From b251d708e786fe7aad66545267fd14ac085287a3 Mon Sep 17 00:00:00 2001 From: "marie.mcallister" Date: Tue, 28 May 2024 18:54:46 -0700 Subject: [PATCH 01/11] tag policy revisions - draft --- .../access-controls/access-graph/aws-sync.mdx | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/docs/pages/access-controls/access-graph/aws-sync.mdx b/docs/pages/access-controls/access-graph/aws-sync.mdx index 2d303aa17b1ec..2a794b180033c 100644 --- a/docs/pages/access-controls/access-graph/aws-sync.mdx +++ b/docs/pages/access-controls/access-graph/aws-sync.mdx @@ -1,13 +1,16 @@ --- -title: Discover AWS Access Patterns with Teleport Access Graph -description: Describes how to import and visualize AWS accounts access patterns using Teleport Access Graph. +title: Discover AWS Access Patterns with Teleport Policy +description: Describes how to import and visualize AWS accounts access patterns using Teleport Policy and Access Graph. --- -Teleport Access Graph offers insights into access patterns within -your AWS account. By scanning IAM permissions, users, groups, resources, and -identities, it provides a visual representation and aids in enhancing the -permission model within your AWS environment. This functionality enables you -to address queries such as: +Teleport Policy will streamline and centralize access management accross your entire infrastructure. You can view access relationships in seconds, +viewing unified, up-to-date relationships and policies between all users, groups, and computing resources. + +## Teleport Access Graph + +Teleport Access Graph offers insights into access patterns within your AWS account. By scanning IAM +permissions, users, groups, resources, and identities, it provides a visual representation and aids in +enhancing the permission model within your AWS environment. This functionality enables you to address queries such as: - What resources are accessible to AWS users and roles? - Which resources can be reached via identities associated with EC2 instances? @@ -37,8 +40,7 @@ The importing process involves two primary steps: ### Polling Cloud APIs The Teleport Discovery Service continuously scans the configured AWS accounts. -At intervals of 15 minutes, it retrieves the following resources from your -AWS account: +At intervals of 15 minutes, it retrieves the following resources from your AWS account: - Users - Groups From 17a2517aa8e9f29f146d0ed06dcc65724b657986 Mon Sep 17 00:00:00 2001 From: "marie.mcallister" Date: Tue, 28 May 2024 19:14:10 -0700 Subject: [PATCH 02/11] tag policy revisions - draft --- docs/pages/access-controls/access-graph/aws-sync.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/pages/access-controls/access-graph/aws-sync.mdx b/docs/pages/access-controls/access-graph/aws-sync.mdx index 2a794b180033c..2ae0abfab126d 100644 --- a/docs/pages/access-controls/access-graph/aws-sync.mdx +++ b/docs/pages/access-controls/access-graph/aws-sync.mdx @@ -6,9 +6,9 @@ description: Describes how to import and visualize AWS accounts access patterns Teleport Policy will streamline and centralize access management accross your entire infrastructure. You can view access relationships in seconds, viewing unified, up-to-date relationships and policies between all users, groups, and computing resources. -## Teleport Access Graph +## Teleport Policy -Teleport Access Graph offers insights into access patterns within your AWS account. By scanning IAM +Teleport Policy with Access Graph offers insights into access patterns within your AWS account. By scanning IAM permissions, users, groups, resources, and identities, it provides a visual representation and aids in enhancing the permission model within your AWS environment. This functionality enables you to address queries such as: From 69e05dbc0c8f20d56e63d7b4f4291fe6630c2aee Mon Sep 17 00:00:00 2001 From: "marie.mcallister" Date: Tue, 28 May 2024 19:49:17 -0700 Subject: [PATCH 03/11] tag policy revisions - draft --- .../access-controls/access-graph/aws-sync.mdx | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/docs/pages/access-controls/access-graph/aws-sync.mdx