Conversation
Preview links (active after the
|
iadjivon
left a comment
iadjivon
left a comment
There was a problem hiding this comment.
Hi May, added a suggestion and approved :)
Co-authored-by: Ida Adjivon <65119712+iadjivon@users.noreply.github.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5c7fe40fcd
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| To send logs to Amazon S3, the Observability Pipelines Worker requires the following policy permissions: | ||
|
|
||
| - `s3:ListBucket` | ||
| - `s3:PutObject` | ||
| - `s3:GetObject` |
There was a problem hiding this comment.
s3:GetObject from S3 sink permissions
When users are configuring only the Observability Pipelines Amazon S3 destination (that is, the common write-only case without the optional archive/rehydration flow), this new bullet tells them to grant the worker read access to every object in the bucket even though the underlying sink does not need it. Vector's official aws_s3 sink permissions table (https://vector.dev/docs/reference/configuration/sinks/aws_s3/) lists only s3:ListBucket for healthcheck and s3:PutObject for normal operation, so documenting s3:GetObject here expands privileges unnecessarily for buckets that may contain sensitive logs.
Useful? React with 👍 / 👎.
2 participants
What does this PR do? What is the motivation?
Merge instructions
Merge readiness:
For Datadog employees:
Your branch name MUST follow the
<name>/<description>convention and include the forward slash (/). Without this format, your pull request will not pass CI, the GitLab pipeline will not run, and you won't get a branch preview. Getting a branch preview makes it easier for us to check any issues with your PR, such as broken links.If your branch doesn't follow this format, rename it or create a new branch and PR.
[6/5/2025] Merge queue has been disabled on the documentation repo. If you have write access to the repo, the PR has been reviewed by a Documentation team member, and all of the required checks have passed, you can use the Squash and Merge button to merge the PR. If you don't have write access, or you need help, reach out in the #documentation channel in Slack.
AI assistance
Additional notes