EKS Discovery auto-enroll flow assumes user knowledge

[stevenGravy]

Expected behavior:

Teleport would provide more of a guided exp:

• Create a token to use
• Provide any information on required tools
• Show how to install Teleport or create a ECS discovery service

This might be the first time a user goes to enroll a resource in Teleport. Assuming they can do all this can be too much.

Current behavior:

The all enroll for EKS requires a user to have tctl available. There is no pre-req or info where to get tctl This also assume a user knows how to install Teleport. There is no pre-req to having a Linux machine or how to install Teleport on that machine.

Bug details:

• Teleport version: 15.3.1
• Recreation steps

1. Enroll EKS in Access Mgmt
2. Go to Enroll EKS Cluster step

[webvictim]

The UI also doesn't tell you that you need to add an IAM role to the instance running the discovery_service, which is step 1 in the EKS auto-discovery docs: https://goteleport.com/docs/auto-discovery/kubernetes/aws/#step-13-set-up-aws-iam-credentials

OK, so you don't actually need an IAM role on your discovery service when you're using an AWS integration. This is because EKS auto-discovery and EKS auto-discovery via Discover are two different things...