From 62b0e9d5d68c3f85e14d157089bec28ba629d0c4 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Tue, 22 Oct 2024 16:32:45 -0400 Subject: [PATCH] docs: update policy prereqs (#47827) --- .../teleport-policy/integrations/aws-sync.mdx | 29 +++++++++---------- .../teleport-policy/integrations/entra-id.mdx | 7 +++-- .../teleport-policy/integrations/gitlab.mdx | 13 +++++---- .../integrations/ssh-keys-scan.mdx | 18 ++++++------ 4 files changed, 33 insertions(+), 34 deletions(-) diff --git a/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx b/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx index 5ee6764d79ef7..2aae7cd963fb5 100644 --- a/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx +++ b/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx @@ -14,20 +14,18 @@ enhancing the permission model within your AWS environment. This functionality e - Which resources can be reached via identities associated with EC2 instances? - What AWS resources can Teleport users access when connecting to EC2 nodes? -Utilizing the Access Graph to analyze IAM permissions within an AWS -account necessitates the setup of the Teleport Access Graph (TAG) +Utilizing the Access Graph to analyze IAM permissions within an AWS account necessitates the setup of the Access Graph (AG) service, a Discovery Service, and integration with your AWS account. -Teleport Access Graph is a feature of the [Teleport -Policy](https://goteleport.com/platform/policy/) product that is only available -to Teleport Enterprise customers. +Access Graph is a feature of the [Teleport Policy](https://goteleport.com/platform/policy/) product that is +available to Teleport Enterprise customers. After logging in to the Teleport UI, go to the Management tab. If enabled, Access Graph options can be found under the Permission Management section. ## How it works -Teleport Access Graph discovers AWS access patterns, synchronizes various AWS resources, +Access Graph discovers AWS access patterns, synchronizes various AWS resources, including IAM Policies, Groups, Users, User Groups, EC2 instances, EKS clusters, and RDS databases. These resources are then visualized using the graph representation detailed in the [Teleport Policy usage page](../policy-how-to-use.mdx). @@ -49,14 +47,12 @@ At intervals of 15 minutes, it retrieves the following resources from your AWS a - RDS Databases - S3 Buckets -Once all the necessary resources are fetched, the Teleport Discovery -Service pushes them to the Teleport Access Graph (TAG) service, -ensuring that the Access Graph remains updated with the latest -information from your AWS environment. +Once all the necessary resources are fetched, the Teleport Discovery Service pushes them to the +Access Graph, ensuring that it remains updated with the latest information from your AWS environment. ### Importing resources -Teleport Access Graph delves into the IAM policies, identities, +Teleport Policy’s Access Graph feature delves into the IAM policies, identities, and resources retrieved from your AWS account, crafting a graphical representation thereof. @@ -64,12 +60,13 @@ graphical representation thereof. ## Prerequisites - A running Teleport Enterprise cluster v14.3.9/v15.2.0 or later. -- For self-hosted clusters, an updated `license.pem` with Teleport Policy enabled. -- For self-hosted clusters, a running Access Graph node v1.17.0 or later. -Check [Access Graph page](../teleport-policy.mdx) for details on +- Teleport Policy enabled for your account. +- For self-hosted clusters: + - Ensure that an up-to-date `license.pem` is used in the Auth Service configuration. + - A running Access Graph node v1.17.0 or later. +Check the [Teleport Policy page](../teleport-policy.mdx) for details on how to set up Access Graph. -- The node running the Access Graph service must be reachable -from Teleport Auth Service and Discovery Service. + - The node running the Access Graph service must be reachable from the Teleport Auth Service. ## Step 1/2. Configure Discovery Service (Self-hosted only) diff --git a/docs/pages/admin-guides/teleport-policy/integrations/entra-id.mdx b/docs/pages/admin-guides/teleport-policy/integrations/entra-id.mdx index 67d9736ed8ff2..da9b9e7feff9b 100644 --- a/docs/pages/admin-guides/teleport-policy/integrations/entra-id.mdx +++ b/docs/pages/admin-guides/teleport-policy/integrations/entra-id.mdx @@ -35,11 +35,12 @@ These resources are then visualized