.
 5. Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`.
 6. In **Deployment options**, select **Agentless**.
-7. Next, you’ll need to authenticate to AWS. Two methods are available:
+7. Next, you’ll need to authenticate to AWS. Three methods are available:
 
-    * Option 1: Direct access keys/CloudFormation (Recommended). For **Preferred method**, select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the displayed instructions to automatically create the necessary credentials using CloudFormation.
+    * {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Option 1: Cloud Connector (recommended). 
+      * To use a pre-existing Cloud Connector for this deployment, select it under **Existing connection**. 
+      * To use a new Cloud Connector: under **New connection**, expand the **Steps to assume role** section. Complete the instructions to generate a `Role ARN` and `External ID`; enter them in Kibana.
+
+    * Option 2: Direct access keys/CloudFormation. For **Preferred method**, select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the displayed instructions to automatically create the necessary credentials using CloudFormation.
 
        ::::{note}
        If you don’t want to monitor every account in your organization, specify which to monitor using the `OrganizationalUnitIDs` field that appears after you click **Launch CloudFormation**.
        ::::
 
-    * Option 2: Temporary keys. To authenticate using temporary keys, refer to the instructions for [temporary keys](/solutions/security/cloud/asset-disc-aws.md#cad-aws-temp-credentials).
+    * Option 3: Temporary keys. To authenticate using temporary keys, refer to the instructions for [temporary keys](/solutions/security/cloud/asset-disc-aws.md#cad-aws-temp-credentials).
 
 8. Once you’ve selected an authentication method and provided all necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 

@@ -38,7 +38,13 @@ Two deployment technologies are available: agentless and agent-based.
 4. Select **Azure**, then either **Azure Organization** to onboard your whole organization, or **Single Subscription** to onboard an individual subscription.
 5. Give your integration a name that matches the purpose or team of the Azure subscription/organization you want to monitor, for example, `dev-azure-account`.
 6. In **Deployment options**, select **Agentless**.
-7. Next, you’ll need to authenticate to Azure by providing a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to [Service principal with client secret](/solutions/security/cloud/asset-disc-azure.md#cad-azure-client-secret).
+7. Next, you’ll need to authenticate to Azure. Two methods are available:
+
+    * {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Option 1: Cloud Connector (recommended). 
+      * To use a pre-existing Cloud Connector for this deployment, select it under **Existing connection**. 
+      * To use a new Cloud Connector: under **New connection**, expand the **Steps to create Managed User Identity in Azure** section. Complete the instructions to generate a `Client ID` and `Tenant ID`, then enter them in Kibana.
+
+    * Option 2: Azure Client ID with Client Secret. Provide a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to [Service principal with client secret](/solutions/security/cloud/asset-disc-azure.md#cad-azure-client-secret).
 8. Once you’ve provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 
 ## Agent-based deployment [cad-azure-agent-based]

@@ -47,15 +47,19 @@ Two deployment technologies are available: agentless and agent-based.
 :::
 
 7. In **Deployment options** select **Agentless**.
-8. Next, you’ll need to authenticate to AWS. Two methods are available:
+8. Next, you’ll need to authenticate to AWS. Three methods are available:
 
-    * Option 1: Direct access keys/CloudFormation (Recommended). For **Preferred method**, select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the displayed instructions to automatically create the necessary credentials using CloudFormation.
+    * {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Option 1: Cloud Connector (recommended). 
+      * To use a pre-existing Cloud Connector for this deployment, select it under **Existing connection**. 
+      * To use a new Cloud Connector: under **New connection**, expand the **Steps to assume role** section. Complete the instructions to generate a `Role ARN` and `External ID`; enter them in Kibana.
+
+    * Option 2: Direct access keys/CloudFormation. For **Preferred method**, select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the instructions to automatically create the necessary credentials using CloudFormation.
 
        ::::{note}
        If you don’t want to monitor every account in your organization, specify which to monitor using the `OrganizationalUnitIDs` field that appears after you click **Launch CloudFormation**.
        ::::
 
-    * Option 2: Temporary keys. To authenticate using temporary keys, refer to the instructions for [temporary keys](/solutions/security/cloud/get-started-with-cspm-for-aws.md#cspm-use-temp-credentials).
+    * Option 3: Temporary keys. To authenticate using temporary keys, refer to the instructions for [temporary keys](/solutions/security/cloud/get-started-with-cspm-for-aws.md#cspm-use-temp-credentials).
 
 9. Once you’ve selected an authentication method and provided all necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 

@@ -50,7 +50,15 @@ Two deployment technologies are available: agentless and agent-based.
 :::
 
 7. For **Deployment options**, select **Agentless**.
-8. For **Setup Access**, authenticate to Azure by providing a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to [Service principal with client secret](/solutions/security/cloud/get-started-with-cspm-for-azure.md#cspm-azure-client-secret).
+8. Next, you’ll need to authenticate to Azure. Two methods are available:
+
+    * {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Option 1: Cloud Connector (recommended). 
+      * To use a pre-existing Cloud Connector for this deployment, select it under **Existing connection**. 
+      * To use a new Cloud Connector: under **New connection**, expand the **Steps to create Managed User Identity in Azure** section. Complete the instructions to generate a `Client ID` and `Tenant ID`, then enter them in Kibana.
+
+    * Option 2: Azure Client ID with Client Secret. Provide a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to [Service principal with client secret](/solutions/security/cloud/get-started-with-cspm-for-azure.md#cspm-azure-client-secret).
+
+
 9. Once you’ve provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes.
 
 ## Agent-based deployment [cspm-azure-agent-based]

@@ -0,0 +1,19 @@
+---
+applies_to:
+  stack: preview 9.2
+  serverless:
+    security: preview
+---
+
+# Deploy integrations using cloud connector
+
+Cloud connector deployment for integrations allows you to quickly provide Elastic with access to your third-party cloud service provider accounts. This deployment method reduces administrative burden by eliminating the need to keep track of authentication details such as API keys or passwords. Ultimately, cloud connectors are meant to make it easy to manage deployments with many integrations collecting data from CSPs, by providing a simple, reusable means of authentication. 
+
+## Where is cloud connector deployment supported?
+
+At the current stage of this technical preview, a limited selection of cloud providers and integrations are supported.
+
+You can use cloud connector deployment to authenticate with AWS and Azure while deploying either Elastic's Cloud Security Posture Management (CSPM) or Asset Discovery integration. For deployment instructions, refer to:
+
+- Asset Discovery: Asset Discovery on Azure; Asset Discovery on AWS
+- CSPM: CSPM on Azure; CSPM on AWS
@@ -527,6 +527,7 @@ toc:
               - file: security/get-started/automatic-migration.md
               - file: security/get-started/automatic-import.md
               - file: security/get-started/content-connectors.md
+              - file: security/get-started/cloud-connector-deployment.md
               - file: security/get-started/agentless-integrations.md
               - file: security/get-started/agentless-integrations-faq.md
           - file: security/get-started/spaces-elastic-security.md