[AWS] Add support to configure owning account for AWS metrics integrations (#11442)

* introduce owning account for AWS metrics integrations Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> # Conflicts: #	packages/aws/changelog.yml * update build docs Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> * update compatible beats version Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> * add missing property to agent Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> * accept owning account as a string at agent Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> * fix merge conflict and update changelog and version Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> * make ownining account conditional Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> * add ownining account support to aws bedrock Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> # Conflicts: #	packages/aws_bedrock/changelog.yml * Update packages/aws/_dev/build/docs/README.md Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co> * Update packages/aws/_dev/build/docs/README.md Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co> * set 0.12.0 version for aws bedrock Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> * add newline Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> * update build docs Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> * review suggestion - links to aws resources Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> --------- Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co> Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>

Author: Kavindu-Dodan

packages/aws/_dev/build/docs/README.md

@@ -58,9 +58,11 @@ The extra-charges generated by GetMetricData API calls are proportional to the f
 The `include_linked_accounts` parameter is used to enable the inclusion of metrics from different accounts linked to a 
 main monitoring account. By setting this parameter to true, users can gather metrics from multiple AWS accounts that are
 linked through the [CloudWatch cross-account observability](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html).
-By default, the `include_linked_accounts` parameter is set to false, meaning that only metrics from the main monitoring
-account are collected. When set to true, the parameter allows the CloudWatch ListMetrics API to include metrics from
-the monitoring account and all linked source accounts in the returned data, providing a comprehensive cross-account view.
+Internally, the agent uses [ListMetrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) API to include metrics from the monitoring account and all linked source accounts in the returned data, providing a comprehensive cross-account view.
+
+You can further utilize `owning_account` parameter to refine the cross account observability. This parameter accepts a valid AWS account ID which should be linked to the monitoring account.
+If configured, metrics will be extracted from this specified linked/owning account.
+This parameter [utilize OwningAccount](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html#API_ListMetrics_RequestParameters) parameter of the ListMetrics API request.
 
 *_Note_:* Users should ensure that the necessary IAM roles and policies are properly set up in order to link the monitoring
 account and source accounts together. 

packages/aws/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.30.0"
+ changes:
+ - description: Support configuring the Owning Account
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/11442
 - version: "2.29.0"
  changes:
  - description: Add mapping for the service.runtimeDetails fields in GuardDuty events.

packages/aws/data_stream/apigateway_metrics/agent/stream/stream.yml.hbs

@@ -5,6 +5,9 @@ data_granularity: {{data_granularity}}
 {{/if}}
 {{#if include_linked_accounts}}
 include_linked_accounts: {{include_linked_accounts}}
+{{#if owning_account}}
+owning_account: "{{owning_account}}"
+{{/if}}
 {{/if}}
 {{#if access_key_id}}
 access_key_id: {{access_key_id}}

packages/aws/data_stream/apigateway_metrics/manifest.yml

@@ -39,6 +39,13 @@ streams:
  show_user: false
  default: true
  description: When include_linked_accounts is set to true, CloudWatch metrics will be collected from both linked accounts and the monitoring account. Default is true.
+ - name: owning_account
+ type: integer
+ title: Owning Account
+ multi: false
+ required: false
+ show_user: false
+ description: Accepts an AWS account ID linked to the monitoring account. Works only if include_linked_accounts is set to true. If set, monitoring data will only include data from the given account.
  - name: tags_filter
  type: yaml
  title: Tags Filter

packages/aws/data_stream/awshealth/agent/stream/stream.yml.hbs

@@ -37,3 +37,9 @@ proxy_url: {{proxy_url}}
 processors:
 {{processors}}
 {{/if}}
+{{#if include_linked_accounts}}
+include_linked_accounts: {{include_linked_accounts}}
+{{#if owning_account}}
+owning_account: "{{owning_account}}"
+{{/if}}
+{{/if}}

packages/aws/data_stream/awshealth/manifest.yml

@@ -39,6 +39,13 @@ streams:
  show_user: false
  default: true
  description: When include_linked_accounts is set to true, CloudWatch metrics will be collected from both linked accounts and the monitoring account. Default is true.
+ - name: owning_account
+ type: integer
+ title: Owning Account
+ multi: false
+ required: false
+ show_user: false
+ description: Accepts an AWS account ID linked to the monitoring account. Works only if include_linked_accounts is set to true. If set, monitoring data will only include data from the given account.
  - name: processors
  type: yaml
  title: Processors

packages/aws/data_stream/billing/agent/stream/stream.yml.hbs

@@ -5,6 +5,9 @@ data_granularity: {{data_granularity}}
 {{/if}}
 {{#if include_linked_accounts}}
 include_linked_accounts: {{include_linked_accounts}}
+{{#if owning_account}}
+owning_account: "{{owning_account}}"
+{{/if}}
 {{/if}}
 {{#if access_key_id}}
 access_key_id: {{access_key_id}}

packages/aws/data_stream/billing/manifest.yml

@@ -49,6 +49,13 @@ streams:
  show_user: false
  default: true
  description: When include_linked_accounts is set to true, CloudWatch metrics will be collected from both linked accounts and the monitoring account. Default is true.
+ - name: owning_account
+ type: integer
+ title: Owning Account
+ multi: false
+ required: false
+ show_user: false
+ description: Accepts an AWS account ID linked to the monitoring account. Works only if include_linked_accounts is set to true. If set, monitoring data will only include data from the given account.
  - name: leaderelection
  type: bool
  title: Leader Election

packages/aws/data_stream/cloudwatch_metrics/agent/stream/stream.yml.hbs

@@ -5,6 +5,9 @@ data_granularity: {{data_granularity}}
 {{/if}}
 {{#if include_linked_accounts}}
 include_linked_accounts: {{include_linked_accounts}}
+{{#if owning_account}}
+owning_account: "{{owning_account}}"
+{{/if}}
 {{/if}}
 {{#if access_key_id}}
 access_key_id: {{access_key_id}}

packages/aws/data_stream/cloudwatch_metrics/manifest.yml

@@ -27,6 +27,13 @@ streams:
  show_user: false
  default: true
  description: When include_linked_accounts is set to true, CloudWatch metrics will be collected from both linked accounts and the monitoring account. Default is true.
+ - name: owning_account
+ type: integer
+ title: Owning Account
+ multi: false
+ required: false
+ show_user: false
+ description: Accepts an AWS account ID linked to the monitoring account. Works only if include_linked_accounts is set to true. If set, monitoring data will only include data from the given account.
  - name: regions
  type: text
  title: Regions