Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add a trouble shooting for db auto-user provisioning issue for RDS blue/green deployment #43104

Merged
merged 3 commits into from
Jun 19, 2024
Merged

add a trouble shooting for db auto-user provisioning issue for RDS blue/green deployment #43104

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
13430e3
add a trouble shooting for db auto-user provisioning issue for RDS bl…
greedy52 Jun 17, 2024
54d09e8
fix link
greedy52 Jun 17, 2024
af8371d
add example for non-discovery db
greedy52 Jun 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1272,7 +1272,7 @@
"slug": "/database-access/auto-user-provisioning/",
"entries": [
{
"title": "AWS Redshift",
"title": "Amazon Redshift",
"slug": "/database-access/auto-user-provisioning/aws-redshift/"
},
{
Expand Down
8 changes: 4 additions & 4 deletions docs/pages/database-access/auto-user-provisioning.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ description: Configure automatic user provisioning for databases.
(!docs/pages/includes/database-access/auto-user-provisioning/intro.mdx!)

Currently, automatic user provisioning is supported for the following databases:
- [PostgreSQL databases (self-hosted and AWS RDS)](./auto-user-provisioning/postgres.mdx)
- [MySQL databases (self-hosted and AWS RDS)](./auto-user-provisioning/mysql.mdx)
- [MariaDB databases (self-hosted and AWS RDS)](./auto-user-provisioning/mariadb.mdx)
- [AWS Redshift databases](./auto-user-provisioning/aws-redshift.mdx)
- [PostgreSQL databases (self-hosted and Amazon RDS)](./auto-user-provisioning/postgres.mdx)
- [MySQL databases (self-hosted and Amazon RDS)](./auto-user-provisioning/mysql.mdx)
- [MariaDB databases (self-hosted and Amazon RDS)](./auto-user-provisioning/mariadb.mdx)
- [Amazon Redshift databases](./auto-user-provisioning/aws-redshift.mdx)
- [MongoDB databases (self-hosted)](./auto-user-provisioning/mongodb.mdx)


Expand Down
6 changes: 3 additions & 3 deletions docs/pages/database-access/auto-user-provisioning/aws-redshift.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
---
title: AWS Redshift Automatic User Provisioning
description: Configure automatic user provisioning for AWS Redshift.
title: Amazon Redshift Automatic User Provisioning
description: Configure automatic user provisioning for Amazon Redshift.
---

(!docs/pages/includes/database-access/auto-user-provisioning/intro.mdx!)

## Prerequisites

- Teleport cluster v14.1.3 or higher with a configured [AWS
- Teleport cluster v14.1.3 or higher with a configured [Amazon
Redshift](../enroll-aws-databases/postgres-redshift.mdx) database.
- Ability to connect to and create user accounts in the target database.

Expand Down
2 changes: 1 addition & 1 deletion docs/pages/database-access/auto-user-provisioning/mysql.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ ERROR 1105 (HY000): ERROR 1044 (42000): Access denied for user '<your-teleport-u

### Table is read only error

You may encounter the following error when connecting to an AWS RDS Aurora
You may encounter the following error when connecting to an Amazon RDS Aurora
reader endpoint:
```shell
$ tsh db connect --db-name <database> example
Expand Down
24 changes: 23 additions & 1 deletion docs/pages/database-access/auto-user-provisioning/postgres.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ GRANT CONNECT ON DATABASE <database> to "reader";

### Cannot execute in a read-only transaction error

You may encounter the following error when connecting to an AWS RDS Aurora
You may encounter the following error when connecting to an Amazon RDS Aurora
reader endpoint:
```shell
$ tsh db connect --db-name <database> example
Expand Down Expand Up @@ -247,6 +247,28 @@ GRANT rds_iam TO "teleport-admin" WITH ADMIN OPTION;

(!docs/pages/includes/database-access/psql-ssl-syscall-error.mdx!)

### Amazon RDS Blue/Green deployment enters a state of "Replication degraded"

Amazon RDS Blue/Green deployment may enter a state of "Replication degraded"
when auto-user provisioning is used to connect to the database.

This occurs due to a [limitation in PostgreSQL logical
replication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments-overview.html#blue-green-deployments-limitations-postgres)
for Blue/Green deployments as Data Definition Language (DDL) statements cannot
be replicated. Consequently, Amazon RDS will enter the "Replication degraded"
state when a DDL change is detected.

It is recommended to disable database auto-user provisioning before starting
the Blue/Green deployment.

If the database is auto-discovered by Teleport, you can temporarily remove the
`teleport.dev/db-admin` AWS resource tag. For a database registered using
either static config or a dynamic `db` resource, you can temporarily remove the
`admin_user` setting.

Once auto-user provisioning is disabled, you can still connect as the database
admin user through Teleport.

## Next steps

- Connect using your [GUI database
Expand Down
Loading