Update AWS CLI application access docs ref

gravitational · Oct 15, 2021 · 5ff7f07 · 5ff7f07
1 parent 2785559
commit 5ff7f07
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/docs/pages/application-access/guides/aws-console.mdx b/docs/pages/application-access/guides/aws-console.mdx
@@ -15,6 +15,7 @@ This guide will explain how to:
 - Setup example AWS IAM Read Only and Power User roles.
 - Use Teleport's role-based access control with AWS IAM roles.
 - View Teleport users' AWS console activity in CloudTrail.
+- AWS command line tool [Installing the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)
 
 ## Prerequisites
 
@@ -244,6 +245,26 @@ username which you can search for to get the events history:
 
 ![CloudTrail](../../../img/application-access/cloud-trail.png)
 
+## Accessing AWS resource using tsh aws cli command
+
+First, you need to log-in into the previously configured AWS console app:
+
+```code
+tsh app login --aws-role ExamplePowerUser awsconsole
+Logged into AWS app awsconsole. Example AWS cli command:
+
+tsh aws s3 ls
+```
+
+The `--aws-role` allows specifying the user role that will be used during accessing AWS API. You can either
+provide only a role name like `--aws-role ExamplePowerUser` or full AWS IAM role ARN `arn:aws:iam::1234567890:role/ExamplePowerUser`
+
+Now you can use the `tsh aws` command like the native `aws` command-line tool:
+
+```code
+tsh aws s3 ls
+```
+
 ## Next steps
 
 - Take a closer look at [role-based access controls](../controls.mdx).