using the graph representation detailed in t - A running Teleport Enterprise cluster v15.4.2/v16.0.0 or later. - Teleport Identity and Teleport Policy enabled for your account. - - For self-hosted clusters, ensure that an up-to-date `license.pem` is used in the Auth Service configuration. -- For self-hosted clusters, a running Access Graph node v1.21.3 or later. +- For self-hosted clusters: + - Ensure that an up-to-date `license.pem` is used in the Auth Service configuration. + - A running Access Graph node v1.21.3 or later. Check the [Teleport Policy page](../teleport-policy.mdx) for details on how to set up Access Graph. -- The node running the Access Graph service must be reachable from the Teleport Auth Service. + - The node running the Access Graph service must be reachable from the Teleport Auth Service. - Your user must have privileged administrator permissions in the Azure account To verify that Access Graph is set up correctly for your cluster, sign in to the Teleport Web UI and navigate to the Management tab. diff --git a/docs/pages/admin-guides/teleport-policy/integrations/gitlab.mdx b/docs/pages/admin-guides/teleport-policy/integrations/gitlab.mdx index 83cc193507070..3a25ef7ad225f 100644 --- a/docs/pages/admin-guides/teleport-policy/integrations/gitlab.mdx +++ b/docs/pages/admin-guides/teleport-policy/integrations/gitlab.mdx @@ -46,13 +46,14 @@ graphical representation thereof. ## Prerequisites - A running Teleport Enterprise cluster v14.3.20/v15.3.1/v16.0.0 or later. -- For self-hosted clusters, an updated `license.pem` with Teleport Policy enabled. -- For self-hosted clusters, a running Access Graph node v1.21.4 or later. -Check [Access Graph page](../teleport-policy.mdx) for details on -how to set up Access Graph. -- For self-hosted clusters, the node running the Access Graph service must be reachable -from Teleport Auth Service. +- Teleport Policy enabled for your account. - A GitLab instance running GitLab v9.0 or later. +- For self-hosted clusters: + - Ensure that an up-to-date `license.pem` is used in the Auth Service configuration. + - A running Access Graph node v1.21.4 or later. +Check the [Teleport Policy page](../teleport-policy.mdx) for details on +how to set up Access Graph. + - The node running the Access Graph service must be reachable from the Teleport Auth Service. ## Step 1/3. Create GitLab token diff --git a/docs/pages/admin-guides/teleport-policy/integrations/ssh-keys-scan.mdx b/docs/pages/admin-guides/teleport-policy/integrations/ssh-keys-scan.mdx index f324b378be2fe..8c50d3ad2da9d 100644 --- a/docs/pages/admin-guides/teleport-policy/integrations/ssh-keys-scan.mdx +++ b/docs/pages/admin-guides/teleport-policy/integrations/ssh-keys-scan.mdx @@ -23,7 +23,8 @@ under the Permission Management section. Teleport and Teleport Policy's Access Graph synchronize various resources, including SSH authorized keys and private keys. -These resources are then visualized using Teleport Access Graph. +These resources are then visualized using the graph representation detailed in the +[Access Graph page](../teleport-policy.mdx). ### Importing SSH Authorized Keys @@ -69,17 +70,16 @@ It also never sends the private key path or any other sensitive information. ## Prerequisites - A running Teleport Enterprise cluster v15.4.16/v16.2.0 or later. -- For self-hosted clusters, an updated `license.pem` with Teleport Policy enabled. -- For self-hosted clusters, a running Access Graph node v1.22.0 or later. - -Check [How to use Teleport Policy](../policy-how-to-use.mdx) for details on how -to set up Access Graph. - -- For self-hosted clusters, the node running the Access Graph service must be reachable -from Teleport Auth Service. +- Teleport Policy enabled for your account. - A Linux/macOS server running the Teleport SSH Service. - Devices enrolled in the [Teleport Device Trust feature](../../access-controls/device-trust.mdx). - For Jamf Pro integration, devices must be enrolled in Jamf Pro and have the signed `tsh` binary installed. +- For self-hosted clusters: + - Ensure that an up-to-date `license.pem` is used in the Auth Service configuration. + - A running Access Graph node v1.22.0 or later. +Check the [Teleport Policy page](../teleport-policy.mdx) for details on +how to set up Access Graph. + - The node running the Access Graph service must be reachable from the Teleport Auth Service. ## Step 1/3. Enable SSH Key Scanning