backport of commit 2c36a09958

website/content/docs/concepts/host-discovery/aws.mdx

@@ -105,10 +105,10 @@ The required fields for creating a dynamic host catalog depend on whether you co
     -plugin-name aws \
     -attr disable_credential_rotation=true \
     -attr region=us-east-1 \
-    -role_arn \
-    -role_external_id \
-    -role_session_name \
-    -role_tags
+    -attr role_arn=AWS_ROLE_ARN_VALUE \
+    -attr role_external_id=AWS_ROLE_EXTERNAL_ID_VALUE \
+    -attr role_session_name=AWS_ROLE_SESSION_NAME_VALUE \
+    -attr role_tags=AWS_ROLE_TAGS_VALUE
     ```
 
   The `scope-id` and `plugin-name` fields are required when you create a dynamic host catalog.
@@ -148,16 +148,17 @@ Apply the following Terraform policy:
     scope_id    = boundary_scope.project.id
     plugin_name = "aws"
 
+    # recommended to pass in aws secrets using a file() or using environment variables
     attributes_json = jsonencode({
       "region" = "eu-west-2",
       "disable_credential_rotation" = true })
     secrets_json = jsonencode({
-      "access_key_id" = var.aws_access,
-      "secret_access_key" = var.aws_secret})
+      "access_key_id" = "AWS_ACCESS_KEY_ID_VALUE",
+      "secret_access_key" = "AWS_SECRET_ACCESS_KEY_VALUE"})
   }
   ```
 
-The `scope-id` and `plugin-name` fields are required when you create a dynamic host catalog.
+The `scope_id` and `plugin_name` fields are required when you create a dynamic host catalog.
 
 Replace the values in the configuration with the following required AWS secrets and any attributes you want to associate with the host catalog:
 
@@ -184,14 +185,14 @@ Apply the following Terraform policy:
       "region" = "eu-west-2",
       "disable_credential_rotation" = true })
     secrets_json = jsonencode({
-      "role_arn" = var.aws_access,
-      "role_external_id" = var.aws_secret,
-      "role_session_name" = var.aws_secret,
-      "role_tags" = var.aws_secret})
+      "role_arn" = "AWS_ROLE_ARN_VALUE",
+      "role_external_id" = "AWS_ROLE_EXTERNAL_ID_VALUE",
+      "role_session_name" = "AWS_ROLE_SESSION_NAME_VALUE",
+      "role_tags" = "AWS_ROLE_TAGS_VALUE"})
   }
   ```
 
-The `scope-id` and `plugin-name` fields are required when you create a dynamic host catalog.
+The `scope_id` and `plugin_name` fields are required when you create a dynamic host catalog.
 
 Replace the values in the configuration with the following required AWS secrets and any attributes you want to associate with the host catalog:
 
@@ -267,13 +268,13 @@ Apply the following Terraform policy:
 resource "boundary_host_set_plugin" "aws_host_set" {
   name        = "AWS Host Set"
   description = "AWS Host Set"
-  host_catalog_id  = boundary_scope.aws_host_catalog.id
+  host_catalog_id  = boundary_host_catalog_plugin.aws_host_catalog.id
   attributes_json = jsonencode({
   "filters" = ["tag-key=foo,bar", "tag-key=baz"] })
 }
 ```
 
-The `host-catalog-id` value is a required field that specifies in which host catalog to create this host set.
+The `host_catalog_id` value is a required field that specifies in which host catalog to create this host set.
 
 The `filters` field contains string filters in the format key=val1,val2.
 The key corresponds to a filter option, and the value(s) are a comma-separated list.

website/content/docs/concepts/host-discovery/azure.mdx

@@ -80,6 +80,7 @@ resource "boundary_host_catalog_plugin" "azure_host_catalog" {
   scope_id    = boundary_scope.project.id
   plugin_name = "azure"
 
+  # recommended to pass in aws secrets using a file() or using environment variables
   attributes_json = jsonencode({
     "tenant_id"       = "ARM_TENANT_ID",
     "subscription_id" = "ARM_SUBSCRIPTION_ID"
@@ -90,10 +91,10 @@ resource "boundary_host_catalog_plugin" "azure_host_catalog" {
 }
 ```
 
-The `scope-id` and `plugin-name` fields are required when you create a
+The `scope_id` and `plugin_name` fields are required when you create a
 dynamic host catalog.
 
