Locking a role which grants access to an AWS ARN should revoke active AWS sessions spawned using that role #51178
Labels
application-access
aws
Used for AWS Related Issues.
bug
sales-onboarding
Issues related to prospects
unlocks-potential
Unlocks previously undocumented product potential
ux
Comments
webvictim
added
application-access
aws
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Somewhat debatable whether this is a bug or a feature request - we can go with bug for now (as I think it's unexpected behaviour in context) and change if needed.
Expected behavior
Locking a role which grants access to AWS ARN(s) should revoke/terminate active Teleport-initiated sessions which are using that ARN.
Current behavior
Locking a role which grants access to AWS ARN(s) only prevents future sessions from being spawned and does not revoke any active STS tokens for the ARN that Teleport has issued.
Bug details:
The text was updated successfully, but these errors were encountered: