Remove deprecated references for plain text auth in AWS wodle

nico-stefani · nico-stefani · commit 807e25e7c57c · 2024-02-20T10:24:06.000-03:00
diff --git a/source/cloud-security/amazon/services/prerequisites/considerations.rst b/source/cloud-security/amazon/services/prerequisites/considerations.rst
@@ -36,7 +36,7 @@ Reparse
 -------
 
 .. warning::
-  
+
    Using the ``reparse`` option will fetch and process all the logs from the starting date until the present. This process may generate duplicate alerts.
 
 To fetch and process older logs, you need to manually run the module using the ``--reparse`` option.
@@ -231,6 +231,7 @@ The `service_endpoint` and `sts_endpoint` tags can be used to specify the VPC en
     </bucket>
 
     <bucket type="cloudtrail">
+      <aws_profile>default</aws_profile>
       <name>wazuh-cloudtrail-2</name>
       <aws_profile>default</aws_profile>
       <iam_role_arn>arn:aws:iam::xxxxxxxxxxx:role/wazuh-role</iam_role_arn>
diff --git a/source/cloud-security/amazon/services/prerequisites/credentials.rst b/source/cloud-security/amazon/services/prerequisites/credentials.rst
@@ -16,7 +16,6 @@ There are multiple ways to configure the AWS credentials:
 - `IAM Roles`_
 - `IAM roles for EC2 instances`_
 - `Environment variables`_
-- `Insert the credentials into the configuration`_
 
 Create an IAM User
 ------------------
@@ -182,20 +181,3 @@ If you're using a single AWS account for all your buckets this could be the most
 
 * ``AWS_ACCESS_KEY_ID``
 * ``AWS_SECRET_ACCESS_KEY``
-
-Insert the credentials into the configuration
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. deprecated:: 4.4.0
-
-Another available option to set up credentials is writing them right into the Wazuh configuration file (``/var/ossec/etc/ossec.conf``), inside of the ``<bucket>`` block on the module configuration.
-
-This is an example configuration:
-
-.. code-block:: xml
-
-  <bucket type="cloudtrail">
-    <name>my-bucket</name>
-    <access_key>insert_access_key</access_key>
-    <secret_key>insert_secret_key</secret_key>
-  </bucket>
diff --git a/source/user-manual/reference/ossec-conf/wodle-s3.rst b/source/user-manual/reference/ossec-conf/wodle-s3.rst
@@ -157,10 +157,6 @@ The available types are:  ``cloudtrail``, ``guardduty``, ``vpcflow``, ``config``
 +----------------------------------------+-------------------------------------------------------------+-----------------------------------------------+
 | :ref:`bucket_account_alias`            | Any string                                                  | Optional                                      |
 +----------------------------------------+-------------------------------------------------------------+-----------------------------------------------+
-| :ref:`bucket_access_key`               | Alphanumerical key                                          | Optional                                      |
-+----------------------------------------+-------------------------------------------------------------+-----------------------------------------------+
-| :ref:`bucket_secret_key`               | Alphanumerical key                                          | Optional                                      |
-+----------------------------------------+-------------------------------------------------------------+-----------------------------------------------+
 | :ref:`bucket_aws_profile`              | Any string                                                  | Optional                                      |
 +----------------------------------------+-------------------------------------------------------------+-----------------------------------------------+
 | :ref:`bucket_iam_role_arn`             | IAM role ARN                                                | Optional                                      |
@@ -228,37 +224,6 @@ A user-friendly name for the AWS account.
 | **Allowed values** | Any string                  |
 +--------------------+-----------------------------+
 
-.. _bucket_access_key:
-
-access_key
-^^^^^^^^^^
-
-.. deprecated:: 4.4.0
-
-The access key ID for the IAM user with the permission to read logs from the bucket.
-
-+--------------------+--------------------------+
-| **Default value**  | N/A                      |
-+--------------------+--------------------------+
-| **Allowed values** | Any alphanumerical key   |
-+--------------------+--------------------------+
-
-.. _bucket_secret_key:
-
-
-secret_key
-^^^^^^^^^^
-
-.. deprecated:: 4.4.0
-
-The secret key created for the IAM user with the permission to read logs from the bucket.
-
-+--------------------+--------------------------+
-| **Default value**  | N/A                      |
-+--------------------+--------------------------+
-| **Allowed values** | Any alphanumerical key   |
-+--------------------+--------------------------+
-
 .. _bucket_aws_profile:
 
 aws_profile
@@ -505,10 +470,6 @@ The available types are: ``cloudwatchlogs``, and ``inspector``.
 +----------------------------------------+-------------------------------------------------------------+-----------------------------------------------+
 | :ref:`service_aws_log_groups`          | Comma-separated list of valid log group names               | Mandatory for CloudWatch Logs                 |
 +----------------------------------------+-------------------------------------------------------------+-----------------------------------------------+
-| :ref:`service_access_key`              | Any alphanumerical key                                      | Optional                                      |
-+----------------------------------------+-------------------------------------------------------------+-----------------------------------------------+
-| :ref:`service_secret_key`              | Any alphanumerical key                                      | Optional                                      |
-+----------------------------------------+-------------------------------------------------------------+-----------------------------------------------+
 | :ref:`service_aws_profile`             | Valid profile name                                          | Optional                                      |
 +----------------------------------------+-------------------------------------------------------------+-----------------------------------------------+
 | :ref:`service_discard_regex`           | A regex to determine if an event must be discarded          | Optional                                      |
@@ -555,19 +516,6 @@ A user-friendly name for the AWS account.
 | **Allowed values** | Any string                  |
 +--------------------+-----------------------------+
 
-.. _service_access_key:
-
-access_key
-^^^^^^^^^^
-
-The access key ID for the IAM user with the permission to access the service.
-
-+--------------------+--------------------------+
-| **Default value**  | N/A                      |
-+--------------------+--------------------------+
-| **Allowed values** | Any alphanumerical key   |
-+--------------------+--------------------------+
-
 .. _service_aws_log_groups:
 
 aws_log_groups
@@ -581,19 +529,6 @@ A comma-separated list of log group names from where the logs should be extracte
 | **Allowed values** | Comma-separated list of valid log group names  |
 +--------------------+------------------------------------------------+
 
-.. _service_secret_key:
-
-secret_key
-^^^^^^^^^^
-
-The secret key created for the IAM user with the permission to access the service.
-
-+--------------------+--------------------------+
-| **Default value**  | N/A                      |
-+--------------------+--------------------------+
-| **Allowed values** | Any alphanumerical key   |
-+--------------------+--------------------------+
-
 .. _service_aws_profile:
 
 aws_profile
