RADAR-6812: adding changes to onboard aws secrets manager docs

Author: kishanHashicorp

content/hcp-docs/content/docs/vault-radar/agent/correlate-aws-secrets-manager.mdx

@@ -0,0 +1,70 @@
+---
+page_title: Correlate findings with AWS Secrets Manager
+description: >-
+  Correlate findings from HCP Vault Radar with secrets stored in AWS Secrets Manager.
+---
+
+# Correlate findings with AWS Secrets Manager
+
+When HCP Vault Radar connects to AWS Secrets Manager, Vault Radar can correlate findings with secrets stored in AWS Secrets Manager. This allows you to identify what secrets you need to rotate.
+
+## Connect AWS Secrets Manager
+
+Before you can correlate findings with AWS Secrets Manager, you need to [deploy the Radar agent](/hcp/docs/vault-radar/agent/deploy). Once you deploy the agent, you can configure and connect AWS Secrets Manager to the agent.
+
+### Prerequisites
+
+You need one of the following authentication methods:
+
+- IAM Role authentication with an EC2 instance or configured IAM role
+- Environment variables authentication with AWS Access Key ID and Secret Access Key
+
+Both authentication methods support an optional assume role ARN for cross-account access or elevated permissions. For more information about assuming roles, refer to the [AWS STS AssumeRole documentation](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html).
+
+### Required permissions
+
+The IAM user, role, or assumed role must have the following permissions:
+
+| Service | Permission | Documentation |
+|---------|------------|---------------|
+| Secrets Manager | `secretsmanager:ListSecrets` | [ListSecrets API](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html) |
+| Secrets Manager | `secretsmanager:DescribeSecret` | [DescribeSecret API](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DescribeSecret.html) |
+| Secrets Manager | `secretsmanager:GetSecretValue` | [GetSecretValue API](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html) |
+| Secrets Manager | `secretsmanager:ListSecretVersionIds` | [ListSecretVersionIds API](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecretVersionIds.html) |
+| EC2 | `ec2:DescribeRegions` | [DescribeRegions API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRegions.html) |
+| STS | `sts:GetCallerIdentity` | [GetCallerIdentity API](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html) |
+
+### Agent configuration with AWS Secrets Manager
+
+Set up and manage AWS Secrets Manager from the Vault Radar module in the [HCP Portal](https://portal.cloud.hashicorp.com/). Select **Settings**, then **Secret Managers**, and then click **Connect new secret manager**.
+
+1. Select **AWS Secrets Manager** and click **Next**.
+
+1. Select auth method and fill in details on the form, and select **Next** to validate the connection.
+
+<Tabs>
+<Tab heading="IAM Role">
+
+Select **IAM Role** if you want to use instance profile or role-based authentication.
+
+@include 'vault-radar/indexing/aws-secrets-manager/iam-role.png'
+
+1. (Optional) Enter an assume role ARN in the **Assume Role ARN** text field if you need to assume a different role for access.
+
+</Tab>
+<Tab heading="Environment Variables">
+
+Select **Environment Variables** if you want to use access keys.
+
+@include 'vault-radar/indexing/aws-secrets-manager/environment-variables.png'
+
+1. Enter your AWS Access Key ID location in the **Access Key ID** text field (default: `env://AWS_ACCESS_ID_LOCATION`).
+
+1. Enter your AWS Secret Access Key location in the **Secret Access Key** text field (default: `env://AWS_SECRET_KEY_LOCATION`).
+
+1. (Optional) Enter an assume role ARN in the **Assume Role ARN** text field if you need to assume a different role for access.
+
+</Tab>
+</Tabs>
+
+1. Vault Radar fetches all active regions for the account and automatically starts index scanning for each region.