Event Exporter guides for Machine ID configure RBAC incorrectly #41690

strideynet · 2024-05-17T08:33:41Z

Applies To

https://goteleport.com/docs/management/export-audit-events/splunk/
https://goteleport.com/docs/management/export-audit-events/fluentd/
https://goteleport.com/docs/management/export-audit-events/datadog/
https://goteleport.com/docs/management/export-audit-events/elastic-stack/

Details

Enable impersonation of the Fluentd plugin user

...
If you are using Machine ID to provide short-lived credentials to the Event Handler, add this role to the Machine ID bot user. Otherwise, add this role to the user that generates signed credentials for the Event Handler:

This describes giving the teleport-event-handler-impersonator role to the Bot, this is incorrect. Instead, the teleport-event-handler role should be directly given to the Bot, the intermediary -impersonator role breaks the configuration. The intermediary -impersonator role and user do not need to be created at all.

e.g from v15 you can run

tctl bots update my-bot --add-roles teleport-event-handler

How will we know this is resolved?

When these guides can be followed using Machine ID and work.

Related Issues

The text was updated successfully, but these errors were encountered:

strideynet added documentation machine-id labels May 17, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Event Exporter guides for Machine ID configure RBAC incorrectly #41690

Event Exporter guides for Machine ID configure RBAC incorrectly #41690

strideynet commented May 17, 2024 •

edited

Enable impersonation of the Fluentd plugin user

Event Exporter guides for Machine ID configure RBAC incorrectly #41690

Event Exporter guides for Machine ID configure RBAC incorrectly #41690

Comments

strideynet commented May 17, 2024 • edited

Applies To

Details

Enable impersonation of the Fluentd plugin user

How will we know this is resolved?

Related Issues

strideynet commented May 17, 2024 •

edited