Merge pull request ClickHouse#2621 from ClickHouse/Update_secures3_doc

Fixing Secure S3 documentation and IP filtering

docs/en/cloud/security/accessing-s3-data-securely.md

@@ -42,20 +42,25 @@ This approach allows customers to manage all access to their S3 buckets in a sin
 
 4 - Configure the cloudformation stack. Below is additional information about these parameters.
 
-| Parameter                 | Default Value | Description                                                                                        |
-| :---                      |    :----:     | :----                                                                                              |
-| Role Unique ID            |     001       | Unique ID that is appended to the ClickHouseAccessRole name.                                       |
-| Role Session Name         |      *        | Role Session Name can be used as a shared secret to further protect your bucket.                   |
-| ClickHouse Instance Roles |               | Comma separated list of ClickHouse service IAM roles that can use this Secure S3 integration.      |
-| Bucket Access             |    Read       | Sets the level of access for the provided buckets.                                                 |
-| Bucket Names              |               | Comma separated list of **bucket names** that this role will have access to.                       |
+| Parameter                 | Default Value        | Description                                                                                        |
+| :---                      |    :----:            | :----                                                                                              |
+| RoleName                  | ClickHouseAccess-001 | The name of the new role that ClickHouse Cloud will use to access your S3 bucket                   |
+| Role Session Name         |      *               | Role Session Name can be used as a shared secret to further protect your bucket.                   |
+| ClickHouse Instance Roles |                      | Comma separated list of ClickHouse service IAM roles that can use this Secure S3 integration.      |
+| Bucket Access             |    Read              | Sets the level of access for the provided buckets.                                                 |
+| Bucket Names              |                      | Comma separated list of **bucket names** that this role will have access to.                       |
 
 *Note*: Do not put the full bucket Arn but instead just the bucket name only.
 
+
 5 - Select the **I acknowledge that AWS CloudFormation might create IAM resources with custom names.** checkbox
+
 6 - Click **Create stack** button at bottom right
+
 7 - Make sure the CloudFormation stack completes with no error.
+
 8 - Select the **Outputs** of the cloudformation stack
+
 9 - Copy the **RoleArn** value for this integration. This is what needed to access your S3 bucket.
 
 ![s3info](@site/docs/en/cloud/security/images/secures3_output.jpg)
@@ -66,7 +71,7 @@ This approach allows customers to manage all access to their S3 buckets in a sin
 
 2 - Browse to IAM Service Console
 
-3 - Create a new IAM role with the following IAM & Trust policy. Note that the name of the IAM role **must start with** `ClickHouseAccessRole-` for this to work.
+3 - Create a new IAM role with the following IAM & Trust policy.
 
 Trust policy  (Please replace {ClickHouse_IAM_ARN} with the IAM Role arn belong to your ClickHouse instance):
 

docs/en/cloud/security/setting-ip-filters.md

@@ -19,7 +19,10 @@ Classless Inter-domain Routing (CIDR) notation, allows you to specify IP Address
 
 ## Create or modify an IP Access List
 
-From your ClickHouse Cloud services list select the service and then select **Settings**.  This will show the existing IP Access List, which may be set to:
+From your ClickHouse Cloud services list select the service and then select **Settings**.  Under the **Security** section, you will find the IP access list. Click on the hyperlink where the text says: *You can connect to this service from* **(anywhere | x specific locations)**
+
+A sidebar will appear with options for you to configure:
+
 - Allow incoming traffic from anywhere to the service
 - Allow access from specific locations to the service
 - Deny all access to the service
@@ -30,24 +33,26 @@ This screenshot shows an access list which allows traffic from a range of IP Add
 
 ### Possible actions
 
-1. To add an additional entry you can use **+ Add entry**
+1. To add an additional entry you can use **+ Add new IP**
 
   This example adds a single IP address, with a description of `London server`:
 
-  ![Add a single IP to access list](@site/docs/en/_snippets/images/ip-filter-add-single-ip.png)
+  ![Add a single IP to access list](@site/docs/en/cloud/security/images/ip-filter-add-single-ip.png)
 
 1. Delete an existing entry
 
-  Clicking the trash can deletes an entry
+  Clicking the cross (x) can deletes an entry
 
 1. Edit an existing entry
 
-  Clicking the pencil icon allows editing an entry
+  Directly modifying the entry
 
 1. Switch to allow access from **Anywhere**
 
   This is not recommended, but it is allowed.  We recommend that you expose an application built on top of ClickHouse to the public and restrict access to the back-end ClickHouse Cloud service.
 
+To apply the changes you made, you must click **Save**.
+
 ## Verification
 
 Once you create your filter confirm connectivity from within the range, and confirm that connections from outside the permitted range are denied.  A simple `curl` command can be used to verify:
@@ -69,31 +74,6 @@ curl https://<HOSTNAME>.clickhouse.cloud:8443
 Ok.
 ```
 
-## Importing and exporting filters
-From the **Security** tab you can also share (import or export) your filters.
-
-![No traffic permitted](@site/docs/en/_snippets/images/ip-filter-share.png)
-
-:::note
-If you import filters they will be appended to the existing filter list.
-:::
-
-Here is an example of an exported filter list:
-```json
-{
-    "addresses": [
-        {
-            "address": "45.47.199.79",
-            "description": "Home IP"
-        }
-    ]
-}
-```
-
-:::important
-If you do not configure an IP Access List, then there will be no access to your ClickHouse Cloud service.
-:::
-
 ## Limitations
 
 - Currently, IP Access Lists support only IPv4