Add new audit event for app-access DynamoDB requests

packages/teleport/src/Audit/EventList/EventTypeCell.tsx

@@ -81,6 +81,7 @@ const EventIconMap: Record<EventCode, React.FC> = {
   [eventCodes.APP_SESSION_CHUNK]: Icons.Info,
   [eventCodes.APP_SESSION_START]: Icons.Info,
   [eventCodes.APP_SESSION_END]: Icons.Info,
+  [eventCodes.APP_SESSION_DYNAMODB_REQUEST]: Icons.Database,
   [eventCodes.APP_CREATED]: Icons.Code,
   [eventCodes.APP_UPDATED]: Icons.Code,
   [eventCodes.APP_DELETED]: Icons.Code,

packages/teleport/src/Audit/__snapshots__/Audit.story.test.tsx.snap

@@ -358,12 +358,12 @@ exports[`list of all events 1`] = `
           </strong>
            - 
           <strong>
-            147
+            149
           </strong>
            of
 
           <strong>
-            147
+            149
           </strong>
         </div>
         <button
@@ -658,6 +658,80 @@ exports[`list of all events 1`] = `
           </button>
         </td>
       </tr>
+      <tr>
+        <td
+          style="vertical-align: inherit;"
+        >
+          <div
+            class="c14"
+          >
+            <span
+              class="c10 c15 icon icon-database c10 c15"
+              color="light"
+              font-size="3"
+            />
+            App Session DynamoDB Request
+          </div>
+        </td>
+        <td
+          style="word-break: break-word;"
+        >
+          User [alice] has made a request to application [dyno2]
+        </td>
+        <td
+          style="min-width: 120px;"
+        >
+          2022-10-19T19:04:07.763Z
+        </td>
+        <td
+          align="right"
+        >
+          <button
+            class="c16"
+            kind="border"
+            width="87px"
+          >
+            Details
+          </button>
+        </td>
+      </tr>
+      <tr>
+        <td
+          style="vertical-align: inherit;"
+        >
+          <div
+            class="c14"
+          >
+            <span
+              class="c10 c15 icon icon-database c10 c15"
+              color="light"
+              font-size="3"
+            />
+            App Session DynamoDB Request
+          </div>
+        </td>
+        <td
+          style="word-break: break-word;"
+        >
+          User [alice] has made a request to application [dyno1], target: [DynamoDB_20120810.Scan]
+        </td>
+        <td
+          style="min-width: 120px;"
+        >
+          2022-10-19T19:04:07.763Z
+        </td>
+        <td
+          align="right"
+        >
+          <button
+            class="c16"
+            kind="border"
+            width="87px"
+          >
+            Details
+          </button>
+        </td>
+      </tr>
       <tr>
         <td
           style="vertical-align: inherit;"

packages/teleport/src/Audit/fixtures/index.ts

@@ -1219,6 +1219,55 @@ export const events = [
     app_name: 'aws-console',
     user: 'alice',
   },
+  {
+    code: 'T2013I',
+    ei: 1,
+    event: 'app.session.dynamodb.request',
+    app_name: 'dyno1',
+    app_public_addr: 'dynamodb.root.com',
+    app_uri: 'https://console.aws.amazon.com/dynamodbv2/home',
+    aws_host: 'dynamodb.us-west-2.amazonaws.com',
+    aws_region: 'us-west-2',
+    aws_role_arn: 'arn:aws:iam::123456789012:role/GavinDynamoDBRole',
+    aws_service: 'dynamodb',
+    body: {
+      TableName: 'test-table',
+    },
+    cluster_name: 'root.com',
+    method: 'POST',
+    path: '/',
+    raw_query: '',
+    session_chunk_id: '3a54f32d-210f-4338-abf5-133bfe19ccc0',
+    status_code: 200,
+    target: 'DynamoDB_20120810.Scan',
+    time: '2022-10-19T19:04:07.763Z',
+    uid: 'f6f38f69-46e9-4110-a773-2c88278d08ca',
+    user: 'alice',
+  },
+  {
+    code: 'T2013I',
+    ei: 1,
+    event: 'app.session.dynamodb.request',
+    app_name: 'dyno2',
+    app_public_addr: 'dynamodb.root.com',
+    app_uri: 'https://console.aws.amazon.com/dynamodbv2/home',
+    aws_host: 'dynamodb.us-west-2.amazonaws.com',
+    aws_region: 'us-west-2',
+    aws_role_arn: 'arn:aws:iam::123456789012:role/GavinDynamoDBRole',
+    aws_service: 'dynamodb',
+    body: {
+      TableName: 'test-table',
+    },
+    cluster_name: 'root.com',
+    method: 'POST',
+    path: '/',
+    raw_query: '',
+    session_chunk_id: '3a54f32d-210f-4338-abf5-133bfe19ccc0',
+    status_code: 200,
+    time: '2022-10-19T19:04:07.763Z',
+    uid: 'f6f38f69-46e9-4110-a773-2c88278d08ca',
+    user: 'alice',
+  },
   {
     code: 'TAP03I',
     ei: 0,

packages/teleport/src/services/audit/makeEvent.ts

@@ -586,6 +586,17 @@ export const formatters: Formatters = {
       return `New session data chunk created for application [${app_name}] accessed by user [${user}]`;
     },
   },
+  [eventCodes.APP_SESSION_DYNAMODB_REQUEST]: {
+    type: 'app.session.dynamodb.request',
+    desc: 'App Session DynamoDB Request',
+    format: ({ user, app_name, target }) => {
+      let message = `User [${user}] has made a request to application [${app_name}]`;
+      if (target) {
+        message += `, target: [${target}]`;
+      }
+      return message;
+    },
+  },
   [eventCodes.SUBSYSTEM]: {
     type: 'subsystem',
     desc: 'Subsystem Requested',

packages/teleport/src/services/audit/types.ts

@@ -49,6 +49,7 @@ export const eventCodes = {
   APP_SESSION_CHUNK: 'T2008I',
   APP_SESSION_START: 'T2007I',
   APP_SESSION_END: 'T2011I',
+  APP_SESSION_DYNAMODB_REQUEST: 'T2013I',
   APP_CREATED: 'TAP03I',
   APP_UPDATED: 'TAP04I',
   APP_DELETED: 'TAP05I',
@@ -487,6 +488,13 @@ export type RawEvents = {
       app_name: string;
     }
   >;
+  [eventCodes.APP_SESSION_DYNAMODB_REQUEST]: RawEvent<
+    typeof eventCodes.APP_SESSION_DYNAMODB_REQUEST,
+    {
+      target: string;
+      app_name: string;
+    }
+  >;
   [eventCodes.SUBSYSTEM]: RawEvent<
     typeof eventCodes.SUBSYSTEM,
     {