Document AWS cross-account EKS discovery

[GavinFrazar]

Applies To

https://goteleport.com/docs/reference/config/
https://goteleport.com/docs/kubernetes-access/discovery/aws/
https://goteleport.com/docs/kubernetes-access/register-clusters/dynamic-registration/

Details

Config file reference updates

• Document the discovery_service.aws fields assume_role_arn and external_id in config file reference.
• Document aws field in kubernetes_service.resources config reference.

Create a guide for configuring the discovery service for cross-account AWS discovery.

• Explain how to use teleport-kube-agent chart value teleportConfig to provide custom config with discovery_service
• Explain how to setup IAM permissions like we do in https://goteleport.com/docs/database-access/guides/aws-cross-account/ (consider merging these into one guide?)
• Explain how to setup the discovery service to assume an AWS role.
• Explain how to setup the kubernetes_service to assume an AWS role for the dynamic resources it matches.

How will we know this is resolved?

A user can follow the guide to setup cross-account EKS discovery.

Related Issues

Related, we need to update docs in general to use discovery_service, which includes the current AWS cross-account db access guide and config file reference for discovery_service

• Database Access - moving auto discovery to Discovery Service #23774

[tigrato]

Closed as complete by #42107