Edited the installation while implementing it

Author: sivanel97

docs/build-your-software-catalog/sync-data-to-catalog/cloud-providers/aws-v3/Overview.md

@@ -67,123 +67,76 @@ This is the default mapping configuration you get after installing AWS Hosted by
 <summary><b>Default mapping configuration (click to expand)</b></summary>
 
 ```yaml showLineNumbers
+deleteDependentEntities: true
+createMissingRelatedEntities: true
+enableMergeEntity: true
 resources:
-- kind: AWS::Organizations::Account
-  selector:
-    query: 'true'
-  port:
-    entity:
-      mappings:
-        identifier: .Id
-        title: .Name
-        blueprint: '"awsAccount"'
-        properties:
-          arn: .Arn
-          email: .Email
-          status: .Status
-          joined_method: .JoinedMethod
-          joined_timestamp: .JoinedTimestamp | sub(" "; "T")
-- kind: AWS::S3::Bucket
-  selector:
-    query: 'true'
-    useGetResourceAPI: 'true'
-  port:
-    entity:
-      mappings:
-        identifier: .Identifier
-        title: .Identifier
-        blueprint: '"cloudResource"'
-        properties:
-          kind: .__Kind
-          region: .Properties.RegionalDomainName | capture(".*\\.(?<region>[^\\.]+)\\.amazonaws\\.com")
-            | .region
-          tags: .Properties.Tags
-          arn: .Properties.Arn
-          link: .Properties | select(.Arn != null) | "https://console.aws.amazon.com/go/view?arn="
-            + .Arn
-        relations:
-          account: .__AccountId
-- kind: AWS::EC2::Instance
-  selector:
-    query: 'true'
-  port:
-    entity:
-      mappings:
-        identifier: .Identifier
-        title: .Identifier
-        blueprint: '"cloudResource"'
-        properties:
-          kind: .__Kind
-          region: .__Region
-          tags: .Properties.Tags
-          arn: .Properties.Arn
-          link: .Properties | select(.Arn != null) | "https://console.aws.amazon.com/go/view?arn="
-            + .Arn
-        relations:
-          account: .__AccountId
-- kind: AWS::ECS::Cluster
-  selector:
-    query: 'true'
-    useGetResourceAPI: 'true'
-  port:
-    entity:
-      mappings:
-        identifier: .Properties.Arn
-        title: .Identifier
-        blueprint: '"cloudResource"'
-        properties:
-          kind: .__Kind
-          region: .__Region
-          tags: .Properties.Tags
-          arn: .Properties.Arn
-          link: .Properties | select(.Arn != null) | "https://console.aws.amazon.com/go/view?arn="
-            + .Arn
-        relations:
-          account: .__AccountId
-- kind: AWS::Lambda::Function
-  selector:
-    query: 'true'
-    useGetResourceAPI: 'true'
-  port:
-    entity:
-      mappings:
-        identifier: .Properties.FunctionName
-        title: .Properties.FunctionName
-        blueprint: '"cloudResource"'
-        properties:
-          kind: .__Kind
-          region: .__Region
-          runtime: .Properties.Runtime
-          memory_size: .Properties.MemorySize
-          timeout: .Properties.Timeout
-          tags: .Properties.Tags
-          arn: .Properties.Arn
-          link: .Properties | select(.Arn != null) | "https://console.aws.amazon.com/go/view?arn="
-            + .Arn
-        relations:
-          account: .__AccountId
-- kind: AWS::RDS::DBInstance
-  selector:
-    query: 'true'
-    useGetResourceAPI: 'true'
-  port:
-    entity:
-      mappings:
-        identifier: .Properties.DBInstanceIdentifier
-        title: .Properties.DBInstanceIdentifier
-        blueprint: '"cloudResource"'
-        properties:
-          kind: .__Kind
-          region: .__Region
-          engine: .Properties.Engine
-          engine_version: .Properties.EngineVersion
-          instance_class: .Properties.DBInstanceClass
-          tags: .Properties.Tags
-          arn: .Properties.Arn
-          link: .Properties | select(.Arn != null) | "https://console.aws.amazon.com/go/view?arn="
-            + .Arn
-        relations:
-          account: .__AccountId
+  - kind: AWS::Account::Info
+    selector:
+      query: 'true'
+    port:
+      entity:
+        mappings:
+          identifier: .Properties.Id
+          title: .Properties.Name
+          blueprint: '"awsAccount"'
+  - kind: AWS::S3::Bucket
+    selector:
+      query: 'true'
+    port:
+      entity:
+        mappings:
+          identifier: .Properties.Arn
+          title: .Properties.BucketName
+          blueprint: '"s3Bucket"'
+          properties:
+            arn: .Properties.Arn
+            region: .Properties.LocationConstraint
+            creationDate: .Properties.CreationDate
+            tags: .Properties.Tags
+          relations:
+            account: .__ExtraContext.AccountId
+  - kind: AWS::EC2::Instance
+    selector:
+      query: 'true'
+    port:
+      entity:
+        mappings:
+          identifier: .Properties.InstanceId
+          title: .Properties.InstanceId
+          blueprint: '"ec2Instance"'
+          properties:
+            instanceType: .Properties.InstanceType
+            state: .Properties.State.Name
+            publicIpAddress: .Properties.PublicIpAddress
+            privateIpAddress: .Properties.PrivateIpAddress
+            tags: .Properties.Tags
+            arn: >-
+              "arn:aws:ec2:" + .__Region + ":" + .__AccountId + ":instance/" +
+              .Properties.InstanceId
+          relations:
+            account: .__ExtraContext.AccountId
+  - kind: AWS::ECS::Cluster
+    selector:
+      query: 'true'
+    port:
+      entity:
+        mappings:
+          identifier: .Properties.ClusterArn
+          title: .Properties.ClusterName
+          blueprint: '"ecsCluster"'
+          properties:
+            status: .Properties.Status
+            runningTasksCount: .Properties.RunningTasksCount
+            activeServicesCount: .Properties.ActiveServicesCount
+            pendingTasksCount: .Properties.PendingTasksCount
+            registeredContainerInstancesCount: .Properties.RegisteredContainerInstancesCount
+            capacityProviders: .Properties.CapacityProviders
+            clusterArn: .Properties.ClusterArn
+            tags: .Properties.Tags
+          relations:
+            account: .__ExtraContext.AccountId
+
 ```
 
