Skip to content

Commit

Permalink
[v15] Document AWS Tags used when using the AWS OIDC Integration (#46643
Browse files Browse the repository at this point in the history
)

* Document AWS Tags used when using the AWS OIDC Integration

When the AWS OIDC Integration creates an AWS Resource it adds a couple
of tags.
Those can be used to group resources in AWS.
Even tho Teleport was doing it, it was not documented.

This PR adds the documentation to this, in both the Docs and Discover
flows.

* fix P element usage
  • Loading branch information
marcoandredinis authored Sep 18, 2024
1 parent e9092f5 commit 512e85c
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,14 @@ The integration requires no extra configuration or services to run.
Initially, no policy is added to the IAM role, but users are asked to add them the first time they are trying to use a given feature.
For example, when setting up [External Audit Storage](../external-audit-storage.mdx), you will be asked to add the required policies to this IAM role.

AWS Resources created by the integration are tagged so that you can search and export them using the [AWS Resource Groups / Tag Editor](https://console.aws.amazon.com/resource-groups/tag-editor/find-resources).
The following tags are applied:
```code
teleport.dev/cluster <Var name="cluster-name"/>
teleport.dev/origin integration_awsoidc
teleport.dev/integration <Var name="my-integration"/>
```

## Prerequisites

- A running Teleport cluster.
Expand Down
3 changes: 3 additions & 0 deletions web/packages/teleport/src/Discover/Shared/const.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,6 @@ export const WILD_CARD = '*';

export const AWS_TAG_INFO_LINK =
'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags_roles.html#id_tags_roles_procs-console';

export const AWS_RESOURCE_GROUPS_TAG_EDITOR_LINK =
'https://console.aws.amazon.com/resource-groups/tag-editor/find-resources';
26 changes: 26 additions & 0 deletions web/packages/teleport/src/Integrations/Enroll/AwsOidc/AwsOidc.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,10 @@ import {
userEventService,
} from 'teleport/services/userEvent';
import { Header } from 'teleport/Discover/Shared';
import { AWS_RESOURCE_GROUPS_TAG_EDITOR_LINK } from 'teleport/Discover/Shared/const';
import { DiscoverUrlLocationState } from 'teleport/Discover/useDiscover';
import { TextSelectCopyMulti } from 'teleport/components/TextSelectCopy';
import useStickyClusterId from 'teleport/useStickyClusterId';

import {
Integration,
Expand All @@ -54,6 +56,8 @@ export function AwsOidc() {
const [createdIntegration, setCreatedIntegration] = useState<Integration>();
const { attempt, run } = useAttempt('');

const { clusterId } = useStickyClusterId();

const location = useLocation<DiscoverUrlLocationState>();

const [eventData] = useState<IntegrationEnrollEventData>({
Expand Down Expand Up @@ -147,6 +151,28 @@ export function AwsOidc() {
AWS RDS
</RouteLink>{' '}
instances during resource enrollment.
<Box mt={3}>
AWS Resources created by the integration are tagged so that you can
search and export them using the{' '}
<Link target="_blank" href={AWS_RESOURCE_GROUPS_TAG_EDITOR_LINK}>
AWS Resource Groups / Tag Editor
</Link>
. The following tags are applied:
<TextSelectCopyMulti
bash={false}
lines={[
{
text:
`teleport.dev/cluster: ` +
clusterId +
`\n` +
`teleport.dev/origin: integration_awsoidc\n` +
`teleport.dev/integration: ` +
integrationName,
},
]}
/>
</Box>
</Box>

<Validation>
Expand Down

0 comments on commit 512e85c

Please sign in to comment.