When the script detects throttling it automatically scales the RCU, however it was allowing the RCU to reach 0 which is an invalid value. Any subsequent requests with a 0 RCU end up terminating the script due to errors from the request. The RCU is no capped at a minimum value of 1 to prevent this. CredentialsChainVerboseErrors is now set in the aws.Config to provide more actionable error messages when credentials are not configured correctly. Users who had authentication issues would previously see the following: > 2023/07/11 16:50:25 NoCredentialProviders: no valid providers in chain. Deprecated. > For verbose messaging see aws.Config.CredentialsChainVerboseErrors By setting the config value to true users will now see more detailed output: > 2023/07/12 10:56:06 NoCredentialProviders: no valid providers in chain > caused by: EnvAccessKeyNotFound: failed to find credentials in the environment. > SharedCredsLoad: failed to load profile, . > EC2RoleRequestError: no EC2 instance role found > caused by: RequestError: send request failed The README was also updated to include instructions on how to authenticate and run the script from outside the Auth server if they so choose.
1.9 KiB
Teleport Usage Gathering Script
This script retrieves the number of unique users accessing each of the five Teleport supported protocols over a 30 day period.
Prerequisites
This tool requires a Teleport cluster running with AWS DynamoDB as your backend server. This script is intended to run as a docker container from either the auth server or a server with IAM permissions necessary to run queries on the DynamoDB events table.
NOTE: Minimum IAM permission can be accomplished by assigning AWS IAM policy
AmazonDynamoDBReadOnlyAccess
The following information is required:
Environment Variable | Description |
---|---|
TABLE_NAME |
DynamoDB Events Table Name |
AWS_REGION |
AWS Region where the dynamoDB table is deployed |
START_DATE |
The date for when to start the query. The format must be YYYY-MM-DD |
You may optionally specify the AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
, AWS_SESSION_TOKEN
environment variables
to run the script from another location.
Running Docker Container
This script is dependent of environment variables being set. Below is an example on how to run the script in Docker using environment variables:
NOTE: The latest container image version can be found at the top of this page. This version is independent of your Teleport cluster.
$ docker run -it --rm -e "TABLE_NAME=cluster-events" \
-e "AWS_REGION=us-east-1" \
-e "START_DATE=2022-12-01" \
public.ecr.aws/gravitational/teleport-usage:<container-version>