From 4ce6b6654501461febde7e2e8e82f1ce28c4f301 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Tue, 1 Oct 2024 12:09:38 -0500
Subject: [PATCH] Fix apm agentcfg api key privileges (#4083) (#4331)

Align with feature-roles.asciidoc

(cherry picked from commit b83fce48188e5316aa1f9f23642ccf8725be1ca6)

Co-authored-by: Carson Ip <carsonip@users.noreply.github.com>
---
 .../observability/apm/access-api-keys.asciidoc | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/docs/en/observability/apm/access-api-keys.asciidoc b/docs/en/observability/apm/access-api-keys.asciidoc
index b120857c23..f6fdf10eb3 100644
--- a/docs/en/observability/apm/access-api-keys.asciidoc
+++ b/docs/en/observability/apm/access-api-keys.asciidoc
@@ -29,10 +29,11 @@ In the role descriptors box, assign the appropriate privileges to the new API ke
 ----
 {
     "apm_writer": {
+        "cluster": ["monitor"],
         "index": [
             {
-                "names": ["apm-*"],
-                "privileges": ["create_index", "create_doc"]
+                "names": ["traces-apm*","logs-apm*", "metrics-apm*"],
+                "privileges": ["auto_configure", "create_doc"]
             }
         ]
     },
@@ -48,7 +49,8 @@ In the role descriptors box, assign the appropriate privileges to the new API ke
         "index": [
             {
                 "names": [".apm-agent-configuration"],
-                "privileges": ["read"]
+                "privileges": ["read"],
+                "allow_restricted_indices": true
             }
         ]
     }
@@ -130,10 +132,11 @@ POST /_security/api_key
   "name": "apm_host001", <1>
   "role_descriptors": {
     "apm_writer": { <2>
+      "cluster": ["monitor"],
       "index": [
         {
-          "names": ["apm-*"],
-          "privileges": ["create_index", "create_doc"]
+          "names": ["traces-apm*","logs-apm*", "metrics-apm*"],
+          "privileges": ["auto_configure", "create_doc"]
         }
       ]
     },
@@ -149,7 +152,8 @@ POST /_security/api_key
       "index": [
         {
           "names": [".apm-agent-configuration"],
-          "privileges": ["read"]
+          "privileges": ["read"],
+          "allow_restricted_indices": true
         }
       ]
     }
@@ -169,4 +173,4 @@ See the {es} API key documentation for more information:
 
 * {ref}/security-api-create-api-key.html[Create API key]
 * {ref}/security-api-get-api-key.html[Get API key information]
-* {ref}/security-api-invalidate-api-key.html[Invalidate API key]
\ No newline at end of file
+* {ref}/security-api-invalidate-api-key.html[Invalidate API key]