[Cloud Security Posture] Add cloud connector support for Asset Discovery Integration (#13992)

* Add cloud connector support for Asset Discovery Integration

* add support cloud connectors

Author: Omolola-Akinleye

packages/cloud_asset_inventory/changelog.yml

@@ -1,6 +1,11 @@
 # newer versions go on top
 # version map:
 # 0.1.x - 8.15.x
+- version: "0.17.0"
+  changes:
+    - description: Add cloud connector support Asset Inventory for AWS
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/13992
 - version: "0.16.0"
   changes:
     - description: Move object Attributes to flattened entity.raw

packages/cloud_asset_inventory/data_stream/asset_inventory/agent/stream/aws.yml.hbs

@@ -5,6 +5,9 @@ config:
     asset_inventory_provider: aws
     aws:
       account_type: {{aws.account_type}}
+      {{#if aws.supports_cloud_connectors}}
+      supports_cloud_connectors: {{aws.supports_cloud_connectors}}
+      {{/if}}
       credentials:
         {{#if aws.access_key_id}}
         access_key_id: {{aws.access_key_id}}
@@ -24,4 +27,7 @@ config:
         {{#if aws.role_arn}}
         role_arn: {{aws.role_arn}}
         {{/if}}
+        {{#if aws.credentials.external_id}}
+        external_id: {{aws.credentials.external_id}}
+        {{/if}}
         type: {{aws.credentials.type}}

packages/cloud_asset_inventory/data_stream/asset_inventory/manifest.yml

@@ -49,6 +49,12 @@ streams:
           value: cloud_formation
         - name: aws.account_type
           value: single-account
+      cloud_connectors:
+        - name: aws.credentials.type
+          value: cloud_connectors
+        - name: aws.account_type
+        - name: aws.role_arn
+        - name: aws.credentials.external_id
     vars:
       - name: aws.account_type
         title: Account type
@@ -79,6 +85,8 @@ streams:
             value: temporary_keys
           - text: Shared Credentials (Manual)
             value: shared_credentials
+          - text: Cloud Connectors
+            value: cloud_connectors
       - name: aws.access_key_id
         type: text
         title: Access Key ID
@@ -124,6 +132,20 @@ streams:
         required: false
         show_user: false
         description: Required when using Assume Role
+      - name: aws.supports_cloud_connectors
+        type: bool
+        title: Supports Cloud Connectors
+        multi: false
+        required: false
+        show_user: false
+        secret: false
+      - name: aws.credentials.external_id
+        type: password
+        title: External ID
+        multi: false
+        required: false
+        show_user: false
+        secret: true
   - input: cloudbeat/asset_inventory_azure
     title: Azure Asset Discovery
     description: Asset Discovery Discovery for Azure

packages/cloud_asset_inventory/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.3.2
 name: cloud_asset_inventory
 title: "Cloud Asset Discovery"
-version: "0.16.0"
+version: "0.17.0"
 source:
   license: "Elastic-2.0"
 description: "Discover and Create Cloud Assets Discovery"
@@ -67,6 +67,16 @@ policy_templates:
             description: Template URL to Cloud Formation Cloud Credentials Stack
             # ACCOUNT_TYPE value should be either "single-account" or "organization-account"
             default: https://console.aws.amazon.com/cloudformation/home#/stacks/quickcreate?templateURL=https://elastic-cspm-cft.s3.eu-central-1.amazonaws.com/cloudformation-asset-inventory-ACCOUNT_TYPE-8.17.0.yml
+          - name: cloud_formation_cloud_connectors_template
+            type: text
+            title: CloudFormation Cloud Connectors Template
+            multi: false
+            required: true
+            show_user: false
+            description: Template URL to Cloud Formation Cloud Connectors Stack
+            # ACCOUNT_TYPE value should be either "single-account" or "organization-account"
+            # RESOURCE_ID is the project id for serverless / kibana component id for ess
+            default: https://console.aws.amazon.com/cloudformation/home#/stacks/quickcreate?templateURL=https://elastic-cspm-cft.s3.eu-central-1.amazonaws.com/cloudformation-cloud-connectors-ACCOUNT_TYPE-8.19.0.yml&param_ElasticResourceId=RESOURCE_ID
       - type: cloudbeat/asset_inventory_azure
         title: Azure Asset Discovery
         description: Azure Asset Discovery