AWS attack disruption integration - aws links - Ofer, Christos

Author: mberdugo

articles/sentinel/aws-disruption.md

@@ -27,13 +27,11 @@ Before you begin, ensure the following:
 
 ### 1.1 Create a dedicated IAM role for Microsoft Sentinel
 
-1. In the AWS console, go to **IAM \> Roles**.
+1. [Create a new IAM role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html) in the AWS Management Console.
 
-1. Select **Create role**.
+- Select **AWS service** as the trusted entity and choose **EC2** (you'll update the trust relationship later).
 
-1. Select **AWS service** as the trusted entity and choose **EC2** (you'll update the trust relationship later).
-
-1. Attach the following policy to the role (replace \<YOUR_ACCOUNT_ID\> as needed):
+- Attach the following policy to the role (replace \<YOUR_ACCOUNT_ID\> as needed):
 
     ```json
     {
@@ -61,15 +59,11 @@ Before you begin, ensure the following:
     }
     ```
 
-1. Name the role (for example, SentinelAttackDisruptionRole) and create it.
-
 ### 1.2 Configure trust relationship
 
-1. In the IAM role you created, go to the **Trust relationships** tab.
-
-1. Select **Edit trust relationship**.
+Create a [custom trust policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-custom.html#roles-creatingrole-custom-trust-policy-console) for the IAM role.
 
-1. Replace the trust policy with the following, specifying the Microsoft Sentinel integration principal (replace `<YOUR_AZURE_SUBSCRIPTION_ID>` with your actual Azure subscription ID):
+Use the following trust policy, specifying the Microsoft Sentinel integration principal (replace `<YOUR_AZURE_SUBSCRIPTION_ID>` with your actual Azure subscription ID):
 
 ```json
 {