Can't connect to DB with Teleport Consistently #46101
Replies: 2 comments 1 reply
-
I have a feeling IAM doesn't allow the use of wildcards in place of the cluster ID (the Teleport does create and manage its own role to specifically allow databases for this reason. If you apply the policy using a specific cluster ID rather than a wildcard, wait a couple of minutes and then test that specific database via Teleport, does it work? If not, what's in the logs on your Teleport |
Beta Was this translation helpful? Give feedback.
-
Found the issue. Previous engineer created the teleport user on each instance with the required role but it seems it was removed. Created the user with the required permission and it worked. |
Beta Was this translation helpful? Give feedback.
-
So my DBs have been set up and discovered by teleport config here
I have had mixed success connecting to the db by teleport (like 2 in 50+ attempts)
The iam role for teleport is here
Our dbs are created via terraform and doesn't have IAM authentication enabled
either way I get 👇🏽 this
and yes
rds-iam
role is assigned to teleport, even the superadmin role is assigned to it tooI created a test db and enabled IAM authentication but got the same error
The 2 times I was able to connect, the logs and sessions showed up and were uploaded to s3 but didn't show up in the session recordings tab on the UI; teleport config is here but I use
node-sync
nowA question on the side, does teleport adds it own policy to the iam role? when creating my test db, this policy was removed since it wasn't in my code.
Beta Was this translation helpful? Give feedback.
All reactions