b/docs/pages/access-controls/access-graph/aws-sync.mdx index 2ae0abfab126d..128eff995bd4e 100644 --- a/docs/pages/access-controls/access-graph/aws-sync.mdx +++ b/docs/pages/access-controls/access-graph/aws-sync.mdx @@ -3,11 +3,9 @@ title: Discover AWS Access Patterns with Teleport Policy description: Describes how to import and visualize AWS accounts access patterns using Teleport Policy and Access Graph. --- -Teleport Policy will streamline and centralize access management accross your entire infrastructure. You can view access relationships in seconds, +Teleport Policy will streamline and centralize access management across your entire infrastructure. You can view access relationships in seconds, viewing unified, up-to-date relationships and policies between all users, groups, and computing resources. -## Teleport Policy - Teleport Policy with Access Graph offers insights into access patterns within your AWS account. By scanning IAM permissions, users, groups, resources, and identities, it provides a visual representation and aids in enhancing the permission model within your AWS environment. This functionality enables you to address queries such as: @@ -27,12 +25,11 @@ to Teleport Enterprise customers. After logging in to the Teleport UI, go to the Management tab. If enabled, Access Graph options can be found under the Permission Management section. -## How TAG discovers AWS access patterns +## How it works -Teleport Access Graph synchronizes various AWS resources, -including IAM Policies, Groups, Users, User Groups, EC2 instances, -EKS clusters, and RDS databases. These resources are then visualized -using the graph representation detailed in the +Teleport Access Graph discovers AWS access patterns, synchronizes various AWS resources, +including IAM Policies, Groups, Users, User Groups, EC2 instances, EKS clusters, and RDS databases. +These resources are then visualized using the graph representation detailed in the [Access Graph page](../access-graph.mdx). The importing process involves two primary steps: @@ -78,8 +75,8 @@ from Teleport Auth Service and Discovery Service. -If you have a Teleport Cloud cluster, you can disregard -this step, as Teleport Cloud already operates a properly configured +If you have a Teleport Enterprise cluster, you can disregard +this step, as Teleport Enterprise already operates a properly configured Discovery Service within your cluster. From 334c20bfd60b4d83f07e310b5f9de0dccf636b0b Mon Sep 17 00:00:00 2001 From: "marie.mcallister" Date: Tue, 28 May 2024 20:06:52 -0700 Subject: [PATCH 04/11] tag policy revisions - draft --- docs/pages/access-controls/access-graph.mdx | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/pages/access-controls/access-graph.mdx b/docs/pages/access-controls/access-graph.mdx index f5e17e94a2249..088b8254e6d6b 100644 --- a/docs/pages/access-controls/access-graph.mdx +++ b/docs/pages/access-controls/access-graph.mdx @@ -1,9 +1,12 @@ --- -title: Teleport Access Graph -description: A reference for Teleport Access Graph. +title: Teleport Policy +description: A reference for Access Graph with Teleport Policy. --- -Teleport Access Graph visualizes and helps you understand access to your +Teleport Policy will streamline and centralize access management across your entire infrastructure. You can view access relationships in seconds, +viewing unified, up-to-date relationships and policies between all users, groups, and computing resources. + +Teleport Policy with Access Graph visualizes and helps you understand access to your infrastructure. It provides a visual representation of the relationships between users, roles, and resources in your organization. It can help you answer questions like: From 225412ee9fd69ba3408c58a89f0c147180f79575 Mon Sep 17 00:00:00 2001 From: "marie.mcallister" Date: Tue, 28 May 2024 21:04:09 -0700 Subject: [PATCH 05/11] tag policy revisions - draft --- docs/pages/access-controls/access-graph.mdx | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/docs/pages/access-controls/access-graph.mdx b/docs/pages/access-controls/access-graph.mdx index 088b8254e6d6b..1c5627e714c85 100644 --- a/docs/pages/access-controls/access-graph.mdx +++ b/docs/pages/access-controls/access-graph.mdx @@ -4,20 +4,17 @@ description: A reference for Access Graph with Teleport Policy. --- Teleport Policy will streamline and centralize access management across your entire infrastructure. You can view access relationships in seconds, -viewing unified, up-to-date relationships and policies between all users, groups, and computing resources. +viewing unified, up-to-date connections and policies between all users, groups, and computing resources. -Teleport Policy with Access Graph visualizes and helps you understand access to your -infrastructure. It provides a visual representation of the relationships between -users, roles, and resources in your organization. It can help you answer -questions like: +Teleport Policy with Access Graph provides a visual representation of the relationships between +users, roles, and resources in your organization. It can help you answer questions like: - What resources can a specific user access? - What users can access a specific resource? - What are the relationships between users, roles, and resources? -Teleport Access Graph is a feature of the [Teleport -Policy](https://goteleport.com/platform/policy/) product that is only available -to Teleport Enterprise customers. +Access Graph is a feature of the [Teleport Policy](https://goteleport.com/platform/policy/) product that is only +available to Teleport Enterprise customers. After logging into the Teleport UI, go to the Management tab. If enabled, Access Graph options can be found under the Permission Management section. @@ -101,7 +98,7 @@ and what actions they can perform. ![Deny Path](../../img/access-graph/deny-path.png) -Deny paths connect identities to resources. They show what a identity cannot access +Deny paths connect identities to resources. They show what an identity cannot access and what actions they cannot perform. Deny paths take precedence over allow paths. From 8824eaae5236deb94af0b0b3ae44a576790c86f7 Mon Sep 17 00:00:00 2001 From: "marie.mcallister" Date: Tue, 28 May 2024 22:38:17 -0700 Subject: [PATCH 06/11] tag policy revisions - draft --- docs/pages/access-controls/access-graph.mdx | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/pages/access-controls/access-graph.mdx b/docs/pages/access-controls/access-graph.mdx index 1c5627e714c85..39d6c534fc6ca 100644 --- a/docs/pages/access-controls/access-graph.mdx +++ b/docs/pages/access-controls/access-graph.mdx @@ -3,8 +3,7 @@ title: Teleport Policy description: A reference for Access Graph with Teleport Policy. --- -Teleport Policy will streamline and centralize access management across your entire infrastructure. You can view access relationships in seconds, -viewing unified, up-to-date connections and policies between all users, groups, and computing resources. +Teleport Policy will streamline and centralize access management across your entire infrastructure. Teleport Policy with Access Graph provides a visual representation of the relationships between users, roles, and resources in your organization. It can help you answer questions like: From d8c97ba26c2f89cbc8cf612401c247df1d0d8f94 Mon Sep 17 00:00:00 2001 From: "marie.mcallister" Date: Thu, 30 May 2024 11:22:38 -0700 Subject: [PATCH 07/11] tag policy revisions - draft --- docs/config.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/config.json b/docs/config.json index c0195b5251b5d..187ef35ab366f 100644 --- a/docs/config.json +++ b/docs/config.json @@ -651,21 +651,21 @@ ] }, { - "title": "Access Graph", + "title": "Teleport Policy", "slug": "/access-controls/access-graph/", "forScopes": [ "enterprise" ], "entries": [ { - "title": "TAG for Self-Hosted Clusters", + "title": "Teleport Policy for Self-Hosted Clusters", "slug": "/access-controls/access-graph/self-hosted/", "forScopes": [ "enterprise" ] }, { - "title": "TAG for Self-Hosted Clusters with Helm", + "title": "Teleport Policy for Self-Hosted Clusters with Helm", "slug": "/access-controls/access-graph/self-hosted-helm/", "forScopes": [ "enterprise" From 226c5e680dfa6978b17d9d942d3d19789a7620cb Mon Sep 17 00:00:00 2001 From: "M.C.M" Date: Thu, 30 May 2024 16:06:59 -0700 Subject: [PATCH 08/11] Update docs/pages/access-controls/access-graph/aws-sync.mdx Co-authored-by: Paul Gottschling --- docs/pages/access-controls/access-graph/aws-sync.