Teleport S3 storage backend

Hi,

I have several questions concerning the s3 storage backend feature for session recordings.

The config part looks like that:

teleport:
  storage:
    access_key: mykey
    audit_sessions_uri: s3://s3.eu-central-1.amazonaws.com/t000-teleport
    region: eu-central-1
    secret_key: mysecretkey
  1. The setting results in an error:
INFO [S3]        Setting up bucket "s3.eu-central-1.amazonaws.com", sessions path "/t000-teleport" in region "eu-central-1". s3sessions/s3handler.go:92
error: "Forbidden: Forbidden\n\tstatus code: 403, request id: 0EB..., host id: PeQO2..., initialization failed"

However, the credentials can be used to successfully create buckets on AWS if I use them with the golang SDK directly. Is there something wrong?

  1. How is it possible to use a third party s3 storage? Or is AWS the only option?

Best regards

Ok, I have resolved the first question, the uri expects only the name of the bucket, like that:

    audit_sessions_uri: s3://t000-teleport

But the second question with third party s3 remains.

Cheers

Sorry for the late response! Third party S3 would be easy to add assuming it is fully S3 compatible with the AWS API, however we need to apply a couple of patches!

Hi Sasha,

no problem :slight_smile:

In fact I am using the same go sdk as you do for talking to the other s3 storage provider, I would conclude they are fully compatible. Do you have some process in place for these kind of changes?

Best regards
Benjamin

Yes, Please create a github ticket with a proposed changeset, including configuration parameters. We will discuss it there, and then you can send us PR.