Skip to content

[Cloud-Security] Adding var-groups to support authentication vars - related to cloud connector feature#18762

Open
seanrathier wants to merge 2 commits intoelastic:mainfrom
seanrathier:var_groups
Open

[Cloud-Security] Adding var-groups to support authentication vars - related to cloud connector feature#18762
seanrathier wants to merge 2 commits intoelastic:mainfrom
seanrathier:var_groups

Conversation

@seanrathier
Copy link
Copy Markdown
Contributor

@seanrathier seanrathier commented May 1, 2026

Replaces #16985 — that PR could not be reopened after its head branch was reset (GitHub returned "no new commits on the seanrathier:var_groups branch" for both API and web reopen). Re-submitting with the same scope and head branch (seanrathier:var_groups).

Summary

Adds var_groups configuration to the AWS integration package to enable a credential type selector in Fleet UI, improving the user experience when configuring AWS authentication methods.

Related PRs

Changes

  • Added var_groups section to package manifest with credential_type group containing:

    • Direct Access Keys (access_key_id, secret_access_key)
    • Temporary Access Keys (access_key_id, secret_access_key, session_token)
    • Cloud Connector (role_arn, external_id) - for agentless deployments
    • Assume Role (role_arn)
    • Assume Role with External ID (role_arn, external_id)
    • Shared Credentials (shared_credential_file, credential_profile_name)

  • Added hide_in_var_group_options to GuardDuty aws-s3 input to hide Cloud Connector option (not supported for S3 input)

  • Updated credential variables (role_arn, external_id, shared_credential_file, credential_profile_name) to show_user: true so that users can see the vars in var group options

Screenshots

Screen.Recording.2026-01-23.at.10.06.07.AM.mov
Screenshot 2026-01-16 at 11 08 15 AM

Related Issues

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Made with Cursor

@seanrathier seanrathier requested a review from a team as a code owner May 1, 2026 15:39
@seanrathier seanrathier added Team:Integrations Label for the Integrations team Team:Fleet Fleet team [elastic/fleet] labels May 1, 2026
@seanrathier seanrathier requested a review from a team as a code owner May 1, 2026 15:39
@seanrathier seanrathier added Integration:aws AWS Team:Cloud Security Cloud Security team [elastic/cloud-security-posture] Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] labels May 1, 2026
@seanrathier seanrathier requested a review from a team as a code owner May 1, 2026 15:39
@seanrathier seanrathier self-assigned this May 1, 2026
@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented May 1, 2026

Pinging @elastic/integrations (Team:Integrations)

@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented May 1, 2026

Pinging @elastic/fleet (Team:Fleet)

@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented May 1, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@seanrathier seanrathier mentioned this pull request May 1, 2026
Closed
5 tasks
macroscopeapp[bot]
macroscopeapp Bot reviewed May 1, 2026
View reviewed changes
Comment thread packages/aws/manifest.yml
Comment thread packages/aws/manifest.yml
@seanrathier @cursoragent
AWS: add var_groups for credential type selection with Cloud Connecto…
7f73a19 
…r support

Squashed from 23 WIP commits on var_groups branch.
Adds var_groups schema to AWS manifest for credential type selection,
including Cloud Connector for agentless deployments alongside traditional
credential methods (direct access keys, assume role, shared credentials).

Includes GuardDuty policy tests for cloud connector and legacy credentials.

Co-authored-by: Cursor <cursoragent@cursor.com>
@seanrathier @cursoragent
AWS: hide Cloud Connectors for untested agentless policy templates
200c650 
Add hide_in_var_group_options for cloud_connectors on inputs of
agentless-enabled policy templates that have not been validated with
Cloud Connectors yet (awshealth, billing, dynamodb, elb, lambda, rds,
sns, sqs, transitgateway). The guardduty httpjson input remains
enabled for Cloud Connectors as before.

Co-authored-by: Cursor <cursoragent@cursor.com>
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented May 1, 2026
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @seanrathier

@github-actions github-actions Bot mentioned this pull request May 4, 2026
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@macroscopeapp macroscopeapp[bot] macroscopeapp[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@seanrathier seanrathier

Labels

Integration:aws AWS Team:Cloud Security Cloud Security team [elastic/cloud-security-posture] Team:Fleet Fleet team [elastic/fleet] Team:Integrations Label for the Integrations team Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@seanrathier @elasticmachine