elastic · lcawl · Mar 19, 2025 · Mar 17, 2025 · Mar 17, 2025 · Mar 17, 2025
diff --git a/docs/docset.yml b/docs/docset.yml
diff --git a/docs/reference/elasticsearch-plugins/discovery-ec2-usage.md b/docs/reference/elasticsearch-plugins/discovery-ec2-usage.md
@@ -22,22 +22,24 @@ discovery.seed_providers: ec2
 
 ## Configuring EC2 discovery [_configuring_ec2_discovery]
 
-EC2 discovery supports a number of settings. Some settings are sensitive and must be stored in the [{{es}} keystore](docs-content://deploy-manage/security/secure-settings.md). For example, to authenticate using a particular access key and secret key, add these keys to the keystore by running the following commands:
+EC2 discovery supports a number of settings. Some settings are sensitive and must be stored in the {{es}} keystore. For example, to authenticate using a particular access key and secret key, add these keys to the keystore by running the following commands:
 
 ```sh
 bin/elasticsearch-keystore add discovery.ec2.access_key
 bin/elasticsearch-keystore add discovery.ec2.secret_key
 ```
 
+All **secure** settings of this plugin are reloadable, allowing you to update the secure settings for this plugin without needing to restart each node. For more information about secure and reloadable settings, go to [Secure your settings](docs-content://deploy-manage/security/secure-settings.md).
+
 The available settings for the EC2 discovery plugin are as follows.
 
-`discovery.ec2.access_key` ({{ref}}/secure-settings.html[Secure], [reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings))
+`discovery.ec2.access_key` (Secure, reloadable)
 :   An EC2 access key. If set, you must also set `discovery.ec2.secret_key`. If unset, `discovery-ec2` will instead use the instance role. This setting is sensitive and must be stored in the {{es}} keystore.
 
-`discovery.ec2.secret_key` ({{ref}}/secure-settings.html[Secure], [reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings))
+`discovery.ec2.secret_key` (Secure, reloadable)
 :   An EC2 secret key. If set, you must also set `discovery.ec2.access_key`. This setting is sensitive and must be stored in the {{es}} keystore.
 
-`discovery.ec2.session_token` ({{ref}}/secure-settings.html[Secure], [reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings))
+`discovery.ec2.session_token` (Secure, reloadable)
 :   An EC2 session token. If set, you must also set `discovery.ec2.access_key` and `discovery.ec2.secret_key`. This setting is sensitive and must be stored in the {{es}} keystore.
 
 `discovery.ec2.endpoint`
@@ -52,10 +54,10 @@ The available settings for the EC2 discovery plugin are as follows.
 `discovery.ec2.proxy.scheme`
 :   The scheme to use when connecting to the EC2 service endpoint through proxy specified in `discovery.ec2.proxy.host`. Valid values are `http` or `https`. Defaults to `http`.
 
-`discovery.ec2.proxy.username` ({{ref}}/secure-settings.html[Secure], [reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings))
+`discovery.ec2.proxy.username` (Secure, reloadable)
 :   When the address of an HTTP proxy is given in `discovery.ec2.proxy.host`, this setting determines the username to use to connect to the proxy. When not set, no username is used. This setting is sensitive and must be stored in the {{es}} keystore.
 
-`discovery.ec2.proxy.password` ({{ref}}/secure-settings.html[Secure], [reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings))
+`discovery.ec2.proxy.password` (Secure, reloadable)
 :   When the address of an HTTP proxy is given in `discovery.ec2.proxy.host`, this setting determines the password to use to connect to the proxy. When not set, no password is used. This setting is sensitive and must be stored in the {{es}} keystore.
 
 `discovery.ec2.read_timeout`
@@ -97,9 +99,6 @@ The names of tags used for discovery may only contain ASCII letters, numbers, hy
 `discovery.ec2.node_cache_time`
 :   Sets the length of time for which the collection of discovered instances is cached. {{es}} waits at least this long between requests for discovery information from the EC2 API. AWS may reject discovery requests if they are made too often, and this would cause discovery to fail. Defaults to `10s`.
 
-All **secure** settings of this plugin are [reloadable](docs-content://deploy-manage/security/secure-settings.md#reloadable-secure-settings), allowing you to update the secure settings for this plugin without needing to restart each node.
-
-
 ## Recommended EC2 permissions [discovery-ec2-permissions]
 
 The `discovery-ec2` plugin works by making a `DescribeInstances` call to the AWS EC2 API. You must configure your AWS account to allow this, which is normally done using an IAM policy. You can create a custom policy via the IAM Management Console. It should look similar to this.

diff --git a/docs/reference/elasticsearch/roles.md b/docs/reference/elasticsearch/roles.md
@@ -105,7 +105,7 @@ $$$built-in-roles-remote-monitoring-collector$$$ `remote_monitoring_collector`
 :   Grants the minimum privileges required to collect monitoring data for the {{stack}}.
 
 $$$built-in-roles-reporting-user$$$ `reporting_user`
-:   Grants the necessary privileges required to use {{reporting}} features in {{kib}}, including generating and downloading reports. This role implicitly grants access to all Kibana reporting features, with each user having access only to their own reports. Note that reporting users should also be assigned additional roles that grant read access to the [indices](https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv) that will be used to generate reports.
+:   Grants the necessary privileges required to use {{report-features}} in {{kib}}, including generating and downloading reports. This role implicitly grants access to all Kibana reporting features, with each user having access only to their own reports. Note that reporting users should also be assigned additional roles that grant read access to the [indices](https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv) that will be used to generate reports.
 
 $$$built-in-roles-rollup-admin$$$ `rollup_admin`
 :   Grants `manage_rollup` cluster privileges, which enable you to manage and execute all rollup actions.