[Serverless] Docs how Elastic Cloud API keys affect rule behavior#6722
[Serverless] Docs how Elastic Cloud API keys affect rule behavior#6722nastasha-solomon wants to merge 24 commits into
Conversation
Elastic Docs AI PR menuCheck the box to run an AI review for this pull request.
Powered by GitHub Agentic Workflows and docs-actions. For more information, reach out to the docs team. |
Elastic Docs Style Checker (Vale)Summary: 2 suggestions found 💡 Suggestions (2): Optional style improvements. Apply when helpful.
The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale. |
|
@nastasha-solomon reviewed. Thank you |
|
|
||
| :::{dropdown} Within 90 days | ||
| <!-- SME REVIEW: "Review API key expiration" is not in the source of truth. Verify the 90-day default expiry, that expired keys stop rules, and that Elastic sends expiration warning emails to the key creator and operational contacts. --> | ||
| - **Review API key expiration**: {{ecloud}} API keys expire after 90 days by default. When a key expires, dependent rules stop running. Check the expiration date for keys created during migration and extend or adjust them if 90 days is too short for your use case. Elastic sends an expiration warning email to the key creator and operational contacts as the date approaches. |
There was a problem hiding this comment.
AFAIK API Keys have no expiration date, we better verify this with the security team.
ersin-erdal
left a comment
There was a problem hiding this comment.
LGTM.
Left a comment about API Key expiration date.
| :::{dropdown} Right after migration | ||
| - **Check rule execution status**: Go to **{{stack-manage-app}} > {{rules-ui}}** or your app's rules page and review the last run status for all rules. Investigate any rules showing a failed or warning status before moving on. If you use Elastic Security detection rules, also check for gaps caused by the migration. Refer to [Fill rule execution gaps](/solutions/security/detect-and-alert/fill-rule-gaps.md) for instructions. | ||
|
|
||
| - **Resolve migration errors promptly**: If the UI shows API key errors for a rule, open the rule and save it with a valid user following the in-product prompts. Rules with missing owners or invalid role assignments won't run until resolved. |
There was a problem hiding this comment.
this is not necessarily true, the rules should continue running and will fall back on ES api keys. However, there's an in app UI indicator letting users know when UIAM api keys is not available for the rule. Users can take a manual action on the rule in the UI to trigger the creation of a new UIAM api key for said rule.
|
|
||
| :::{dropdown} Within 90 days | ||
| <!-- SME REVIEW: "Review API key expiration" is not in the source of truth. Verify the 90-day default expiry, that expired keys stop rules, and that Elastic sends expiration warning emails to the key creator and operational contacts. --> | ||
| - **Review API key expiration**: {{ecloud}} API keys expire after 90 days by default. When a key expires, dependent rules stop running. Check the expiration date for keys created during migration and extend or adjust them if 90 days is too short for your use case. Elastic sends an expiration warning email to the key creator and operational contacts as the date approaches. |
Summary
Fixes https://github.com/elastic/docs-content-internal/issues/702 by documenting how Elastic Cloud API keys work with alerting rules in Serverless projects.
Added: Rules and Elastic Cloud API keys in Serverless (new page)
File:
explore-analyze/alerting/alerts/rules-and-elastic-cloud-api-keys.mdPreview: Rules and Elastic Cloud API keys in Serverless
Summary of changes:
NOTE: Several sections contain SME review comments flagging claims that need technical verification before publishing (API key expiration defaults, expiration email behavior).
Added: API key rules snippet
File:
solutions/_snippets/api-key-rules.mdPreview: Index threshold
Summary of changes:
Snippet is a note containing a brief explanation that rules use an API key to authorize background tasks, and to point them to the right reference page for their deployment type (Elasticsearch API keys for Stack, Elastic Cloud API keys for Serverless). Snippet was added to 21 Observability and Stack Management rule-related pages in the docs.
Updated: Detection rule concepts
File:
solutions/security/detect-and-alert/detection-rule-concepts.mdPreview: Detection rule concepts
Summary of changes:
Updated: Alerting | Authentication (Observability incident management)
File:
solutions/observability/incident-management/alerting.mdPreview: Alerting | Authentication
Summary of changes:
Added a reference to the "Elastic Cloud API keys" page for Serverless-specific details.
Updated: Setup Kibana alerting | API keys
File:
explore-analyze/alerting/alerts/alerting-setup.mdPreview: Setup Kibana alerting | API keys
Summary of changes:
Added a reference to the "Elastic Cloud API keys" page for Serverless-specific details.
Generative AI disclosure