AddMetadataLabels adds the AccountID and Region as labels.

AuroraMySQLVersion extracts aurora mysql version from engine version.

ConvertIAMError converts common errors from IAM clients to trace errors.

ConvertRequestFailureError converts AWS SDK v2 errors to trace errors.

EC2DiscoverySSMDocument receives the proxy address and returns an SSM Document.

GetIdentityWithClient determines AWS identity of this Teleport process using the provided STS API client.

IdentityFromArn returns an `Identity` interface based on the provided ARN.

IsDBClusterAvailable checks if the RDS or DocumentDB cluster is available.

IsDocumentDBClusterSupported checks whether IAM authentication is supported for this DocumentDB cluster.

IsElastiCacheClusterAvailable checks if the ElastiCache cluster is available.

IsElastiCacheClusterSupported checks whether the ElastiCache cluster is supported.

IsMemoryDBClusterAvailable checks if the MemoryDB cluster is available.

IsMemoryDBClusterSupported checks whether the MemoryDB cluster is supported.

IsOpenSearchDomainAvailable checks if the OpenSearch domain is available.

IsRDSClusterSupported checks whether the Aurora cluster is supported.

IsRDSInstanceAvailable checks if the RDS instance is available.

IsRDSInstanceSupported returns true if database supports IAM authentication.

IsRDSProxyAvailable checks if the RDS Proxy is available.

IsRDSProxyCustomEndpointAvailable checks if the RDS Proxy custom endpoint is available.

IsRedshiftClusterAvailable checks if the Redshift cluster is available.

IsResourceAvailable checks if the input status indicates the resource is available for use.

IsTagValueTrue checks whether a tag value is true.

NewPolicies creates new instance of Policies using the provided identity, partitionID and IAM client.

NewPolicy returns a new AWS IAM Policy.

NewPolicyDocument returns new empty AWS IAM policy document.

ParsePolicyDocument returns parsed AWS IAM policy document.

PolicyDocumentForExternalAuditStorage returns a PolicyDocument with the necessary IAM permissions for the External Audit Storage feature.

StatementAccessGraphAWSSync returns the statement that allows configuring the AWS Sync feature.

StatementForAWSAppAccess returns the statement that allows AWS App Access.

StatementForAWSIdentityCenterAccess returns AWS IAM policy statement that grants permissions required for Teleport identity center client.

StatementForAWSOIDCRoleTrustRelationship returns the Trust Relationship to allow the OpenID Connect Provider set up during the AWS OIDC Onboarding to assume this Role.

StatementForEC2InstanceConnectEndpoint returns the statement that allows the flow for accessing an EC2 instance using its private IP, using EC2 Instance Connect Endpoint.

StatementForEC2SSMAutoDiscover returns the required statement to enable EC2 Auto Discover using SSM.

StatementForECSManageService returns the statement that allows managing the ECS Service deployed by DeployService (AWS OIDC Integration).

StatementForECSTaskRoleTrustRelationships returns the Trust Relationship to allow the ECS Tasks service to.

StatementForEKSAccess returns the statement that allows enrolling of EKS clusters into Teleport.

StatementForIAMPassRole returns a statement that allows to iam:PassRole the target role.

StatementForListRDSDatabases returns the statement that allows listing RDS DB Clusters and Instances.

StatementForRDSDBConnect returns a statement that allows the `rds-db:connect` for all RDS DBs.

StatementForRDSMetadata returns a statement that allows describing RDS instances and clusters for metadata import, as in monitoring AWS tags and whether IAM auth is enabled.

StatementForS3BucketPublicRead returns the statement that allows public/anonynous access to s3 bucket/prefix objects.

StatementForWritingLogs returns the statement that allows the writing logs to CloudWatch.

TagsToLabels converts a list of AWS resource tags to a label map.

WithInsecureSkipInstallPathRandomization returns an option func that sets the InsecureSkipInstallPathRandomization option.

EffectAllow is the Allow IAM policy effect.

EffectDeny is the Deny IAM policy effect.

PolicyVersion is default IAM policy version.

ResourceTypeAssumedRole is the resource type for an AWS IAM assumed role.

ResourceTypeRole is the resource type for an AWS IAM role.

ResourceTypeUser is the resource type for an AWS IAM user.

TagKeyTeleportCluster defines a tag key that specifies the Teleport cluster that created the resource.

TagKeyTeleportCreated defines a tag key that indicates that the cloud resource is created by Teleport.

TagKeyTeleportManaged defines a tag key that indicates that the cloud resource is being managed by Teleport.

TagValueTrue is the tag value "true" in string format.

EC2DiscoverySSMDocumentSteps is the list of Steps defined in the default SSM Document for Teleport Discovery.

EC2DiscoverySSMDocumentOptions are options for generating the EC2 SSM discovery document.

ExternalAuditStoragePolicyConfig holds options for the External Audit Storage IAM policy.

Policy represents an AWS IAM policy.

PolicyDocument represents a parsed AWS IAM policy document.

Role represents an AWS IAM role identity.

Statement is a single AWS IAM policy statement.

Unknown represents an unknown/unsupported AWS IAM identity.

User represents an AWS IAM user identity.

IAMClient describes the methods required to manage AWS IAM policies.

Identity represents an AWS IAM identity such as user or role.

Policies set of IAM Policy helper functions defined as an interface to make easier for other packages to mock and test with it.

ResourceTag is a generic interface that represents an AWS resource tag.

Conditions is a list of conditions that must be satisfied for an action to be allowed.

SliceOrString defines a type that can be either a single string or a slice.

StringOrMap defines a type that can be either a single string or a map.