Open Tener opened 1 year ago
cc @smallinsky @GavinFrazar
@Tener Thanks for finding this.
I think that this is not per se test plan regression but rather a bug because the scenario where a user doesn't have any default AWS local profile configured in this env.
A workaround for this is to use --no-sign-request
. We could support a credential check, but that will take some extra work since the db local proxy is plain tcp currently
Expected behavior:
When following https://goteleport.com/docs/database-access/guides/aws-dynamodb/, accessing
dynamodb
should work without extra configuration. For example to list tables:tsh proxy db --tunnel --port 8000 mydynamo --db-user=MyRole
aws --endpoint-url http://localhost:8000/ dynamodb list-tables
Current behavior:
Dummy credentials and a real region must be configured.
Dummy credentials satisfy the check and are not checked by the proxy.
At a minimum, we should update the guide with instructions: https://goteleport.com/docs/database-access/guides/aws-dynamodb/.
Ideally, we would secure the proxy with custom credentials, the same as in app access:
Related issues: