#security (2020-08)
Archive: https://archive.sweetops.com/security/
2020-08-03
attention all teleport users!
it’s the last week to provide input on Teleport. Gravitational is conducting a survey to get a better understanding for what’s working well and how we could improve for Teleport.
They would especially like to hear from Teleport Community / OSS users, and have a specific Question, 19. for feedback on what you think is missing from the community version. The Survey should take around 13min to complete. We’ve a range of swag for people who complete it.
Hm this might scratch an itch we have. What’s the pricing based on?
Number of nodes
and level of support
i recently discovered their release milestones on github… very interested in the “application access proxy” targeted for v5.0… https://github.com/gravitational/teleport/milestones?direction=asc&sort=due_date
I had a chat and demo with them this week, it’s a cool product. Unfortunately we already implemented a ‘close enough’ solution with AWS Session Manager. If we’d found this 6 months ago I could probably have justified the price
Ah rock on! I knew that they had talked about it but didn’t know it was on the roadmap
We use teleport a lot
With the application proxy, it goes from “useful for ssh remote access” to “rocking centralized ingress gateway for zero-trust and multi-account architectures”. Been researching solutions in this space for a couple weeks now and there is very little that is fully self-hosted
yea, agree - this is much needed and very rad. We’ve been stringing together a bunch of tools like keycloak and gatekeeper for the web portion. would love to just use teleport.
we’re using keycloak as an IdP, but gatekeeper has not yet come up… got a link for that one? my google-fu seems… lacking…
its now called luketo as it has been spun out under its own org
sigh
open source life lol
i did find this, it does look like the louketo readme is nearly identical, so assuming keycloak gatekeeper is pulling in louketo under the covers…? https://www.keycloak.org/docs/latest/securing_apps/#_keycloak_generic_adapter
gatekeeper rebranded and moved to luketo organization
then summarily deprecated (kind’a surprised they went through all that effort!)
2020-08-04
@Erik Osterman (Cloud Posse) What’s the integration with RDS that’s planned? Does this happen to cover RDS IAM users?
Which Services can I use Teleport with?
You can use Teleport for all the services that you would SSH into. This guide is focused on EC2. We have a short blog post on using Teleport with EKS. We plan to expand the guide based on feedback but will plan to add instructions for the below.
RDS
Detailed EKS
Lightsail
Fargate
AWS ECS
We’ve only used it with Kubernetes and SSH
Ah may have misunderstood, thought you were involved in the project
Oh no - teleport is just part of our standard package in our consulting engagements
Teleport with RDS? I am intrigued
Its mentioned in the docs with no explanation
You should be able to use port forwarding to get audit logs for RDS access, but no session recordings.
it is an existing feature but have not built out the documentation.
2020-08-05
2020-08-07
2020-08-13
Does someone here know a tool to manage employee database access easily ?
I currently have a terraform snippet ready that might work well enough but I find it hard to review it
I may or not be able to use AWS IAM but I am not sure yet.
I am adding here so that I can follow this thread. Solution we use for this is via AWS opsworks acting as a bastion or jumpbox to dbs
employees needing access tunnel via the bastion — opsworks stores their public keys. can use iam roles there too
this is not my favorite solution and I don’t think I’d carry it again in the future but it is what we are doing
2020-08-17
2020-08-21
sharing here, per recommendation in original thread…