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/access-controls/access-graph/aws-sync.mdx b/docs/pages/access-controls/access-graph/aws-sync.mdx index 128eff995bd4e..1da1638ddbb41 100644 --- a/docs/pages/access-controls/access-graph/aws-sync.mdx +++ b/docs/pages/access-controls/access-graph/aws-sync.mdx @@ -3,7 +3,7 @@ title: Discover AWS Access Patterns with Teleport Policy description: Describes how to import and visualize AWS accounts access patterns using Teleport Policy and Access Graph. --- -Teleport Policy will streamline and centralize access management across your entire infrastructure. You can view access relationships in seconds, +Teleport Policy streamlines and centralizes access management across your entire infrastructure. You can view access relationships in seconds, viewing unified, up-to-date relationships and policies between all users, groups, and computing resources. Teleport Policy with Access Graph offers insights into access patterns within your AWS account. By scanning IAM From 9d672658dd3cf718e7bc48ff35c90e0875bd452d Mon Sep 17 00:00:00 2001 From: "M.C.M" Date: Thu, 30 May 2024 16:07:16 -0700 Subject: [PATCH 09/11] Update docs/pages/access-controls/access-graph.mdx Co-authored-by: Paul Gottschling --- docs/pages/access-controls/access-graph.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/access-controls/access-graph.mdx b/docs/pages/access-controls/access-graph.mdx index 39d6c534fc6ca..7155c6e860f87 100644 --- a/docs/pages/access-controls/access-graph.mdx +++ b/docs/pages/access-controls/access-graph.mdx @@ -3,7 +3,7 @@ title: Teleport Policy description: A reference for Access Graph with Teleport Policy. --- -Teleport Policy will streamline and centralize access management across your entire infrastructure. +Teleport Policy streamlines and centralizes access management across your entire infrastructure. Teleport Policy with Access Graph provides a visual representation of the relationships between users, roles, and resources in your organization. It can help you answer questions like: From 2db7247e19d8961ec43a3bdb6d690ea8d5442cad Mon Sep 17 00:00:00 2001 From: "M.C.M" Date: Thu, 30 May 2024 16:07:36 -0700 Subject: [PATCH 10/11] Update docs/pages/access-controls/access-graph/aws-sync.mdx Co-authored-by: Paul Gottschling --- docs/pages/access-controls/access-graph/aws-sync.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/access-controls/access-graph/aws-sync.mdx b/docs/pages/access-controls/access-graph/aws-sync.mdx index 1da1638ddbb41..70eb029f6493c 100644 --- a/docs/pages/access-controls/access-graph/aws-sync.mdx +++ b/docs/pages/access-controls/access-graph/aws-sync.mdx @@ -75,7 +75,7 @@ from Teleport Auth Service and Discovery Service. -If you have a Teleport Enterprise cluster, you can disregard +If you have a managed Teleport Enterprise cluster, you can disregard this step, as Teleport Enterprise already operates a properly configured Discovery Service within your cluster. From b76a60fb0e07219248bb53b8bb3ab6557c0db9c3 Mon Sep 17 00:00:00 2001 From: "M.C.M" Date: Thu, 30 May 2024 16:07:47 -0700 Subject: [PATCH 11/11] Update docs/pages/access-controls/access-graph/aws-sync.mdx Co-authored-by: Paul Gottschling --- docs/pages/access-controls/access-graph/aws-sync.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/access-controls/access-graph/aws-sync.mdx b/docs/pages/access-controls/access-graph/aws-sync.mdx index 70eb029f6493c..20eb34d8a9329 100644 --- a/docs/pages/access-controls/access-graph/aws-sync.mdx +++ b/docs/pages/access-controls/access-graph/aws-sync.mdx @@ -76,7 +76,7 @@ from Teleport Auth Service and Discovery Service. If you have a managed Teleport Enterprise cluster, you can disregard -this step, as Teleport Enterprise already operates a properly configured +this step, as managed Teleport Enterprise already operates a properly configured Discovery Service within your cluster.