 </details>

docs/build-your-software-catalog/sync-data-to-catalog/cloud-providers/aws-v3/iam-role-architecture.md

@@ -15,6 +15,8 @@ The integration is designed to work with the full `ReadOnlyAccess` policy, which
 - **Reliable operation** without permission-related issues.
 :::
 
+If you prefer to create the IAM role manually rather than using the CloudFormation template, the following sections describe the setup we implement. This will help you understand the reasoning behind our design choices and adapt them if you decide to configure the role differently.
+
 ## Role structure
 
 For multi-account setups, the role structure is replicated across all target accounts.
@@ -74,7 +76,7 @@ The IAM role uses an **OIDC (OpenID Connect) trust policy** with **IRSA (IAM Rol
 
 The role uses the **AWS managed `ReadOnlyAccess` policy**, which provides comprehensive read-only access to all AWS services:
 
-```yaml
+```yaml showLineNumbers
 ManagedPolicyArns:
   - arn:aws:iam::aws:policy/ReadOnlyAccess
 ```
@@ -86,17 +88,6 @@ ManagedPolicyArns:
 - **AWS Maintained**: AWS manages and updates the policy as needed.
 - **Read-Only Security**: Only read permissions, no write/delete/create access.
 
-## Permission categories
-
-Since the role uses the AWS managed `ReadOnlyAccess` policy, it has comprehensive read-only access to **all AWS services**.  
-Here are the key categories relevant to AWS Hosted by Port:
-
-- **Comprehensive Discovery**: Access to all AWS resource types.
-- **Future-Proof**: New services are automatically supported without redeployment.
-- **Operational Efficiency**: No CloudFormation updates needed when adding new services.
-- **Consistent Access**: Same permission model across all services.
-- **No Maintenance**: AWS manages policy updates.
-
 ## Security considerations
 
-From a security view point the integration uses a **read-only** role. It can list/describe and read metadata/tags, but cannot create, modify, delete, or change policies. No cross-account access is available unless it is explicitly configured.
+From a security view point the integration uses a **read-only** role. It can list/describe and read metadata/tags, but cannot create, modify, delete, or change any resource.