diff --git a/config/_default/config.yaml b/config/_default/config.yaml index 8cdbeacef8ace..ec0fb2f4320d1 100644 --- a/config/_default/config.yaml +++ b/config/_default/config.yaml @@ -104,6 +104,8 @@ module: target: data - source: assets target: assets + - source: layouts/shortcodes + target: layouts/shortcodes mounts: # default mounts diff --git a/layouts/shortcodes/aws-permissions.en.md b/layouts/shortcodes/aws-permissions.en.md deleted file mode 100644 index 9709f48487db1..0000000000000 --- a/layouts/shortcodes/aws-permissions.en.md +++ /dev/null @@ -1,258 +0,0 @@ -## AWS IAM permissions - -AWS IAM permissions enable Datadog to collect metrics, tags, EventBridge events, and other data necessary to monitor your AWS environment. - -To correctly set up the AWS Integration, you must attach the relevant IAM policies to the **Datadog AWS Integration IAM Role** in your AWS account. - -### AWS integration IAM policy - -The set of permissions necessary to use all the integrations for individual AWS services. - -The following permissions included in the policy document use wild cards such as `List*` and `Get*`. If you require strict policies, use the complete action names as listed and reference the Amazon API documentation for your respective services. - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "account:GetAccountInformation", - "account:GetContactInformation", - "airflow:GetEnvironment", - "airflow:ListEnvironments", - "amplify:List*", - "aoss:BatchGetCollection", - "aoss:ListCollections", - "apigateway:GET", - "appstream:Describe*", - "aps:DescribeRuleGroupsNamespace", - "aps:DescribeScraper", - "aps:DescribeWorkspace", - "aps:ListRuleGroupsNamespaces", - "aps:ListScrapers", - "aps:ListWorkspaces", - "autoscaling:Describe*", - "backup:List*", - "batch:DescribeJobQueues", - "batch:DescribeSchedulingPolicies", - "batch:ListSchedulingPolicies", - "bcm-data-exports:GetExport", - "bcm-data-exports:ListExports", - "bedrock:Get*", - "bedrock:List*", - "budgets:ViewBudget", - "cassandra:Select", - "cloudfront:GetDistributionConfig", - "cloudfront:ListDistributions", - "cloudhsm:DescribeBackups", - "cloudhsm:DescribeClusters", - "cloudtrail:DescribeTrails", - "cloudtrail:GetTrail", - "cloudtrail:GetTrailStatus", - "cloudtrail:ListTrails", - "cloudtrail:LookupEvents", - "cloudwatch:Describe*", - "cloudwatch:Get*", - "cloudwatch:List*", - "codeartifact:DescribeDomain", - "codeartifact:DescribePackageGroup", - "codeartifact:DescribeRepository", - "codeartifact:ListDomains", - "codeartifact:ListPackageGroups", - "codeartifact:ListPackages", - "codedeploy:BatchGet*", - "codedeploy:List*", - "codepipeline:ListWebhooks", - "connect:Describe*", - "connect:List*", - "controltower:GetLandingZone", - "controltower:ListEnabledBaselines", - "controltower:ListEnabledControls", - "controltower:ListLandingZones", - "cur:DescribeReportDefinitions", - "datazone:GetDomain", - "datazone:ListDomains", - "deadline:GetBudget", - "deadline:GetLicenseEndpoint", - "deadline:GetQueue", - "deadline:List*", - "directconnect:Describe*", - "dlm:GetLifecyclePolicies", - "dlm:GetLifecyclePolicy", - "docdb-elastic:GetCluster", - "docdb-elastic:GetClusterSnapshot", - "docdb-elastic:ListClusterSnapshots", - "drs:Describe*", - "dsql:GetCluster", - "dsql:ListClusters", - "dynamodb:Describe*", - "dynamodb:List*", - "ec2:Describe*", - "ec2:Get*", - "ecs:Describe*", - "ecs:List*", - "eks:Describe*", - "eks:List*", - "elasticache:Describe*", - "elasticache:List*", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeTags", - "elasticloadbalancing:Describe*", - "elasticmapreduce:Describe*", - "elasticmapreduce:List*", - "emr-containers:ListManagedEndpoints", - "emr-containers:ListSecurityConfigurations", - "emr-containers:ListVirtualClusters", - "es:DescribeElasticsearchDomains", - "es:ListDomainNames", - "es:ListTags", - "events:CreateEventBus", - "fsx:DescribeFileSystems", - "fsx:ListTagsForResource", - "glacier:GetVaultNotifications", - "glue:ListRegistries", - "grafana:DescribeWorkspace", - "greengrass:Get*", - "health:DescribeAffectedEntities", - "health:DescribeEventDetails", - "health:DescribeEvents", - "iam:ListAccountAliases", - "imagebuilder:Get*", - "imagebuilder:List*", - "iotsitewise:Describe*", - "iotsitewise:List*", - "iottwinmaker:Get*", - "iottwinmaker:ListComponentTypes", - "iottwinmaker:ListEntities", - "iottwinmaker:ListScenes", - "iotwireless:Get*", - "iotwireless:List*", - "ivs:GetChannel", - "ivs:GetRecordingConfiguration", - "ivs:List*", - "ivschat:GetLoggingConfiguration", - "ivschat:GetRoom", - "ivschat:ListLoggingConfigurations", - "ivschat:ListRooms", - "kinesis:Describe*", - "kinesis:List*", - "lambda:GetFunction", - "lambda:List*", - "launchwizard:GetDeployment", - "launchwizard:ListDeployments", - "lightsail:GetInstancePortStates", - "logs:DeleteSubscriptionFilter", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:DescribeSubscriptionFilters", - "logs:FilterLogEvents", - "logs:PutSubscriptionFilter", - "logs:TestMetricFilter", - "macie2:GetAllowList", - "macie2:GetCustomDataIdentifier", - "macie2:GetMacieSession", - "macie2:ListAllowLists", - "macie2:ListCustomDataIdentifiers", - "macie2:ListMembers", - "managedblockchain:Get*", - "managedblockchain:List*", - "memorydb:Describe*", - "mobiletargeting:Get*", - "mobiletargeting:ListJourneys", - "mobiletargeting:ListTemplates", - "networkmanager:Get*", - "networkmanager:List*", - "oam:ListAttachedLinks", - "oam:ListSinks", - "organizations:Describe*", - "organizations:List*", - "osis:GetPipeline", - "osis:GetPipelineBlueprint", - "osis:ListPipelineBlueprints", - "osis:ListPipelines", - "pca-connector-ad:ListConnectors", - "pca-connector-ad:ListDirectoryRegistrations", - "pca-connector-ad:ListTemplates", - "pca-connector-scep:ListConnectors", - "pipes:ListPipes", - "proton:Get*", - "proton:List*", - "qbusiness:Get*", - "qbusiness:ListDataAccessors", - "qldb:ListJournalKinesisStreamsForLedger", - "ram:GetResourceShareInvitations", - "rbin:GetRule", - "rbin:ListRules", - "rds:Describe*", - "rds:List*", - "redshift-serverless:List*", - "redshift:DescribeClusters", - "redshift:DescribeLoggingStatus", - "resiliencehub:DescribeApp", - "resiliencehub:DescribeAppAssessment", - "resiliencehub:List*", - "resource-explorer-2:GetIndex", - "resource-explorer-2:GetManagedView", - "resource-explorer-2:GetView", - "resource-explorer-2:ListManagedViews", - "resource-explorer-2:ListViews", - "resource-groups:GetGroup", - "resource-groups:ListGroups", - "route53:List*", - "rum:GetAppMonitor", - "rum:ListAppMonitors", - "s3-outposts:ListRegionalBuckets", - "s3:Get*", - "s3:ListAllMyBuckets", - "s3:PutBucketNotification", - "savingsplans:DescribeSavingsPlanRates", - "savingsplans:DescribeSavingsPlans", - "scheduler:GetSchedule", - "scheduler:ListScheduleGroups", - "scheduler:ListSchedules", - "ses:Get*", - "ses:List*", - "signer:GetSigningProfile", - "signer:ListSigningProfiles", - "sms-voice:Describe*", - "sns:GetSubscriptionAttributes", - "sns:List*", - "sns:Publish", - "social-messaging:GetLinkedWhatsAppBusinessAccount", - "social-messaging:ListLinkedWhatsAppBusinessAccounts", - "sqs:ListQueues", - "ssm:GetServiceSetting", - "ssm:ListCommands", - "states:DescribeStateMachine", - "states:ListStateMachines", - "support:DescribeTrustedAdvisor*", - "support:RefreshTrustedAdvisorCheck", - "tag:GetResources", - "tag:GetTagKeys", - "tag:GetTagValues", - "timestream:DescribeEndpoints", - "timestream:ListTables", - "waf-regional:GetRule", - "waf-regional:GetRuleGroup", - "waf-regional:ListRuleGroups", - "waf-regional:ListRules", - "waf:GetRule", - "waf:GetRuleGroup", - "waf:ListRuleGroups", - "waf:ListRules", - "wafv2:GetIPSet", - "wafv2:GetRegexPatternSet", - "wafv2:GetRuleGroup", - "wafv2:ListLoggingConfigurations", - "workmail:DescribeOrganization", - "workmail:ListOrganizations", - "xray:BatchGetTraces", - "xray:GetTraceSummaries" - ], - "Effect": "Allow", - "Resource": "*" - } - ] -} -```