From 25d089b7bc5a1c1191c956a00a81e308a2cde71e Mon Sep 17 00:00:00 2001
From: Gavin Frazar <gavin.frazar@goteleport.com>
Date: Mon, 25 Mar 2024 13:11:20 -0700
Subject: [PATCH] add troubleshooting for app access request size limit

---
 .../cloud-apis/aws-console.mdx                | 22 +++++++++++++++++++
 .../troubleshooting-apps.mdx                  | 14 ++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/docs/pages/application-access/cloud-apis/aws-console.mdx b/docs/pages/application-access/cloud-apis/aws-console.mdx
index d100406aed4d6..3ab2c0b95dfe1 100644
--- a/docs/pages/application-access/cloud-apis/aws-console.mdx
+++ b/docs/pages/application-access/cloud-apis/aws-console.mdx
@@ -443,6 +443,28 @@ instance and attach an IAM role to it.
 
 (!docs/pages/includes/aws-no-credential-provider.mdx service="Application"!)
 
+### `the read limit is reached` error when updating AWS lambda function
+
+Teleport enforces a 10MB size limit for each HTTP request's body.
+You may encounter this error when updating an AWS lambda function using
+`tsh aws update-function-code --function-name myfunction --zip-file ./file.zip`
+if `file.zip` is larger than 10MB.
+
+AWS also limits zip file size to 50MB.
+You can workaround this issue in the same way you would work around AWS's direct
+upload size limit: upload your lambda function archive to an s3 bucket,
+and then update your lambda function by referencing the s3 bucket instead of
+uploading an archive directly:
+
+```code
+# create an s3 bucket
+$ tsh aws s3 mb s3://mybucket
+# upload function to the bucket
+$ tsh aws s3 cp ./file.zip s3://mybucket/path/to/file.zip
+# update your lambda function by using the s3 bucket
+$ tsh aws lambda update-function-code --function-name myfunction --s3-bucket mybucket --s3-key path/to/file.zip
+```
+
 ## Next steps
 
 - Take a closer look at [role-based access controls](../controls.mdx).
diff --git a/docs/pages/application-access/troubleshooting-apps.mdx b/docs/pages/application-access/troubleshooting-apps.mdx
index ad31e380fed9e..82a5aade50b45 100644
--- a/docs/pages/application-access/troubleshooting-apps.mdx
+++ b/docs/pages/application-access/troubleshooting-apps.mdx
@@ -153,3 +153,17 @@ This configuration is available under the `jwt_claims` property of the
 application's `rewrite` configuration. See
 [Web Application Access](./guides/connecting-apps.mdx#configuring-the-jwt-token)
 for details.
+
+## Request too large
+
+Teleport enforces a 10MB size limit for the body of each HTTP request.
+
+### Symptom
+
+When attempting to connect to an HTTP app behind Teleport, you see an error
+that states *the read limit is reached*.
+
+### Solution
+
+If your application supports sending requests with chunked encoding, use that
+to break up large requests into smaller chunks.