-The fields following the `attr` and `secret` flags are specific to Azure and are required by
+The fields following the `attributes_json` and `secrets_json` flags are specific to Azure and are required by
   Boundary for authentication.
 
 - `disable_credential_rotation`: When set to `true`, Boundary does not rotate the credentials automatically.
@@ -173,10 +174,10 @@ Apply the following Terraform policy:
 }
 ```
 
-The `host-catalog-id` value is a required field that specifies in which host catalog to
+The `host_catalog_id` value is a required field that specifies in which host catalog to
   create this host set.
 
-The fields following the `attr` flag are specific to Azure.
+The fields following the `attributes_json` flag are specific to Azure.
 
 The `filter` field represents the ARM filter used to select resources that should be a part of
   this host set.  There are some limitations with the filtering syntax.

website/content/docs/concepts/host-discovery/gcp.mdx

@@ -279,14 +279,15 @@ Apply the following Terraform policy:
     scope_id    = boundary_scope.project.id
     plugin_name = "gcp"
 
+    # recommended to pass in aws secrets using a file() or using environment variables
     attributes_json = jsonencode({
       "zone" = "us-central1-a ",
-      "project_id" = var.gcp_project_id,
-      "client_email" = var.gcp_client_email,
+      "project_id" = "GCP_PROJECT_ID_VALUE",
+      "client_email" = "GCP_CLIENT_EMAIL_VALUE",
       "disable_credential_rotation" = true })
     secrets_json = jsonencode({
-      "private_key_id" = var.private_key_id,
-      "private_key" = var.private_key})
+      "private_key_id" = "GCP_PRIVATE_KEY_ID_VALUE",
+      "private_key" = "GCP_PRIVATE_KEY_VALUE"})
   }
   ```
 
@@ -325,15 +326,16 @@ Apply the following Terraform policy:
     scope_id    = boundary_scope.project.id
     plugin_name = "gcp"
 
+    # recommended to pass in aws secrets using a file() or using environment variables
     attributes_json = jsonencode({
       "zone" = "us-central1-a ",
-      "project_id" = var.gcp_project_id,
-      "client_email" = var.gcp_base_service_account_email,
-      "target_service_account_id" = var.gcp_target_service_account_email,
+      "project_id" = "GCP_PROJECT_ID_VALUE",
+      "client_email" = "GCP_BASE_SERVICE_ACCOUNT_EMAIL_VALUE",
+      "target_service_account_id" = "GCP_TARGET_SERVICE_ACCOUNT_EMAIL_VALUE",
       "disable_credential_rotation" = true })
     secrets_json = jsonencode({
-      "private_key_id" = var.base_service_account_private_key_id,
-      "private_key" = var.base_service_account_private_key})
+      "private_key_id" = "BASE_SERVICE_ACCOUNT_PRIVATE_KEY_ID_VALUE",
+      "private_key" = "BASE_SERVICE_ACCOUNT_PRIVATE_KEY_VALUE"})
   }
   ```
 
@@ -374,9 +376,10 @@ Apply the following Terraform policy:
     scope_id    = boundary_scope.project.id
     plugin_name = "gcp"
 
+    # recommended to pass in aws secrets using a file() or using environment variables
     attributes_json = jsonencode({
       "zone" = "us-central1-a ",
-      "project_id" = var.gcp_project_id,
+      "project_id" = "GCP_PROJECT_ID_VALUE",
       "disable_credential_rotation" = true })
   }
   ```
@@ -462,7 +465,7 @@ Apply the following Terraform policy:
 resource "boundary_host_set_plugin" "gcp_host_set" {
   name        = "GCP Host Set"
   description = "GCP Host Set"
-  host_catalog_id  = boundary_scope.gcp_host_catalog.id
+  host_catalog_id  = boundary_host_catalog_plugin.gcp_host_catalog.id
   attributes_json = jsonencode({
   "filters" = ["labels.env:prod", "labels.app:web"] })
 }