RADAR-6812: Adding documentation for AWS Secrets Manager Indexing (#1155)

## Description

<!-- ID for Jira ticket e.g [SPE-1234] -->

:ticket: [[Jira ticket]
](https://hashicorp.atlassian.net/browse/RADAR-6812)
<!-- Add a brief description of changes here. Include any other
necessary relevant links -->

<!-- Help your reviewer understand the type of review you need by
selecting the scope and urgency. -->

### Requested review scope:

- [x] Content touched by the PR _only_ (typos, clarifications, tips)
- [ ] Code test (command and code block changes)
- [ ] Flow and language near changes (new/rearranged steps)
- [ ] Review everything (rewrites, major changes)

### Review urgency:

- [x] ASAP (bug fixes, broken content, imminent releases)
- [ ] 3 days (small changes, easy reviews)
- [ ] 1 week (default)
- [ ] Best effort (very non-urgent)

<!-- Fill out only the appropriate checklist for your type of feature
(or both if necessary) and delete the other one! -->

## All updates:

<!-- This section is mandatory for all PRs: -->

I have:

- [ ] Verified that all status checks have passed
- [ ] Verified that preview environment has successfully deployed
- [x] Verified appropriate `label` applied (`hcp` + `product name`)
- [ ] Added all required reviewers (code owners and external)

## Content checklist (optional)

Please do these things before requesting a review. I have:

- [ ] Made any associated code repositories public
- [ ] Added the `hashicorp-education/teamName` to any additional code or
example repos as repo admin
- [ ] Added redirects for any moved or removed pages
- [ ] Spell checked the tutorial(s)
- [ ] Followed the [unified style
guide](https://github.com/hashicorp/web-unified-docs/tree/main/docs/style-guide)
- [ ] Linted code snippets (Details per language
[here](https://github.com/hashicorp/engineering-docs/blob/master/writing/markdown.md#code-blocks))
- [ ] Checked the steps for completeness (no steps are implied or
hidden)
- [ ] Looked at the local or vercel build and checked each new or
changed page for:
  - display on the product curriculum page
  - callout box formatting
  - code block highlighting
  - right-hand navigation
  - next and back buttons
  - URL path


[SPE-1234]:
https://hashicorp.atlassian.net/browse/SPE-1234?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

Author: kishanHashicorp

content/hcp-docs/content/docs/vault-radar/agent/correlate-aws-secrets-manager.mdx

