feat(self-managed): aws opensearch doc (#4406)

camunda · Nov 6, 2024 · 62dc5c8 · 62dc5c8
1 parent 3797185
commit 62dc5c8
Show file tree

Hide file tree

Showing 17 changed files with 3,322 additions and 2,316 deletions.
diff --git a/docs/self-managed/setup/deploy/amazon/amazon-eks/eks-helm.md b/docs/self-managed/setup/deploy/amazon/amazon-eks/eks-helm.md
diff --git a/docs/self-managed/setup/deploy/amazon/amazon-eks/eksctl.md b/docs/self-managed/setup/deploy/amazon/amazon-eks/eksctl.md
diff --git a/docs/self-managed/setup/deploy/amazon/amazon-eks/irsa.md b/docs/self-managed/setup/deploy/amazon/amazon-eks/irsa.md
diff --git a/docs/self-managed/setup/deploy/amazon/amazon-eks/terraform-setup.md b/docs/self-managed/setup/deploy/amazon/amazon-eks/terraform-setup.md
diff --git a/docs/self-managed/setup/guides/using-existing-opensearch.md b/docs/self-managed/setup/guides/using-existing-opensearch.md
@@ -12,7 +12,7 @@ This guide steps through using an existing Amazon OpenSearch Service instance. B
 
 ### Authentication
 
-There are two layers of permissions with OpenSearch: AWS IAM and OpenSearch internal. If you would like to connect to OpenSearch using AWS IAM roles for service accounts (IRSA) then please also refer to the [IAM roles for service accounts documentation](/self-managed/setup/deploy/amazon/amazon-eks/irsa.md#OpenSearch).
+There are two layers of permissions with OpenSearch: AWS IAM and OpenSearch internal. If you would like to connect to OpenSearch using AWS IAM roles for service accounts (IRSA) then please also refer to the [IAM roles for service accounts documentation](/self-managed/setup/deploy/amazon/amazon-eks/terraform-setup.md#opensearch-module-setup).
 
 Otherwise, if it is intended to connect to Amazon OpenSearch Service with basic auth, then the example below can be followed:
 
