[aws] Add var_groups for credential type selection with Identity Federation#19828
[aws] Add var_groups for credential type selection with Identity Federation#19828andrewkroh wants to merge 2 commits into
Conversation
✅ Elastic Docs Style Checker (Vale)No issues found on modified lines! The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale. |
🚀 Benchmarks reportPackage
|
| Data stream | Previous EPS | New EPS | Diff (%) | Result |
|---|---|---|---|---|
firewall_logs |
3968.25 | 3278.69 | -689.56 (-17.38%) | 💔 |
lambda_logs |
10869.57 | 7575.76 | -3293.81 (-30.3%) | 💔 |
rds |
31250 | 18867.92 | -12382.08 (-39.62%) | 💔 |
route53_public_logs |
20000 | 10000 | -10000 (-50%) | 💔 |
route53_resolver_logs |
7936.51 | 6622.52 | -1313.99 (-16.56%) | 💔 |
cloudwatch_logs |
200000 | 142857.14 | -57142.86 (-28.57%) | 💔 |
config |
4000 | 3039.51 | -960.49 (-24.01%) | 💔 |
emr_logs |
18867.92 | 12345.68 | -6522.24 (-34.57%) | 💔 |
To see the full report comment with /test benchmark fullreport
8863ece to
c616bd9
Compare
This comment has been minimized.
This comment has been minimized.
c616bd9 to
feb0a03
Compare
This comment has been minimized.
This comment has been minimized.
51f64b7 to
9dea76e
Compare
This comment has been minimized.
This comment has been minimized.
7aa1477 to
7710222
Compare
|
The PR's |
…ration Bump format_version to 3.6.0 and version to 7.0.0. Reorganize AWS credential configuration into a `Setup Access` var_groups selector with six options: Identity Federation, Direct Access Keys, Temporary Access Keys, Assume Role, Assume Role with External ID, and Shared Credentials. Key changes: - format_version: 3.4.0 → 3.6.0 - version: 6.20.3 → 7.0.0 - kibana.version: "^8.19.4 || ^9.2.1" → "^9.4.0" - agent.version: "^9.4.0" - var_groups: credential_type selector with 6 options - external_id is now secret: true - New vars: assume_role_duration, assume_role_expiry_window, supports_cloud_connectors - hide_in_var_group_options for 13 inputs across services that don't support Identity Federation - GuardDuty httpjson stream: switch to auth.aws: block and add Identity Federation policy tests - Add conditions.agent.version: ^9.4.0 because guardduty now requires it. Source: elastic#19278 (Omolola-Akinleye/integrations)
7710222 to
8f9dffa
Compare
|
✅ All changelog entries have the correct PR link. |
💔 Build Failed
Failed CI StepsHistory
|
TL;DR
Remediation
Investigation detailsRoot CauseThis PR introduces an Elastic Agent version condition in With that condition present, Fleet can report a version-suffixed agent policy ID such as The upstream fix changes The PR head also points at this same failure mode in Evidence
The pre-fetched Buildkite log starts at stack teardown/artifact upload, so it does not include the earlier script-test timeout text. The root-cause trace above is based on the PR-head AWS files, the linked VerificationNot run locally; Docker-backed Follow-upIf this remains red after the fixed What is this? | From workflow: PR Buildkite Detective Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not. |
Proposed commit message
Summary
This PR carries the var_groups / Identity Federation work from #19278 forward on top of the processor-tags pre-landing from #19824.
What changed
format_versionfrom 3.4.0 to 3.6.0 and packageversionfrom 6.20.3 to 7.0.0.^9.4.0for thevar_groupsUI feature andauth.awsruntime support.credential_typevar_groups selector with Identity Federation, Direct Access Keys, Temporary Access Keys, Assume Role, Assume Role with External ID, and Shared Credentials options.assume_role_duration,assume_role_expiry_window, andsupports_cloud_connectorsvariables.external_idas secret.auth.awsblock.Related
Checklist
changelog.ymlfile.