webvictim
commented
2 years ago The underlying issue is also detailed here: https://github.com/gravitational/teleport/issues/14599
Open campanamarco opened 2 years ago
webvictim
commented
2 years ago The underlying issue is also detailed here: https://github.com/gravitational/teleport/issues/14599
What would you like Teleport to do? Provide the the ability to decide whether the tag retrieval service uses IMDS or API to enable https://goteleport.com/docs/setup/guides/ec2-tags/ to pull only selected tags from AWS. Similar to Hashicorp Boundary Functionality: https://learn.hashicorp.com/tutorials/boundary/aws-host-catalogs?in=boundary/configuration Github: https://github.com/hashicorp/boundary-plugin-host-aws
What problem does this solve? Currently, you can't enable tags in IMDS metadata when you have a tag like "Patch Group", but you can retrieve that tag when using the API method instead. Amazon has a limitation that says that you can not enable the metadata tags service, if you have tags that have the forward slash and spaces, its forbidden. Prospective customers have requested this capability to maintain SSM patching workflows, but still link EC2 tags to Teleport.
If a workaround exists, please include it.