Skip to content

Commit

Permalink
Apply suggestions from code review
Browse files Browse the repository at this point in the history 
Signed-off-by: Naarcha-AWS <[email protected]>
  • Loading branch information
@Naarcha-AWS
Naarcha-AWS authored Sep 26, 2024
1 parent 17e978d commit 6322957
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions _security-analytics/threat-intelligence/getting-started.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ Local files uploaded as the threat intelligence source must use the following sp

When using the `S3_SOURCE` as a remote store, the following connection information must be provided:

- **IAM Role ARN**: The Amazon Resource Name (ARN) for an AWS Identity and Access Management (IAM) role. When using the AWS OpenSearch Service, the role ARN needs to be in the same account as the OpenSearch domain. For more information on adding a new role for AWS OpenSearch Service, see [Add service ARN](#add-service-arn).
- **IAM Role ARN**: The Amazon Resource Name (ARN) for an AWS Identity and Access Management (IAM) role. When using the AWS OpenSearch Service, the role ARN needs to be in the same account as the OpenSearch domain. For more information about adding a new role for the AWS OpenSearch Service, see [Add service ARN](#add-service-arn).
- **S3 bucket directory**: The name of the Amazon Simple Storage Service (Amazon S3) bucket in which the `STIX2` file is stored. To access an S3 bucket in a different AWS account, see the [Cross-account S3 bucket connection](#cross-account-s3-bucket-connection) section for more details.
- **Specify a file**: The object key for the `STIX2` file in the S3 bucket.
- **Region**: The AWS Region for the S3 bucket.
Expand Down Expand Up @@ -89,7 +89,7 @@ When using the AWS OpenSearch Service, using the following steps to add a new AR

#### Cross-account S3 bucket connection

Because the role ARN needs to be in the same account as the OpenSearch domain, a trust policy needs to be configured that allowsthe OpenSearch domain to download from S3 buckets from the same account.
Because the role ARN needs to be in the same account as the OpenSearch domain, a trust policy needs to be configured that allows the OpenSearch domain to download from S3 buckets from the same account.

To download from an S3 bucket in another account, the trust policy for that bucket needs to give the role ARN permission to read from the object, as shown in the following example:

Expand Down

0 comments on commit 6322957

Please sign in to comment.