docs: add AWS cross-account db access guide#25687
Conversation
GavinFrazar
added
documentation
aws
GavinFrazar
requested review from
alexfornuto,
gabrielcorado,
greedy52,
ptgott and
smallinsky
|
@ptgott @alexfornuto please take a look when you can, this guide is for a v13 release feature. sorry it's last minute! I was considering not even doing a guide, since I already updated the config file reference, hence I pushed this last minute. It's not super critical that the guide be available immediately with v13 release, but the sooner the better. Thanks! |
smallinsky
changed the title
There was a problem hiding this comment.
I think we should expand the introduction a bit to add context and give the reader some idea of what the scope of enabling cross-account database access looks like.
In a couple of sentences, what are the major actions a Teleport operator would need to take to enable cross-account database access?
Also, I think the architecture of cross-account database access can be more explicit in the introduction. Is the Database Service using AWS IAM credentials for the target AWS account to enable access from Teleport users to a database in the target account? I.e., would the Database Service be managing multiple sets of AWS credentials?
I think a diagram would be really useful.
There was a problem hiding this comment.
expanded intro here: b5a2b4b
I've been struggling to make a diagram with mermaid, but I will try to add a lucid chart one instead. Conceptually, this is what it looks like (ignore the lack of good style/color please):
There was a problem hiding this comment.
I like the extra detail, thanks! The diagram also makes sense to me. Eventually, I'd like to add some kind of standard stylesheet for Mermaid diagrams so authors don't need to worry about styling, but in the meantime, either Mermaid or LucidChart is fine.
Let me know if you'd like to make the diagram part of this PR or a separate one. I personally think the diagram above is clear and helpful (I'm ignoring all Mermaid style issues for now since I'm hoping we can get automated styling out at some point).
There was a problem hiding this comment.
Hmm, let's do a separate PR for the diagram
GavinFrazar
force-pushed
the
gavinfrazar/cross-account-aws-guide
branch
from
e345007 to
8e89fee
Compare
public-teleport-github-review-bot
Bot
removed request for
alexfornuto,
gabrielcorado,
greedy52,
r0mant,
xinding33 and
zmb3
|
@GavinFrazar See the table below for backport results.
|
3 participants
Closes #21872
This is a docs only PR - it adds a guide for configuring a database agent to do discovery/access of AWS databases using
assume_role_arnand optionallyexternal_idto make the database agent assume that role arn before discovering/proxying the databases.