diff --git a/docs/reference/aws-lambda-config-options.md b/docs/reference/aws-lambda-config-options.md index b626a500..73cb9d2e 100644 --- a/docs/reference/aws-lambda-config-options.md +++ b/docs/reference/aws-lambda-config-options.md @@ -41,7 +41,7 @@ The size of the buffer that stores APM agent data to be forwarded to the APM ser ### `ELASTIC_APM_SECRET_TOKEN` or `ELASTIC_APM_API_KEY` [aws-lambda-config-authentication-keys] -One of these (or, alternatively, the corresponding settings for the AWS Secrets Manager IDs) needs to be set as the authentication method that the {{apm-lambda-ext}} uses when sending data to the URL configured via `ELASTIC_APM_LAMBDA_APM_SERVER`. Alternatively, you can store your APM Server credentials [using the AWS Secrets Manager](/reference/aws-lambda-secrets-manager.md) and use the [`ELASTIC_APM_SECRETS_MANAGER_SECRET_TOKEN_ID` or `ELASTIC_APM_SECRETS_MANAGER_API_KEY_ID`](#aws-lambda-config-secrets-manager-options) config options, instead. Sending data to the APM Server if none of these options is set is possible, but your APM agent must be allowed to send data to your APM server in [anonymous mode](docs-content://solutions/observability/apps/configure-anonymous-authentication.md). +One of these (or, alternatively, the corresponding settings for the AWS Secrets Manager IDs) needs to be set as the authentication method that the {{apm-lambda-ext}} uses when sending data to the URL configured via `ELASTIC_APM_LAMBDA_APM_SERVER`. Alternatively, you can store your APM Server credentials [using the AWS Secrets Manager](/reference/aws-lambda-secrets-manager.md) and use the [`ELASTIC_APM_SECRETS_MANAGER_SECRET_TOKEN_ID` or `ELASTIC_APM_SECRETS_MANAGER_API_KEY_ID`](#aws-lambda-config-secrets-manager-options) config options, instead. Sending data to the APM Server if none of these options is set is possible, but your APM agent must be allowed to send data to your APM server in [anonymous mode](docs-content://solutions/observability/apm/configure-anonymous-authentication.md). ### `ELASTIC_APM_SECRETS_MANAGER_SECRET_TOKEN_ID` or `ELASTIC_APM_SECRETS_MANAGER_API_KEY_ID` [aws-lambda-config-secrets-manager-options] diff --git a/docs/reference/aws-lambda-secrets-manager.md b/docs/reference/aws-lambda-secrets-manager.md index 61f62ff9..0301676e 100644 --- a/docs/reference/aws-lambda-secrets-manager.md +++ b/docs/reference/aws-lambda-secrets-manager.md @@ -10,7 +10,7 @@ When using the config options [`ELASTIC_APM_SECRET_TOKEN` or `ELASTIC_APM_API_KE ## Step 1: Create a secret in the AWS Secrets Manager. [aws-lambda-secrets-manager-create-secret] -[Create a secret in the AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_secret.html) for the [APM Secret Token](docs-content://solutions/observability/apps/secret-token.md) or the [APM API key](docs-content://solutions/observability/apps/api-keys.md), depending on which one you prefer to use. Make sure to create the secret as a **Plaintext** typed secret and ensure it is created **in the same AWS region** as your target Lambda function that will use the secret. +[Create a secret in the AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_secret.html) for the [APM Secret Token](docs-content://solutions/observability/apm/secret-token.md) or the [APM API key](docs-content://solutions/observability/apm/api-keys.md), depending on which one you prefer to use. Make sure to create the secret as a **Plaintext** typed secret and ensure it is created **in the same AWS region** as your target Lambda function that will use the secret. We recommend using the AWS-managed encryption key `aws/secretsmanager`. However, you can optionally create and select a custom KMS key for encryption. Note that with a custom encryption key, you will need additional key permissions on your Lambda function (see [Step 2](#aws-lambda-secrets-manager-permissions)). @@ -262,7 +262,7 @@ resource "aws_iam_policy_attachment" "secrets_manager_elastic_apm_policy_attach" Finally, you will need to configure the {{apm-lambda-ext}} to use the secret from the Secrets Manager *instead of* the value provided through [`ELASTIC_APM_SECRET_TOKEN` or `ELASTIC_APM_API_KEY`](/reference/aws-lambda-config-options.md#aws-lambda-config-authentication-keys). -Provide the name of the secret you created in [Step 1](#aws-lambda-secrets-manager-create-secret) as the value for the [`ELASTIC_APM_SECRETS_MANAGER_SECRET_TOKEN_ID` or `ELASTIC_APM_SECRETS_MANAGER_API_KEY_ID`](/reference/aws-lambda-config-options.md#aws-lambda-config-secrets-manager-options) config option, respectively, depending on whether you want to use the [APM Secret Token](docs-content://solutions/observability/apps/secret-token.md) or the [APM API key](docs-content://solutions/observability/apps/api-keys.md). +Provide the name of the secret you created in [Step 1](#aws-lambda-secrets-manager-create-secret) as the value for the [`ELASTIC_APM_SECRETS_MANAGER_SECRET_TOKEN_ID` or `ELASTIC_APM_SECRETS_MANAGER_API_KEY_ID`](/reference/aws-lambda-config-options.md#aws-lambda-config-secrets-manager-options) config option, respectively, depending on whether you want to use the [APM Secret Token](docs-content://solutions/observability/apm/secret-token.md) or the [APM API key](docs-content://solutions/observability/apm/api-keys.md). The language-specific instructions describe how to set environment variables for configuring AWS Lambda for Elastic APM: