diff --git a/web/packages/teleport/src/Integrations/Enroll/AwsOidc/AwsOidc.tsx b/web/packages/teleport/src/Integrations/Enroll/AwsOidc/AwsOidc.tsx index a1c4a62b18512..88993d48efcac 100644 --- a/web/packages/teleport/src/Integrations/Enroll/AwsOidc/AwsOidc.tsx +++ b/web/packages/teleport/src/Integrations/Enroll/AwsOidc/AwsOidc.tsx @@ -37,6 +37,7 @@ import { AwsOidcPolicyPreset } from 'teleport/services/integrations'; import { FinishDialog } from './FinishDialog'; import { useAwsOidcIntegration } from './useAwsOidcIntegration'; +import { ConfigureAwsOidcSummary } from './ConfigureAwsOidcSummary'; export function AwsOidc() { const { @@ -161,7 +162,13 @@ export function AwsOidc() { {scriptUrl && ( <> - Step 2 + + Step 2 + + diff --git a/web/packages/teleport/src/Integrations/Enroll/AwsOidc/ConfigureAwsOidcSummary.tsx b/web/packages/teleport/src/Integrations/Enroll/AwsOidc/ConfigureAwsOidcSummary.tsx new file mode 100644 index 0000000000000..f97aa4ca0a49c --- /dev/null +++ b/web/packages/teleport/src/Integrations/Enroll/AwsOidc/ConfigureAwsOidcSummary.tsx @@ -0,0 +1,87 @@ +/** + * Teleport + * Copyright (C) 2024 Gravitational, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +import React from 'react'; +import styled from 'styled-components'; +import { Flex, Box, H3, Text } from 'design'; +import TextEditor from 'shared/components/TextEditor'; +import { ToolTipInfo } from 'shared/components/ToolTip'; + +import useStickyClusterId from 'teleport/useStickyClusterId'; + +export function ConfigureAwsOidcSummary({ + roleName, + integrationName, +}: { + roleName: string; + integrationName: string; +}) { + const { clusterId } = useStickyClusterId(); + + const json = `{ + "name": ${roleName}, + "description": "Used by Teleport to provide access to AWS resources.", + "trust_policy": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "sts:AssumeRoleWithWebIdentity", + "Principal": { + "Federated": "":oidc-provider/${roleName}", + }, + "Condition": { + "StringEquals": { + "${clusterId}:aud": "discover.teleport", + } + } + } + ] + }, + "tags": { + "teleport.dev/cluster": "${clusterId}", + "teleport.dev/integration": "${integrationName}", + "teleport.dev/origin": "integration_awsoidc" + } +}`; + + return ( + +

Running the command in AWS CloudShell does the following:

+ 1. Configures an AWS IAM OIDC Identity Provider (IdP) + + 2. Configures an IAM role named "{roleName}" to trust the IdP: + + + + + + +
+ ); +} + +const EditorWrapper = styled(Flex)` + height: 300px; + margin-top: ${p => p.theme.space[3]}px; + width: 600px; +`;