Workload ID: Guide for AWS JWT OIDC Federation #47581
Conversation
strideynet
added
no-changelog
|
🤖 Vercel preview here: https://docs-coer8t49i-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-pnfdqnbup-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-a5otiigax-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-olfl4op6y-goteleport.vercel.app/docs/ver/preview |
github-actions
bot
requested review from
mmcallister,
ptgott,
r0mant,
xinding33 and
zmb3
docs/pages/enroll-resources/workload-identity/aws-oidc-federation.mdx
Outdated
Show resolved
Hide resolved
docs/pages/enroll-resources/workload-identity/aws-oidc-federation.mdx
Outdated
Show resolved
Hide resolved
| This implementation differs from using the Teleport Application Service to protect | ||
| AWS APIs in a few ways: | ||
|
|
||
| - Requests to AWS are not proxied through the Teleport Proxy Service, meaning | ||
| reduced latency but also less visibility, as these requests will not be | ||
| recorded in Teleport's audit log. | ||
| - Workload Identity works with any AWS client, including the command-line tool | ||
| but also their SDKs. | ||
| - Using the Teleport Application Service to access AWS does not work with Machine | ||
| ID and therefore cannot be used when a machine needs to authenticate with AWS. |
There was a problem hiding this comment.
I think it would make sense to move this text to the Workload Identity introduction to reduce the length of the non-instructional text in this guide. It's also not specific to the setup shown in this guide. We can then move the "OIDC Federation vs Roles Anywhere" text into this section.
There was a problem hiding this comment.
I feel like this is specific to the setup shown in this guide, since it helps you realise if you should actually be following the "authenticating to AWS services using Workload Identity with certificates" guide instead.
docs/pages/enroll-resources/workload-identity/aws-oidc-federation.mdx
Outdated
Show resolved
Hide resolved
docs/pages/enroll-resources/workload-identity/aws-oidc-federation.mdx
Outdated
Show resolved
Hide resolved
docs/pages/enroll-resources/workload-identity/aws-oidc-federation.mdx
Outdated
Show resolved
Hide resolved
…ion.mdx Co-authored-by: Paul Gottschling <[email protected]>
|
🤖 Vercel preview here: https://docs-rh2au819o-goteleport.vercel.app/docs/ver/preview |
…ion.mdx Co-authored-by: Paul Gottschling <[email protected]>
|
🤖 Vercel preview here: https://docs-iabc48w1r-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-cjzn6zlqc-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-gku7hx2gj-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-10ckcezey-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-1soq3tpgl-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-ic5ad1f73-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-1adeqxp9v-goteleport.vercel.app/docs/ver/preview |
public-teleport-github-review-bot
bot
removed request for
r0mant,
mmcallister,
zmb3 and
xinding33
|
@strideynet See the table below for backport results.
|
Add a guide similar to the GCP one, with the steps needed to use Teleport Workload Identity to authenticate with AWS with JWT SVIDs.