Add fallbacks for getting proxy address in bootstrap (#24523)

* add fallbacks for getting proxy address in bootstrap

* Resolve comments

lib/configurators/aws/aws.go

@@ -643,24 +643,39 @@ func buildPolicyDocument(flags configurators.BootstrapFlags, fileConfig *config.
 	), nil
 }
 
-func getProxyAddrFromFileConfig(fc *config.FileConfig) (string, error) {
+func getProxyAddrFromConfig(fc *config.FileConfig, flags configurators.BootstrapFlags) (string, error) {
+	if flags.Proxy != "" {
+		addr, err := utils.ParseHostPortAddr(flags.Proxy, defaults.HTTPListenPort)
+		if err != nil {
+			return "", trace.Wrap(err)
+		}
+		return fmt.Sprintf("https://%s", addr.String()), nil
+	}
+
 	addrs, err := utils.AddrsFromStrings(fc.Proxy.PublicAddr, defaults.HTTPListenPort)
 	if err != nil {
 		return "", err
 	}
-	if len(addrs) == 0 {
-		return fmt.Sprintf("https://<proxy address>:%d", defaults.HTTPListenPort), nil
+	if len(addrs) != 0 {
+		return fmt.Sprintf("https://%s", addrs[0].String()), nil
 	}
-	addr := addrs[0]
 
-	return fmt.Sprintf("https://%s", addr.String()), nil
+	if fc.ProxyServer != "" {
+		addr, err := utils.ParseHostPortAddr(fc.ProxyServer, defaults.HTTPListenPort)
+		if err != nil {
+			return "", trace.Wrap(err)
+		}
+		return fmt.Sprintf("https://%s", addr.String()), nil
+	}
+
+	return "", trace.NotFound("proxy address not found, please provide --proxy, or set either teleport.proxy_server or proxy_service.public_addr in the teleport config")
 }
 
 func buildSSMDocuments(ssm ssmiface.SSMAPI, flags configurators.BootstrapFlags, fileConfig *config.FileConfig) ([]configurators.ConfiguratorAction, error) {
 	var creators []configurators.ConfiguratorAction
-	proxyAddr, err := getProxyAddrFromFileConfig(fileConfig)
+	proxyAddr, err := getProxyAddrFromConfig(fileConfig, flags)
 	if err != nil {
-		return nil, err
+		return nil, trace.Wrap(err)
 	}
 	for _, matcher := range fileConfig.Discovery.AWSMatchers {
 		if !slices.Contains(matcher.Types, services.AWSMatcherEC2) {

lib/configurators/aws/aws_test.go

@@ -1260,6 +1260,7 @@ func TestAWSConfigurator(t *testing.T) {
 
 	config.Flags.DiscoveryService = true
 	config.Flags.ForceEC2Permissions = true
+	config.Flags.Proxy = "proxy.xyz"
 
 	configurator, err = NewAWSConfigurator(config)
 	require.NoError(t, err)

lib/configurators/common.go

@@ -52,6 +52,8 @@ type BootstrapFlags struct {
 	ForceAWSKeyspacesPermissions bool
 	// ForceDynamoDBPermissions forces the presence of DynamoDB permissions.
 	ForceDynamoDBPermissions bool
+	// Proxy is the address of the Teleport proxy to use.
+	Proxy string
 }
 
 // ConfiguratorActionContext context passed across configurator actions. It is

tool/teleport/common/teleport.go

@@ -339,6 +339,7 @@ func Run(options Options) (app *kingpin.Application, executedCommand string, con
 	discoveryBootstrapCmd.Flag("attach-to-role", "Role name to attach policy to. Mutually exclusive with --attach-to-user. If none of the attach-to flags is provided, the command will try to attach the policy to the current user/role based on the credentials.").StringVar(&configureDiscoveryBootstrapFlags.config.AttachToRole)
 	discoveryBootstrapCmd.Flag("attach-to-user", "User name to attach policy to. Mutually exclusive with --attach-to-role. If none of the attach-to flags is provided, the command will try to attach the policy to the current user/role based on the credentials.").StringVar(&configureDiscoveryBootstrapFlags.config.AttachToUser)
 	discoveryBootstrapCmd.Flag("policy-name", fmt.Sprintf("Name of the Teleport Discovery service policy. Default: %q.", awsconfigurators.EC2DiscoveryPolicyName)).Default(awsconfigurators.EC2DiscoveryPolicyName).StringVar(&configureDiscoveryBootstrapFlags.config.PolicyName)
+	discoveryBootstrapCmd.Flag("proxy", "Teleport proxy address to connect to").StringVar(&configureDiscoveryBootstrapFlags.config.Proxy)
 
 	// "teleport install" command and its subcommands
 	installCmd := app.Command("install", "Teleport install commands.")