WebDiscover: Add AWS Management Console as a guided flow #41569
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
application-access
size/xl
tctl
|
@kimlisa - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes. |
kimlisa
force-pushed
the
lisa/discover/aws-cli
branch
from
69b20ff
to
bd2f0a1
Compare
kimlisa
force-pushed
the
lisa/discover/aws-cli
branch
from
bd2f0a1
to
def27bc
Compare
|
I'd be interested in seeing what this looks like when things fail. What happens if you don't have the right permissions or you paste an invalid ARN? (I've noticed in a lot of these workflows we tend to test the happy path quite well, but the failures often end up spitting out 50-line error messages that are ugly and incomprehensible.) |
this particular guide is pretty fool proof, the only way it will fail is if you did not define iam role correctly. if you use an invalid role, the web launcher will fail. I did put a hint box if you can't connect: the basic error check with retry and permission checking is there: if you dont have application server read list perms: if you dont have integration CRUD or app create/update if you dont have setup access (this will vary depending on if you are sso as well): invalid arn:
yeah 😢, most bugs are edge cases we didn't account for like one example is using private subnets for rds database flow, you won't know it was that issue until hours later. hardening the flow and improving error messages and identifying more failure points is our next goal |
gzdunek
reviewed
May 16, 2024
web/packages/teleport/src/Discover/Shared/AwsAccount/AwsAccount.test.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/Shared/AwsAccount/AwsAccount.test.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/Shared/AwsAccount/AwsAccount.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/Shared/AwsAccount/AwsAccount.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/Shared/AwsAccount/AwsAccount.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/AwsMangementConsole/CreateAppAccess/CreatedDialog.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/AwsMangementConsole/CreateAppAccess/CreateAppAccess.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/AwsMangementConsole/CreateAppAccess/CreatedDialog.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/Shared/SetupAccess/useUserTraits.test.tsx
Outdated
Show resolved
Hide resolved
kimlisa
force-pushed
the
lisa/discover/aws-cli
branch
2 times, most recently
from
ffafc4e
to
053ef01
Compare
kimlisa
force-pushed
the
lisa/discover/aws-cli
branch
from
053ef01
to
f2b8040
Compare
gzdunek
reviewed
May 20, 2024
web/packages/teleport/src/Discover/AwsMangementConsole/AwsManagementConsole.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/AwsMangementConsole/CreateAppAccess/AppCreatedDialog.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/AwsMangementConsole/CreateAppAccess/CreateAppAccess.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/AwsMangementConsole/SetupAccess/SetupAccess.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/AwsMangementConsole/SetupAccess/SetupAccess.tsx
Show resolved
Hide resolved
web/packages/teleport/src/Discover/Shared/AwsAccount/AwsAccount.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/Shared/SetupAccess/SetupAccessWrapper.tsx
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/Shared/SetupAccess/useUserTraits.ts
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/Shared/SetupAccess/useUserTraits.ts
Outdated
Show resolved
Hide resolved
web/packages/teleport/src/Discover/Shared/SetupAccess/useUserTraits.ts
Outdated
Show resolved
Hide resolved
avatus
approved these changes
May 21, 2024
gzdunek
approved these changes
May 21, 2024
| </StyledBox> | ||
| <OutlineInfo mb={3} linkColor="buttons.link.default" width="800px"> | ||
| <Text> | ||
| If connection can't be established, ensure the IAM role you are trying |
There was a problem hiding this comment.
Suggested change
| If connection can't be established, ensure the IAM role you are trying | |
| If the connection can't be established, ensure the IAM role you are trying |
r0mant
approved these changes
May 21, 2024
kimlisa
force-pushed
the
lisa/discover/aws-cli
branch
from
a38ca53
to
af3e00c
Compare
kimlisa
added a commit
that referenced
this pull request
May 21, 2024
* Pass integration field with apps * Add new endpoints, update types, add regex * Add yaml template for app access for access info * Define aws console as a selectable resource * AwsAccount step also fetches apps if awsConsole is detected * Implement create app server * Implement setup access view * Implement test connection view * Define aws console flow * Add tsh cli command for accessing aws cli * Address CR * Improve language * Address CR part 2
kimlisa
added a commit
that referenced
this pull request
May 21, 2024
* Pass integration field with apps * Add new endpoints, update types, add regex * Add yaml template for app access for access info * Define aws console as a selectable resource * AwsAccount step also fetches apps if awsConsole is detected * Implement create app server * Implement setup access view * Implement test connection view * Define aws console flow * Add tsh cli command for accessing aws cli * Address CR * Improve language * Address CR part 2
kimlisa
added a commit
that referenced
this pull request
May 21, 2024
* Pass integration field with apps * Add new endpoints, update types, add regex * Add yaml template for app access for access info * Define aws console as a selectable resource * AwsAccount step also fetches apps if awsConsole is detected * Implement create app server * Implement setup access view * Implement test connection view * Define aws console flow * Add tsh cli command for accessing aws cli * Address CR * Improve language * Address CR part 2
github-merge-queue bot
pushed a commit
that referenced
this pull request
May 22, 2024
…1864) * Pass integration field with apps * Add new endpoints, update types, add regex * Add yaml template for app access for access info * Define aws console as a selectable resource * AwsAccount step also fetches apps if awsConsole is detected * Implement create app server * Implement setup access view * Implement test connection view * Define aws console flow * Add tsh cli command for accessing aws cli * Address CR * Improve language * Address CR part 2
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes #30150
requires: #41543
recommend reviewing by commit
Screen.Recording.2024-05-15.at.9.10.32.PM.mov
changelog: Add AWS Management Console as a guided flow using AWS OIDC integration in the "Enroll New Resource" view in the web UI