[tanium] Add options to configure non-public S3 (#16080)

The options are:
- endpoint
- region
- extenal_id
- default_region

This also makes all `aws-s3.yml.hbs` files identical, and matches the
S3 sections of `./data_stream/*/manifest.yml` files.

Author: chrisberkhout

packages/tanium/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.17.0"
+  changes:
+    - description: Add options to configure non-public S3.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/16080
 - version: "1.16.2"
   changes:
     - description: Fix handling of SQS worker count configuration.

packages/tanium/data_stream/action_history/agent/stream/aws-s3.yml.hbs

@@ -44,6 +44,15 @@ file_selectors:
 number_of_workers: {{number_of_workers}}
 {{/if}}
 
+{{#if endpoint}}
+endpoint: {{endpoint}}
+{{/if}}
+{{#if region}}
+region: {{region}}
+{{/if}}
+{{#if default_region}}
+default_region: {{default_region}}
+{{/if}}
 {{#if access_key_id}}
 access_key_id: {{access_key_id}}
 {{/if}}
@@ -53,15 +62,18 @@ secret_access_key: {{secret_access_key}}
 {{#if session_token}}
 session_token: {{session_token}}
 {{/if}}
-{{#if shared_credential_file}}
-shared_credential_file: {{shared_credential_file}}
-{{/if}}
 {{#if credential_profile_name}}
 credential_profile_name: {{credential_profile_name}}
 {{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
 {{#if role_arn}}
 role_arn: {{role_arn}}
 {{/if}}
+{{#if external_id}}
+external_id: {{external_id}}
+{{/if}}
 {{#if fips_enabled}}
 fips_enabled: {{fips_enabled}}
 {{/if}}

packages/tanium/data_stream/client_status/agent/stream/aws-s3.yml.hbs

@@ -44,6 +44,15 @@ file_selectors:
 number_of_workers: {{number_of_workers}}
 {{/if}}
 
+{{#if endpoint}}
+endpoint: {{endpoint}}
+{{/if}}
+{{#if region}}
+region: {{region}}
+{{/if}}
+{{#if default_region}}
+default_region: {{default_region}}
+{{/if}}
 {{#if access_key_id}}
 access_key_id: {{access_key_id}}
 {{/if}}
@@ -53,15 +62,18 @@ secret_access_key: {{secret_access_key}}
 {{#if session_token}}
 session_token: {{session_token}}
 {{/if}}
-{{#if shared_credential_file}}
-shared_credential_file: {{shared_credential_file}}
-{{/if}}
 {{#if credential_profile_name}}
 credential_profile_name: {{credential_profile_name}}
 {{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
 {{#if role_arn}}
 role_arn: {{role_arn}}
 {{/if}}
+{{#if external_id}}
+external_id: {{external_id}}
+{{/if}}
 {{#if fips_enabled}}
 fips_enabled: {{fips_enabled}}
 {{/if}}

packages/tanium/data_stream/discover/agent/stream/aws-s3.yml.hbs

@@ -44,6 +44,15 @@ file_selectors:
 number_of_workers: {{number_of_workers}}
 {{/if}}
 
+{{#if endpoint}}
+endpoint: {{endpoint}}
+{{/if}}
+{{#if region}}
+region: {{region}}
+{{/if}}
+{{#if default_region}}
+default_region: {{default_region}}
+{{/if}}
 {{#if access_key_id}}
 access_key_id: {{access_key_id}}
 {{/if}}
@@ -53,15 +62,18 @@ secret_access_key: {{secret_access_key}}
 {{#if session_token}}
 session_token: {{session_token}}
 {{/if}}
-{{#if shared_credential_file}}
-shared_credential_file: {{shared_credential_file}}
-{{/if}}
 {{#if credential_profile_name}}
 credential_profile_name: {{credential_profile_name}}
 {{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
 {{#if role_arn}}
 role_arn: {{role_arn}}
 {{/if}}
+{{#if external_id}}
+external_id: {{external_id}}
+{{/if}}
 {{#if fips_enabled}}
 fips_enabled: {{fips_enabled}}
 {{/if}}

packages/tanium/data_stream/endpoint_config/agent/stream/aws-s3.yml.hbs

@@ -44,6 +44,15 @@ file_selectors:
 number_of_workers: {{number_of_workers}}
 {{/if}}
 
+{{#if endpoint}}
+endpoint: {{endpoint}}
+{{/if}}
+{{#if region}}
+region: {{region}}
+{{/if}}
+{{#if default_region}}
+default_region: {{default_region}}
+{{/if}}
 {{#if access_key_id}}
 access_key_id: {{access_key_id}}
 {{/if}}
@@ -53,17 +62,17 @@ secret_access_key: {{secret_access_key}}
 {{#if session_token}}
 session_token: {{session_token}}
 {{/if}}
-{{#if shared_credential_file}}
-shared_credential_file: {{shared_credential_file}}
-{{/if}}
 {{#if credential_profile_name}}
 credential_profile_name: {{credential_profile_name}}
 {{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
 {{#if role_arn}}
 role_arn: {{role_arn}}
 {{/if}}
-{{#if endpoint}}
-endpoint: {{endpoint}}
+{{#if external_id}}
+external_id: {{external_id}}
 {{/if}}
 {{#if fips_enabled}}
 fips_enabled: {{fips_enabled}}

packages/tanium/data_stream/reporting/agent/stream/aws-s3.yml.hbs

@@ -44,6 +44,15 @@ file_selectors:
 number_of_workers: {{number_of_workers}}
 {{/if}}
 
