23c67d4c16
It was discovered that some customers' EKS clusters did not have their IMDSv2 hop limits set correctly, causing requests for key functionality to attempt IMDSv1 fallback and failing. For now, re-enable IMDSv1 fallback by way of removing the explicit disabling of `EC2MetadataEnableFallback` until better documentation, error handling, and other work can be done to inform customers that they need to correctly set their IMDSv2 hop limits. |
||
|---|---|---|
| .. | ||
| Dockerfile | ||
| go.mod | ||
| go.sum | ||
| main.go | ||
| main_test.go | ||
| README.md | ||
Teleport Usage Gathering Script
This script retrieves the number of unique users accessing each of the five Teleport supported protocols over a 30 day period.
Prerequisites
This tool requires a Teleport cluster running with AWS DynamoDB as your backend server. This script is intended to run as a docker container from either the auth server or a server with IAM permissions necessary to run queries on the DynamoDB events table.
NOTE: Minimum IAM permission can be accomplished by assigning AWS IAM policy
AmazonDynamoDBReadOnlyAccessThe following information is required:
| Environment Variable | Description |
|---|---|
TABLE_NAME |
DynamoDB Events Table Name |
AWS_REGION |
AWS Region where the dynamoDB table is deployed |
START_DATE |
The date for when to start the query. The format must be YYYY-MM-DD |
You may optionally specify the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN environment variables
to run the script from another location.
Running Docker Container
This script is dependent of environment variables being set. Below is an example on how to run the script in Docker using environment variables:
NOTE: The latest container image version can be found at the top of this page. This version is independent of your Teleport cluster.
$ docker run -it --rm -e "TABLE_NAME=cluster-events" \
-e "AWS_REGION=us-east-1" \
-e "START_DATE=2022-12-01" \
public.ecr.aws/gravitational/teleport-usage:<container-version>