From 02d74d9765f0475d06e856aa03d37d5cc994b36e Mon Sep 17 00:00:00 2001 From: Marco Dinis Date: Tue, 21 May 2024 17:29:38 +0100 Subject: [PATCH] EC2 Auto Discover with SSM: add invocation url to audit log (#41689) This PR adds the invocation URL into the audit log when running the teleport installer script during EC2 Auto Discover. --- lib/srv/server/ssm_install.go | 9 +++++++ lib/srv/server/ssm_install_test.go | 41 +++++++++++++++++------------- 2 files changed, 32 insertions(+), 18 deletions(-) diff --git a/lib/srv/server/ssm_install.go b/lib/srv/server/ssm_install.go index 4ac51d9582d06..7fc9eeb108ea2 100644 --- a/lib/srv/server/ssm_install.go +++ b/lib/srv/server/ssm_install.go @@ -342,6 +342,14 @@ func (si *SSMInstaller) getCommandStepStatusEvent(ctx context.Context, step *str } } + // Format for invocation url: + // https://.console.aws.amazon.com/systems-manager/run-command// + // Example: + // https://eu-west-2.console.aws.amazon.com/systems-manager/run-command/3cb11aaa-11aa-1111-aaaa-2188108225de/i-0775091aa11111111 + invocationURL := fmt.Sprintf("https://%s.console.aws.amazon.com/systems-manager/run-command/%s/%s", + req.Region, aws.StringValue(commandID), aws.StringValue(instanceID), + ) + return &apievents.SSMRun{ Metadata: apievents.Metadata{ Type: libevents.SSMRunEvent, @@ -355,5 +363,6 @@ func (si *SSMInstaller) getCommandStepStatusEvent(ctx context.Context, step *str Status: status, StandardOutput: aws.StringValue(stepResult.StandardOutputContent), StandardError: aws.StringValue(stepResult.StandardErrorContent), + InvocationURL: invocationURL, }, nil } diff --git a/lib/srv/server/ssm_install_test.go b/lib/srv/server/ssm_install_test.go index 84362c9674101..455df9a41f93f 100644 --- a/lib/srv/server/ssm_install_test.go +++ b/lib/srv/server/ssm_install_test.go @@ -131,12 +131,13 @@ func TestSSMInstaller(t *testing.T) { Type: libevent.SSMRunEvent, Code: libevent.SSMRunSuccessCode, }, - CommandID: "command-id-1", - InstanceID: "instance-id-1", - AccountID: "account-id", - Region: "eu-central-1", - ExitCode: 0, - Status: ssm.CommandStatusSuccess, + CommandID: "command-id-1", + InstanceID: "instance-id-1", + AccountID: "account-id", + Region: "eu-central-1", + ExitCode: 0, + Status: ssm.CommandStatusSuccess, + InvocationURL: "https://eu-central-1.console.aws.amazon.com/systems-manager/run-command/command-id-1/instance-id-1", }, }, }, @@ -175,12 +176,13 @@ func TestSSMInstaller(t *testing.T) { Type: libevent.SSMRunEvent, Code: libevent.SSMRunSuccessCode, }, - CommandID: "command-id-1", - InstanceID: "instance-id-1", - AccountID: "account-id", - Region: "eu-central-1", - ExitCode: 0, - Status: ssm.CommandStatusSuccess, + CommandID: "command-id-1", + InstanceID: "instance-id-1", + AccountID: "account-id", + Region: "eu-central-1", + ExitCode: 0, + Status: ssm.CommandStatusSuccess, + InvocationURL: "https://eu-central-1.console.aws.amazon.com/systems-manager/run-command/command-id-1/instance-id-1", }, }, }, @@ -225,6 +227,7 @@ func TestSSMInstaller(t *testing.T) { Status: ssm.CommandStatusFailed, StandardOutput: "", StandardError: "timeout error", + InvocationURL: "https://eu-central-1.console.aws.amazon.com/systems-manager/run-command/command-id-1/instance-id-1", }, }, }, @@ -275,6 +278,7 @@ func TestSSMInstaller(t *testing.T) { Status: ssm.CommandStatusFailed, StandardOutput: "", StandardError: "timeout error", + InvocationURL: "https://eu-central-1.console.aws.amazon.com/systems-manager/run-command/command-id-1/instance-id-1", }, }, }, @@ -335,12 +339,13 @@ func TestSSMInstaller(t *testing.T) { Type: libevent.SSMRunEvent, Code: libevent.SSMRunSuccessCode, }, - CommandID: "command-id-1", - InstanceID: "instance-id-1", - AccountID: "account-id", - Region: "eu-central-1", - ExitCode: 0, - Status: ssm.CommandStatusSuccess, + CommandID: "command-id-1", + InstanceID: "instance-id-1", + AccountID: "account-id", + Region: "eu-central-1", + ExitCode: 0, + Status: ssm.CommandStatusSuccess, + InvocationURL: "https://eu-central-1.console.aws.amazon.com/systems-manager/run-command/command-id-1/instance-id-1", }, &events.SSMRun{ Metadata: events.Metadata{