Update and document AWS S3 Connector CloudFormation templates #13185
Description
Is your feature request related to a problem? Please describe.
The documentation for integrating AWS logs into Sentinel only mentions usage of the PowerShell scripts and a manual setup procedure. There are some CloudFormation templates in the repository in https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/AWS-S3/CloudFormation , but they are incomplete and not documented.
In particular, the template https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-S3/CloudFormation/cloudformationtemplateforAWSS3.txt doesn't use the OIDC provider deployed by https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-S3/CloudFormation/OIDCWebIdProvider.json .
Describe the solution you'd like
Please provide updated CloudFormation and/or Terraform templates for the AWS S3 Data Connector, document their usage properly and maintain them as first-class citizens in the repository.
It's really not commonplace that AWS infrastructure is deployed ad-hoc with PowerShell scripts. Terraform and CloudFormation are the dominant tools on this platform, and AWS infrastructure engineers typically do not use PowerShell for scripting. Furthermore, ad-hoc deployments are a very bad practice, especially when other infrastructure is already managed with proper IaC tooling.
Describe alternatives you've considered
The CloudFormation template can be adapted without too much effort, but the documentation for manual integration is incomplete and doesn't properly describe which permissions are actually required. This leads to a lot of trial-and-error - or figuring out what the overly complicated PowerShell scripts actually do.
Additional context
In #4398 , some CloudFormation templates were requested and delivered, but they were not kept up to date, and they're not even mentioned in the documentation or the README.