From 4382d41dbcbe56b21783e48d68af2bb186d4cfac Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Fri, 28 Jun 2024 08:30:53 -0400 Subject: [PATCH 1/2] docs: include sts.amazonaws.com in troubleshooting --- docs/pages/application-access/cloud-apis/aws-console.mdx | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/pages/application-access/cloud-apis/aws-console.mdx b/docs/pages/application-access/cloud-apis/aws-console.mdx index 849f6145d77ce..3c24e3e77071c 100644 --- a/docs/pages/application-access/cloud-apis/aws-console.mdx +++ b/docs/pages/application-access/cloud-apis/aws-console.mdx @@ -672,10 +672,11 @@ username which you can search for to get the events history: Read this section if you run into issues while following this guide. -### `Internal Server Error` +### `Internal Server Error` or fails to connect in Web UI When visiting the AWS Management Console from the Teleport Web UI, you may see -an `InternalServer Error` message instead of the AWS Management Console. +an `InternalServer Error` message or other connection issues instead of the +AWS Management Console. If this happens, check the Teleport Application Service logs: @@ -702,6 +703,10 @@ $ kubectl -n teleport-agent logs statefulset/teleport-kube-agent If the Teleport Application Service encounters an error sending a request to the AWS API, the logs will show the error message stack trace. +Within the logs you may see a failure connection regarding `sts.amazonaws.com:443`. +The Teleport Application Service requires connecting to `https://sts.amazonaws.com` to +create an authorized AWS console session. + ### The Application Service is not authorized to assume a role If the Teleport Application Service fails to assume the `ExampleReadOnlyAccess` From 36670db9ab38df16b79be0656885b8becdb5b316 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Fri, 28 Jun 2024 11:39:45 -0400 Subject: [PATCH 2/2] docs: update verbiage on connection failure --- docs/pages/application-access/cloud-apis/aws-console.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/pages/application-access/cloud-apis/aws-console.mdx b/docs/pages/application-access/cloud-apis/aws-console.mdx index 3c24e3e77071c..e7ae3b22e6521 100644 --- a/docs/pages/application-access/cloud-apis/aws-console.mdx +++ b/docs/pages/application-access/cloud-apis/aws-console.mdx @@ -703,9 +703,9 @@ $ kubectl -n teleport-agent logs statefulset/teleport-kube-agent If the Teleport Application Service encounters an error sending a request to the AWS API, the logs will show the error message stack trace. -Within the logs you may see a failure connection regarding `sts.amazonaws.com:443`. -The Teleport Application Service requires connecting to `https://sts.amazonaws.com` to -create an authorized AWS console session. +Within the logs you may see a connection failure such as a i/o timeout +regarding `sts.amazonaws.com:443`. The Teleport Application Service requires +connecting to `https://sts.amazonaws.com` to create an authorized AWS console session. ### The Application Service is not authorized to assume a role