Open
Description
Currently if the AWS_REGION is not set registration with auth will fail because Auth cannot communicate with IMDS. For example:
INFO [AUTH] Attempting to register Bot with IAM method using regional STS endpoint auth/register.go:623
INFO [AUTH] Failed to register Bot using regional STS endpoint error:[
ERROR REPORT:
Original Error: *trace.NotFoundError IMDS is unavailable
Stack Trace:
github.com/gravitational/teleport/lib/auth/join_iam.go:512 github.com/gravitational/teleport/lib/auth.getEC2LocalRegion
github.com/gravitational/teleport/lib/auth/join_iam.go:474 github.com/gravitational/teleport/lib/auth.newSTSClient
github.com/gravitational/teleport/lib/auth/join_iam.go:433 github.com/gravitational/teleport/lib/auth.createSignedSTSIdentityRequest
github.com/gravitational/teleport/lib/auth/register.go:627 github.com/gravitational/teleport/lib/auth.registerUsingIAMMethod.func1
github.com/gravitational/teleport/api@v0.0.0/client/joinservice.go:75 github.com/gravitational/teleport/api/client.(*JoinServiceClient).RegisterUsingIAMMethod
github.com/gravitational/teleport/lib/auth/register.go:625 github.com/gravitational/teleport/lib/auth.registerUsingIAMMethod
github.com/gravitational/teleport/lib/auth/register.go:321 github.com/gravitational/teleport/lib/auth.registerThroughProxy
github.com/gravitational/teleport/lib/auth/register.go:278 github.com/gravitational/teleport/lib/auth.Register
github.com/gravitational/teleport/lib/tbot/renew.go:535 github.com/gravitational/teleport/lib/tbot.(*Bot).getIdentityFromToken
github.com/gravitational/teleport/lib/tbot/tbot.go:409 github.com/gravitational/teleport/lib/tbot.(*Bot).initialize
github.com/gravitational/teleport/lib/tbot/tbot.go:234 github.com/gravitational/teleport/lib/tbot.(*Bot).Run
github.com/gravitational/teleport/tool/tbot/main.go:288 main.onStart
github.com/gravitational/teleport/tool/tbot/main.go:171 main.Run
github.com/gravitational/teleport/tool/tbot/main.go:50 main.main
runtime/proc.go:250 runtime.main
runtime/asm_amd64.s:1598 runtime.goexit
User Message: failed to resolve local AWS region from environment or IMDS
IMDS is unavailable] auth/register.go:652
INFO [AUTH] Attempting registration with auth server. auth/register.go:277
[31mERROR: [0mfailed to resolve local AWS region from environment or IMDS
IMDS is unavailable, rpc error: code = Unknown desc = unexpected HTTP status code received from server: 302 (Found); malformed header: missing HTTP content-typeIf the region is not set and certain* conditions are met, Teleport should detect a failure on the regional endpoint and fallback to using the global endpoint.
- There is no global endpoint for FIPS so this cannot be done when Teleport is running in FIPS mode.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment