Skip to content

AWS IAM Roles Anywhere: ignore sync profile when listing profiles #60250

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

AWS IAM Roles Anywhere: ignore sync profile when listing profiles #60250

wants to merge 1 commit into from

Conversation

marcoandredinis
Copy link
Contributor

@marcoandredinis marcoandredinis commented Oct 15, 2025
edited
Loading

The AWS IAM Roles Anywhere integration syncs Profiles as Teleport AWS Apps.

In order to use the API, Teleport uses a specific Profile which is configured as the Profile Syncer's Profile.
This Profile is only meant to be used by Teleport for syncing profiles, and should not be available as an end-user Profile/Teleport AWS App.

During the Sync set up, we show the user all the available profiles. This listing operation, wrongly, returns the Profile used for the Profile Syncer.

We are showing a Profile that will not be available later on.

This PR changes the listing to only show the profiles that will be synced, removing the Profile used in the Profile Syncer.

Before
image

After
image

@marcoandredinis marcoandredinis added no-changelog Indicates that a PR does not require a changelog entry backport/branch/v18 labels Oct 15, 2025
@marcoandredinis marcoandredinis marked this pull request as ready for review October 15, 2025 09:27
@github-actions github-actions bot requested review from atburke and avatus October 15, 2025 09:27
@marcoandredinis
AWS IAM Roles Anywhere: ignore sync profile when listing profiles
388e1ce 
The AWS IAM Roles Anywhere integration syncs Profiles as Teleport AWS
Apps.

In order to use the API, Teleport uses a specific Profile which is
configured as the Profile Syncer's Profile.
This Profile is only meant to be used by Teleport for syncing profiles,
and should not be available as an end-user Profile/Teleport AWS App.

During the Sync set up, we show the user all the available profiles.
This listing operation, wrongly, returns the Profile used for the
Profile Syncer.

We are showing a Profile that will not be available later on.

This PR changes the listing to only show the profiles that will be
synced, removing the Profile used in the Profile Syncer.
@marcoandredinis marcoandredinis force-pushed the marco/awsra-access/ignore-syncprofile-listprofiles branch from 847c3ce to 388e1ce Compare October 15, 2025 09:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@atburke atburke Awaiting requested review from atburke

@avatus avatus Awaiting requested review from avatus

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

backport/branch/v18 no-changelog Indicates that a PR does not require a changelog entry size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marcoandredinis