Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS audit event shown in Web UI is not accurate #45603

Open
greedy52 opened this issue Aug 19, 2024 · 0 comments · May be fixed by #45715
Open

AWS audit event shown in Web UI is not accurate #45603

greedy52 opened this issue Aug 19, 2024 · 0 comments · May be fixed by #45715
Assignees
@greedy52
Labels
application-access audit-log Issues related to Teleports Audit Log aws Used for AWS Related Issues. bug ux

Comments

@greedy52
Copy link
Contributor

greedy52 commented Aug 19, 2024
edited
Loading

Current behavior:

  1. Web UI presents the event as user has connected to AWS console, which may not be correct. user maybe just using tsh aws
  2. Access to AWS Web console through a trusted cluster on WebUI does not leave an audit event on leaf cluster
  3. Hashed role session name is not being recorded in audit events.

For #1
Screenshot 2024-08-19 at 2 46 09 PM

For #2, the app session event is only on root
Screenshot 2024-08-19 at 2 42 40 PM

Expected behavior:

  1. The app session start can be generic to app access. AWS Web Console can have a separate audit event (similar to App Session Chunk)
  2. The Web Console event should be recorded in leaf cluster
  3. aws_role_session_name should be added to both AWS Web Console event, and App Session Chunk

Bug details:

  • Teleport version: v16
  • Recreation steps: root cluster with a long username, access AWS app in leaf cluster through both WebUI and tsh
@greedy52 greedy52 added bug ux audit-log Issues related to Teleports Audit Log application-access labels Aug 19, 2024
@greedy52 greedy52 self-assigned this Aug 19, 2024
This was referenced Aug 19, 2024
Merged
Open
@zmb3 zmb3 added the aws Used for AWS Related Issues. label Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@greedy52 greedy52

Labels
application-access audit-log Issues related to Teleports Audit Log aws Used for AWS Related Issues. bug ux
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add a new audit event for AWS console request gravitational/teleport
2 participants
@zmb3 @greedy52