@@ -0,0 +1,120 @@
+---
+page_title: Correlate findings with AWS Secrets Manager
+description: >-
+  Correlate findings from HCP Vault Radar with secrets stored in AWS Secrets Manager.
+---
+
+# Correlate findings with AWS Secrets Manager
+
+When HCP Vault Radar connects to AWS Secrets Manager, Vault Radar can correlate
+findings with secrets stored in AWS Secrets Manager. This allows you to identify
+what secrets you need to rotate.
+
+## Connect AWS Secrets Manager
+
+Before you can correlate findings with AWS Secrets Manager, you need to [deploy
+the Radar agent](/hcp/docs/vault-radar/agent/deploy). Once you deploy the agent,
+you can configure and connect AWS Secrets Manager to the agent.
+
+## Prerequisites
+
+You need one of the following AWS authentication methods:
+
+- IAM role authentication with an EC2 instance or configured IAM role
+- Environment variables authentication with AWS Access Key ID and Secret Access Key
+
+Both authentication methods support an optional assume role ARN for
+cross-account access or elevated permissions. For more information about
+assuming roles, refer to the [AWS STS AssumeRole
+documentation](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html).
+
+### Required permissions
+
+The IAM user, role, or assumed role must have the following permissions:
+
+| Service | Permission | Documentation |
+|---------|------------|---------------|
+| Secrets Manager | `secretsmanager:ListSecrets` | [ListSecrets API](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html) |
+| Secrets Manager | `secretsmanager:DescribeSecret` | [DescribeSecret API](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DescribeSecret.html) |
+| Secrets Manager | `secretsmanager:GetSecretValue` | [GetSecretValue API](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html) |
+| Secrets Manager | `secretsmanager:ListSecretVersionIds` | [ListSecretVersionIds API](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecretVersionIds.html) |
+| EC2 | `ec2:DescribeRegions` | [DescribeRegions API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRegions.html) |
+| STS | `sts:GetCallerIdentity` | [GetCallerIdentity API](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html) |
+
+**Example AWS IAM policy:**
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "secretsmanager:ListSecrets",
+        "secretsmanager:DescribeSecret",
+        "secretsmanager:GetSecretValue",
+        "secretsmanager:ListSecretVersionIds"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ec2:DescribeRegions"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "sts:GetCallerIdentity"
+      ],
+      "Resource": "*"
+    }
+  ]
+}
+```
+
+## Agent configuration with AWS Secrets Manager
+
+Set up and manage AWS Secrets Manager from the Vault Radar module in the [HCP
+Portal](https://portal.cloud.hashicorp.com/). 
+
+1. Click **Settings**.
+
+1. Click **Secret Managers**.
+
+1. Click **Connect new secret manager**.
+
+1. Select **AWS Secrets Manager** and click **Next**.
+
+1. Select an AWS authentication method from the **Authentication method** pulldown menu.
+
+1. Enter the details for the selected method and click **Next** to validate the connection.
+
+   <Tabs>
+   <Tab heading="IAM Role">
+   
+   - Select **IAM Role** if you want to use instance profile or role-based authentication.
+   
+   ![IAM Role](/img/docs/vault-radar/indexing/aws-secrets-manager/iam-role.png)
+   
+   - (Optional) Enter an assume role ARN in the **Assume Role ARN** text field if you need to assume a different role for access.
+   
+   </Tab>
+   <Tab heading="Environment Variables">
+   
+   - Select **AWS Credentials from environment variables** if you want to use access keys.
+   
+   ![Environment Variables](/img/docs/vault-radar/indexing/aws-secrets-manager/environment-variables.png)
+   
+   - Enter your AWS Access Key ID location in the **AWS Access Key ID Env variable** text field (default: `env://AWS_ACCESS_ID_LOCATION`).
+   
+   - Enter your AWS Secret Access Key location in the **AWS Secret Access Key Env variable** text field (default: `env://AWS_SECRET_KEY_LOCATION`).
+   
+   - (Optional) Enter an assume role ARN in the **Assume Role ARN** text field if you need to assume a different role for access.
+   
+   </Tab>
+   </Tabs>
+
+Vault Radar fetches all active regions for the account and automatically starts index scan for each region.

content/hcp-docs/content/docs/vault-radar/agent/correlate-vault.mdx

@@ -13,15 +13,26 @@ Vault Dedicated or Vault Enterprise clusters.
 
 </Highlight>
 
-When the HCP Vault Radar agent connects to a HCP Vault Dedicated or Vault Enterprise cluster, 
+When the Vault Radar agent connects to a Vault Dedicated or Vault Enterprise cluster, 
 Vault Radar can correlate findings with secrets stored in Vault. This allows you to identify 
 what secrets you need to rotate.
 
 ## Connect a Vault cluster
 
 Before you can correlate findings with Vault, you need to [deploy the Radar
 agent](/hcp/docs/vault-radar/agent/deploy). Once you deploy the agent, you can
-configured and connect Vault to the agent.
+configure and connect Vault to the agent.
+
+## Prerequisites
+
+You need one of the following Vault authentication methods:
+
+- Kubernetes
+- AppRole
+- Token
+
+The authentication methods require a policy that allows the Vault Radar agent to
+read all KV secrets from Vault.
 
 ### Create a Vault policy
 

content/hcp-docs/data/docs-nav-data.json

@@ -931,6 +931,10 @@
           {
             "title": "Integrate Vault Enterprise",
             "path": "vault-radar/agent/correlate-vault"
+          },
+          {
+            "title": "Integrate AWS Secrets Manager",
+            "path": "vault-radar/agent/correlate-aws-secrets-manager"
           }
         ]
       },