+{{#if endpoint}}
+endpoint: {{endpoint}}
+{{/if}}
+{{#if region}}
+region: {{region}}
+{{/if}}
+{{#if default_region}}
+default_region: {{default_region}}
+{{/if}}
 {{#if access_key_id}}
 access_key_id: {{access_key_id}}
 {{/if}}
@@ -53,15 +62,18 @@ secret_access_key: {{secret_access_key}}
 {{#if session_token}}
 session_token: {{session_token}}
 {{/if}}
-{{#if shared_credential_file}}
-shared_credential_file: {{shared_credential_file}}
-{{/if}}
 {{#if credential_profile_name}}
 credential_profile_name: {{credential_profile_name}}
 {{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
 {{#if role_arn}}
 role_arn: {{role_arn}}
 {{/if}}
+{{#if external_id}}
+external_id: {{external_id}}
+{{/if}}
 {{#if fips_enabled}}
 fips_enabled: {{fips_enabled}}
 {{/if}}

packages/tanium/data_stream/threat_response/agent/stream/aws-s3.yml.hbs

@@ -44,6 +44,15 @@ file_selectors:
 number_of_workers: {{number_of_workers}}
 {{/if}}
 
+{{#if endpoint}}
+endpoint: {{endpoint}}
+{{/if}}
+{{#if region}}
+region: {{region}}
+{{/if}}
+{{#if default_region}}
+default_region: {{default_region}}
+{{/if}}
 {{#if access_key_id}}
 access_key_id: {{access_key_id}}
 {{/if}}
@@ -53,15 +62,18 @@ secret_access_key: {{secret_access_key}}
 {{#if session_token}}
 session_token: {{session_token}}
 {{/if}}
-{{#if shared_credential_file}}
-shared_credential_file: {{shared_credential_file}}
-{{/if}}
 {{#if credential_profile_name}}
 credential_profile_name: {{credential_profile_name}}
 {{/if}}
+{{#if shared_credential_file}}
+shared_credential_file: {{shared_credential_file}}
+{{/if}}
 {{#if role_arn}}
 role_arn: {{role_arn}}
 {{/if}}
+{{#if external_id}}
+external_id: {{external_id}}
+{{/if}}
 {{#if fips_enabled}}
 fips_enabled: {{fips_enabled}}
 {{/if}}

packages/tanium/data_stream/threat_response/manifest.yml

@@ -75,7 +75,7 @@ streams:
         show_user: false
         default: |
           - regex: "threat_response/"
-        description: If the SQS queue will have events that correspond to files that this integration shouldn’t process, file_selectors can be used to limit the files that are downloaded. This is a list of selectors which are made up of regex and expand_event_list_from_field options. The regex should match the S3 object key in the SQS message, and the optional expand_event_list_from_field is the same as the global setting. If file_selectors is given, then any global expand_event_list_from_field value is ignored in favor of the ones specified in the file_selectors. Multiple regexes are used [RE2 syntax](https://pkg.go.dev/regexp/syntax). Files that don’t match any of the regexes will not be processed.
+        description: If the SQS queue will have events that correspond to files that this integration shouldn’t process, file_selectors can be used to limit the files that are downloaded. This is a list of selectors which are made up of regex and expand_event_list_from_field options. The regex should match the S3 object key in the SQS message, and the optional expand_event_list_from_field is the same as the global setting. If file_selectors is given, then any global expand_event_list_from_field value is ignored in favor of the ones specified in the file_selectors. Regexes use [RE2 syntax](https://pkg.go.dev/regexp/syntax). Files that don’t match one of the regexes will not be processed.
       - name: tags
         type: text
         title: Tags

packages/tanium/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.3"
 name: tanium
 title: Tanium
-version: "1.16.2"
+version: "1.17.0"
 description: This Elastic integration collects logs from Tanium with Elastic Agent.
 type: integration
 categories:
@@ -124,6 +124,22 @@ policy_templates:
             required: false
             show_user: false
             description: AWS IAM Role to assume.
+          - name: endpoint
+            type: text
+            title: Endpoint
+            multi: false
+            required: false
+            show_user: false
+            default: ""
+            description: URL of the entry point for an AWS web service.
+          - name: region
+            type: text
+            title: Region
+            multi: false
+            required: false
+            show_user: false
+            default: ""
+            description: The name of the AWS region of the end point.
           - name: fips_enabled
             type: bool
             title: Enable S3 FIPS
@@ -132,6 +148,21 @@ policy_templates:
             required: false
             show_user: false
             description: Enabling this option changes the service name from `s3` to `s3-fips` for connecting to the correct service endpoint.
+          - name: external_id
+            type: text
+            title: External ID
+            multi: false
+            required: false
+            show_user: false
+            description: External ID to use when assuming a role in another account, see [the AWS documentation for use of external IDs](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html).
+          - name: default_region
+            type: text
+            title: Default AWS Region
+            multi: false
+            required: false
+            show_user: false
+            default: ""
+            description: Default region to use prior to connecting to region specific services/endpoints if no AWS region is set from environment variable, credentials or instance profile. If none of the above are set and no default region is set as well, `us-east-1` is used. A region, either from environment variable, credentials or instance profile or from this default region setting, needs to be set when using regions in non-regular AWS environments such as AWS China or US Government Isolated.
           - name: proxy_url
             type: text
             title: Proxy URL