@@ -46,7 +46,7 @@ If you do not wish to specify the username and password in plaintext within the
 
 ```yaml
 global:
-  opensearcn:
+  opensearch:
     auth:
       existingSecret: secretName
       existingSecretKey: secretKey

diff --git a/versioned_docs/version-8.3/self-managed/concepts/multi-tenancy.md b/versioned_docs/version-8.3/self-managed/concepts/multi-tenancy.md
@@ -21,7 +21,7 @@ Multi-tenancy is currently only available for Camunda 8 Self-Managed with authen
 
 ## Multi-tenancy in Camunda 8
 
-Multi-tenancy in the context of Camunda 8 refers to the ability of the Camunda 8 platform to serve multiple distinct
+Multi-tenancy in the context of Camunda 8 refers to the ability of the Camunda platform to serve multiple distinct
 [tenants](/self-managed/identity/user-guide/tenants/managing-tenants.md) or clients within a single installation. Multi-tenancy in Camunda 8 extends these capabilities to cater to the
 needs of different departments, teams, or even external clients, all within a shared Camunda environment. Here's a closer
 look at what multi-tenancy is in Camunda 8:

diff --git a/...3/self-managed/platform-deployment/helm-kubernetes/platforms/amazon-eks/irsa.md b/...3/self-managed/platform-deployment/helm-kubernetes/platforms/amazon-eks/irsa.md
@@ -235,7 +235,7 @@ Don't forget to set the `serviceAccountName` of the deployment/statefulset to th
 
 ### Web Modeler
 
-Since Web Modeler RestAPI uses PostgreSQL, configure the `restapi` to use IRSA with Amazon Aurora PostgreSQL. Check the [Web Modeler database configuration](../../../../modeler/web-modeler/configuration/database.md#running-web-modeler-on-amazon-aurora-postgresql) for more details.
+As the Web Modeler REST API uses PostgreSQL, configure the `restapi` to use IRSA with Amazon Aurora PostgreSQL. Check the [Web Modeler database configuration](../../../../modeler/web-modeler/configuration/database.md#running-web-modeler-on-amazon-aurora-postgresql) for more details.
 Web Modeler already comes fitted with the [aws-advanced-jdbc-wrapper](https://github.com/awslabs/aws-advanced-jdbc-wrapper) within the Docker image.
 
 #### Kubernetes configuration

diff --git a/...lf-managed/platform-deployment/helm-kubernetes/platforms/amazon-eks/eks-helm.md b/...lf-managed/platform-deployment/helm-kubernetes/platforms/amazon-eks/eks-helm.md
@@ -12,7 +12,7 @@ Lastly you'll verify that the connection to your Self-Managed Camunda 8 environm
 
 ## Prerequisites
 
-- A Kubernetes cluster; see the [eksctl](./eksctl.md) or [terraform](./terraform-setup.md) guide.
+- A Kubernetes cluster; see the [eksctl](./eksctl.md) or [Terraform](./terraform-setup.md) guide.
 - [Helm (3.16+)](https://helm.sh/docs/intro/install/)
 - [kubectl (1.30+)](https://kubernetes.io/docs/tasks/tools/#kubectl) to interact with the cluster.
 - (optional) Domain name/[hosted zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-working-with.html) in Route53. This allows you to expose Camunda 8 and connect via [zbctl](../../../../../../apis-tools/cli-client/) or [Camunda Modeler](https://camunda.com/download/modeler/).

diff --git a/...4/self-managed/platform-deployment/helm-kubernetes/platforms/amazon-eks/irsa.md b/...4/self-managed/platform-deployment/helm-kubernetes/platforms/amazon-eks/irsa.md
@@ -184,7 +184,7 @@ For additional details, refer to the [Camunda 8 Helm deployment documentation](.
 
 ### Web Modeler
 
-Since Web Modeler RestAPI uses PostgreSQL, configure the `restapi` to use IRSA with Amazon Aurora PostgreSQL. Check the [Web Modeler database configuration](../../../../modeler/web-modeler/configuration/database.md#running-web-modeler-on-amazon-aurora-postgresql) for more details.
+As the Web Modeler REST API uses PostgreSQL, configure the `restapi` to use IRSA with Amazon Aurora PostgreSQL. Check the [Web Modeler database configuration](../../../../modeler/web-modeler/configuration/database.md#running-web-modeler-on-amazon-aurora-postgresql) for more details.
 Web Modeler already comes fitted with the [aws-advanced-jdbc-wrapper](https://github.com/awslabs/aws-advanced-jdbc-wrapper) within the Docker image.
 
 #### Kubernetes configuration

diff --git a/versioned_docs/version-8.5/self-managed/setup/deploy/amazon/amazon-eks/eks-helm.md b/versioned_docs/version-8.5/self-managed/setup/deploy/amazon/amazon-eks/eks-helm.md
@@ -12,7 +12,7 @@ Lastly you'll verify that the connection to your Self-Managed Camunda 8 environm
 
 ## Prerequisites
 
-- A Kubernetes cluster; see the [eksctl](./eksctl.md) or [terraform](./terraform-setup.md) guide.
+- A Kubernetes cluster; see the [eksctl](./eksctl.md) or [Terraform](./terraform-setup.md) guide.
 - [Helm (3.16+)](https://helm.sh/docs/intro/install/)
 - [kubectl (1.30+)](https://kubernetes.io/docs/tasks/tools/#kubectl) to interact with the cluster.
 - (optional) Domain name/[hosted zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-working-with.html) in Route53. This allows you to expose Camunda 8 and connect via [zbctl](../../../../../../apis-tools/cli-client/) or [Camunda Modeler](https://camunda.com/download/modeler/).

diff --git a/versioned_docs/version-8.5/self-managed/setup/deploy/amazon/amazon-eks/irsa.md b/versioned_docs/version-8.5/self-managed/setup/deploy/amazon/amazon-eks/irsa.md
@@ -266,7 +266,7 @@ For additional details, refer to the [Camunda 8 Helm deployment documentation](/
 
 ### Web Modeler
 
-Since Web Modeler RestAPI uses PostgreSQL, configure the `restapi` to use IRSA with Amazon Aurora PostgreSQL. Check the [Web Modeler database configuration](../../../../modeler/web-modeler/configuration/database.md#running-web-modeler-on-amazon-aurora-postgresql) for more details.
+As the Web Modeler REST API uses PostgreSQL, configure the `restapi` to use IRSA with Amazon Aurora PostgreSQL. Check the [Web Modeler database configuration](../../../../modeler/web-modeler/configuration/database.md#running-web-modeler-on-amazon-aurora-postgresql) for more details.
 Web Modeler already comes fitted with the [aws-advanced-jdbc-wrapper](https://github.com/awslabs/aws-advanced-jdbc-wrapper) within the Docker image.
 
 #### Kubernetes configuration
@@ -538,8 +538,6 @@ There are different ways to configure the mapping within Amazon OpenSearch Servi
 
 To authorize the IAM role in OpenSearch for access, follow these steps:
 
-**_Note that this example uses basic authentication (username and password), which may not be the best practice for all scenarios, especially if fine-grained access control is enabled._** The endpoint used in this example is not exposed by default, so consult your OpenSearch documentation for specifics on enabling and securing this endpoint.
-
 Use the following `curl` command to update the OpenSearch internal database and authorize the IAM role for access. Replace placeholders with your specific values:
 
 ```bash
@@ -562,6 +560,12 @@ curl -sS -u "<OS_DOMAIN_USER>:<OS_DOMAIN_PASSWORD>" \
 - Replace `<OS_ENDPOINT>` with your OpenSearch endpoint URL.
 - Replace `<ROLE_NAME>` with the IAM role name created by Terraform, which is output by the `opensearch_role` module.
 
+:::note Security of basic auth usage
+
+**This example uses basic authentication (username and password), which may not be the best practice for all scenarios, especially if fine-grained access control is enabled.** The endpoint used in this example is not exposed by default, so consult your OpenSearch documentation for specifics on enabling and securing this endpoint.
+
+:::
+
 </details>
 
 The important part is assigning the `iam_role_arn` of the previously created `opensearch_role` to an internal role within Amazon OpenSearch Service. For example, `all_access` on the Amazon OpenSearch Service side is a good candidate, or if required, extra roles can be created with more restrictive access.

diff --git a/versioned_docs/version-8.5/self-managed/setup/guides/using-existing-opensearch.md b/versioned_docs/version-8.5/self-managed/setup/guides/using-existing-opensearch.md
@@ -56,7 +56,7 @@ If you do not wish to specify the username and password in plaintext within the
 
 ```yaml
 global:
-  opensearcn:
+  opensearch:
     auth:
       existingSecret: secretName
       existingSecretKey: secretKey