elastic · benironside · Sep 26, 2024 · Oct 2, 2024 · Oct 2, 2024 · Oct 2, 2024
@@ -38,15 +38,19 @@ You can set up CSPM for AWS either by enrolling a single cloud account, or by en
 . Click *Add Cloud Security Posture Management (CSPM)*.
 . Select *AWS*, then either *AWS Organization* to onboard multiple accounts, or *Single Account* to onboard an individual account.
 . Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`.
+. beta:[] (Optional) Click **Advanced settings** to deploy the integration using agentless technology. 
+
 
 
 [discrete]
 [[cspm-set-up-cloud-access-section]]
 == Set up cloud account access
-The CSPM integration requires access to AWS’s built-in https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor[`SecurityAudit` IAM policy] in order to discover and evaluate resources in your cloud account. There are several ways to provide access.
+The CSPM integration requires access to AWS's built-in https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor[`SecurityAudit` IAM policy] in order to discover and evaluate resources in your cloud account. There are several ways to provide access.
 
 For most use cases, the simplest option is to use AWS CloudFormation to automatically provision the necessary resources and permissions in your AWS account. This method, as well as several manual options, are described below.
 
+NOTE: beta:[] Agentless deployments support two authentication methods: <<cspm-use-temp-credentials, temporary keys>> and <<cspm-use-keys-directly, direct access keys>>.
+
 [discrete]
 [[cspm-set-up-cloudformation]]
 === CloudFormation (recommended)
@@ -208,7 +212,7 @@ image::images/cspm-aws-auth-3.png[The EC2 page in AWS, showing the Modify IAM ro
 .. Click *Update IAM role*.
 .. Return to {kib} and <<cspm-finish-manual, finish manual setup>>.
 
-IMPORTANT: Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in {kib}, in the *Setup Access* section, select *Assume role* and leave *Role ARN* empty. Click *Save and continue*.
+IMPORTANT: Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in {kib}, in the *Setup Access* section, select *Assume role*. Leave **Role ARN** empty unless you want to specify a role the ((agent)) should assume instead of the default role for your EC2 instance. Click *Save and continue*.
 
 [discrete]
 [[cspm-use-keys-directly]]
@@ -222,7 +226,7 @@ IMPORTANT: You must select *Programmatic access* when creating the IAM user.
 [discrete]
 [[cspm-use-temp-credentials]]
 === Option 3 - Temporary security credentials
-You can configure temporary security credentials in AWS to last for a specified duration. They consist of an access key ID, a secret access key, and a security token, which is typically found using `GetSessionToken`.
+You can configure temporary security credentials in AWS to last for a specified duration. They consist of an access key ID, a secret access key, and a session token, which is typically found using `GetSessionToken`.
 
 Because temporary security credentials are short term, once they expire, you will need to generate new ones and manually update the integration's configuration to continue collecting cloud posture data. Update the credentials before they expire to avoid data loss.
 

@@ -0,0 +1,3 @@
+[[agentless-integrations]]
+= Agentless integrations
+
@@ -17,6 +17,7 @@ include::security-ui.asciidoc[leveloffset=+1]
 include::ingest-data.asciidoc[leveloffset=+1]
 include::threat-intel-integrations.asciidoc[leveloffset=+2]
 include::automatic-import.asciidoc[leveloffset=+2]
+include::agentless-integrations.asciidoc[leveloffset=+2]
 
 include::security-spaces.asciidoc[leveloffset=+1]
 

@@ -41,14 +41,22 @@ You can set up CSPM for AWS either by enrolling a single cloud account, or by en
 1. Click **Add Cloud Security Posture Management (CSPM)**.
 1. Select **AWS**, then either **AWS Organization** to onboard multiple accounts, or **Single Account** to onboard an individual account.
 1. Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`.
+1. <DocBadge template="beta" /> (Optional) Click **Advanced settings** to deploy the integration using agentless technology. 
+
 
 <div id="cspm-set-up-cloud-access-section"></div>
 
 ## Set up cloud account access
-The CSPM integration requires access to AWS’s built-in [`SecurityAudit` IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor) in order to discover and evaluate resources in your cloud account. There are several ways to provide access.
+The CSPM integration requires access to AWS's built-in [`SecurityAudit` IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor) in order to discover and evaluate resources in your cloud account. There are several ways to provide access.
 
 For most use cases, the simplest option is to use AWS CloudFormation to automatically provision the necessary resources and permissions in your AWS account. This method, as well as several manual options, are described below.
 
+<DocCallOut title="Note">
+<DocBadge template="beta" /> Agentless deployments support two authentication methods: 
+<DocLink slug="/serverless/security/cspm-get-started" section="option-2-direct-access-keys">Direct access keys</DocLink> and <DocLink slug="/serverless/security/cspm-get-started" section="option-3-temporary-security-credentials">Temporary keys</DocLink>.
+</DocCallOut>
+
+
 <div id="cspm-set-up-cloudformation"></div>
 
 ### CloudFormation (recommended)
@@ -222,7 +230,7 @@ Follow AWS's [IAM roles for Amazon EC2](https://docs.aws.amazon.com/AWSEC2/lates
     1. Return to ((kib)) and <DocLink slug="/serverless/security/cspm-get-started" section="finish-manual-setup">finish manual setup</DocLink>.
 
 <DocCallOut title="Important" color="warning">
-Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in Kibana, in the **Setup Access** section, select **Assume role** and leave **Role ARN** empty. Click **Save and continue**.
+Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in Kibana, in the **Setup Access** section, select **Assume role**. Leave **Role ARN** empty unless you want to specify a role the ((agent)) should assume instead of the default role for your EC2 instance. Click **Save and continue**.
 </DocCallOut>
 
 <div id="cspm-use-keys-directly"></div>