Use AWS OIDC integration for AWS CLI/console access #30150
Labels
application-access
aws
Used for AWS Related Issues.
discover
Issues related to Teleport Discover
feature-request
Used for new features in Teleport, improvements to current should be #enhancements
Right now users have to configure AWS CLI/console access by enabling it in the app service and assigning it necessary IAM permissions:
https://goteleport.com/docs/application-access/cloud-apis/aws-console/
We should see if we can use our AWS OIDC integration to enable AWS CLI/console access as well. Then, users will be able to configure this integration by setting up the AWS integration in the Discover flow and won't need to host an agent similar to hosted access plugins.
Tasks
UI steps:
bash -c $(curl https://...../webapi/scripts/integrations/configure/aws-app-access-iam.sh?role=<IntegrationRoleName>)
POST https://.../integrations/aws-oidc/:name/aws-app-access
teleport.dev/integration: true
are allowed to be used by the integration.Example of ApplicationServer
Example of Teleport Role:
Example of IAM Policy required in IdP's Role
The text was updated successfully, but these errors were encountered: