self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-18 16:24:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/examples/teleport-usage/README.md
rosstimothy 6b26d5712a
Fix rough edges with usage script (#29003) 
When the script detects throttling it automatically scales the RCU,
however it was allowing the RCU to reach 0 which is an invalid
value. Any subsequent requests with a 0 RCU end up terminating the
script due to errors from the request. The RCU is no capped at a
minimum value of 1 to prevent this.

CredentialsChainVerboseErrors is now set in the aws.Config to provide
more actionable error messages when credentials are not configured
correctly. Users who had authentication issues would previously see
the following:

> 2023/07/11 16:50:25 NoCredentialProviders: no valid providers in chain. Deprecated.
>	For verbose messaging see aws.Config.CredentialsChainVerboseErrors

By setting the config value to true users will now see more detailed output:

> 2023/07/12 10:56:06 NoCredentialProviders: no valid providers in chain
> caused by: EnvAccessKeyNotFound: failed to find credentials in the environment.
> SharedCredsLoad: failed to load profile, .
> EC2RoleRequestError: no EC2 instance role found
> caused by: RequestError: send request failed

The README was also updated to include instructions on how to authenticate
and run the script from outside the Auth server if they so choose.
2023-07-13 23:03:42 +00:00

1.9 KiB
Raw Blame History

Teleport Usage Gathering Script

This script retrieves the number of unique users accessing each of the five Teleport supported protocols over a 30 day period.

Prerequisites

This tool requires a Teleport cluster running with AWS DynamoDB as your backend server. This script is intended to run as a docker container from either the auth server or a server with IAM permissions necessary to run queries on the DynamoDB events table.

NOTE: Minimum IAM permission can be accomplished by assigning AWS IAM policy AmazonDynamoDBReadOnlyAccess The following information is required:

Environment Variable Description
TABLE_NAME DynamoDB Events Table Name
AWS_REGION AWS Region where the dynamoDB table is deployed
START_DATE The date for when to start the query. The format must be YYYY-MM-DD

You may optionally specify the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN environment variables to run the script from another location.

Running Docker Container

This script is dependent of environment variables being set. Below is an example on how to run the script in Docker using environment variables:

NOTE: The latest container image version can be found at the top of this page. This version is independent of your Teleport cluster.

$ docker run -it --rm -e "TABLE_NAME=cluster-events" \
    -e "AWS_REGION=us-east-1" \
    -e "START_DATE=2022-12-01" \ 
    public.ecr.aws/gravitational/teleport-usage:<container-version>