gravitational · webvictim · May 26, 2021 · May 25, 2021 · May 25, 2021 · May 25, 2021
diff --git a/assets/aws/Makefile b/assets/aws/Makefile
@@ -14,7 +14,7 @@ AWS_REGION ?= us-west-2
 # This must be a _released_ version of Teleport, i.e. one which has binaries
 # available for download on https://gravitational.com/teleport/download
 # Unreleased versions will fail to build.
-TELEPORT_VERSION ?= 6.1.3
+TELEPORT_VERSION ?= 6.2.0
 
 # Teleport UID is the UID of a non-privileged 'teleport' user
 TELEPORT_UID ?= 1007
@@ -71,7 +71,7 @@ oss-ci-build:
 .PHONY: change-amis-to-public-oss
 change-amis-to-public-oss:
 	@echo "Making OSS AMIs public"
-	bash files/make-amis-public.sh oss
+	bash files/make-amis-public.sh oss $(DESTINATION_REGIONS)
 
 # Build local 'debug' AMI
 .PHONY: ent
@@ -99,12 +99,12 @@ ent-ci-build:
 .PHONY: change-amis-to-public-ent
 change-amis-to-public-ent:
 	@echo "Making Enterprise AMIs public"
-	bash files/make-amis-public.sh ent
+	bash files/make-amis-public.sh ent $(DESTINATION_REGIONS)
 
 .PHONY: change-amis-to-public-ent-fips
 change-amis-to-public-ent-fips:
 	@echo "Making FIPS Enterprise AMIs public"
-	bash files/make-amis-public.sh ent-fips
+	bash files/make-amis-public.sh ent-fips $(DESTINATION_REGIONS)
 
 
 # Other helpers

diff --git a/assets/aws/files/make-amis-public.sh b/assets/aws/files/make-amis-public.sh
@@ -1,17 +1,17 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -e
 
-# Define list of regions to run in
-REGION_LIST="us-east-1 us-east-2 us-west-1 us-west-2 ap-south-1 ap-northeast-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 ca-central-1 eu-central-1 eu-west-1 eu-west-2 sa-east-1"
-
-# Exit if oss/ent parameters not provided
-if [[ "$1" == "" ]]; then
-    echo "Usage: $(basename $0) [oss/ent/ent-fips]"
+# Exit if required parameters not provided
+if [[ "$1" == "" ]] || [[ "$2" == "" ]]; then
+    echo "Usage: $(basename $0) [oss/ent/ent-fips] [comma-separated-destination-region-list]"
     exit 1
 else
     RUN_MODE="$1"
+    REGION_LIST="$2"
 fi
 
+# Note: to run this script on MacOS you will need to install coreutils (using Brew), then edit the PATH in your shell's
+# RC file to use coreutils versions first (something like "export PATH=/usr/local/opt/coreutils/libexec/gnubin:$PATH")
 ABSPATH=$(readlink -f "$0")
 SCRIPT_DIR=$(dirname "${ABSPATH}")
 BUILD_DIR=$(readlink -f "${SCRIPT_DIR}/build")
@@ -42,6 +42,7 @@ fi
 BUILD_TIMESTAMP=$(<"${TIMESTAMP_FILE}")
 
 # Iterate through AMIs
+IFS=","
 for REGION in ${REGION_LIST}; do
     AMI_ID=$(aws ec2 describe-images --region ${REGION} --filters "Name=name,Values=${NAME_FILTER}" "Name=tag:BuildTimestamp,Values=${BUILD_TIMESTAMP}" "Name=tag:BuildType,Values=${AMI_TAG}"| jq -r '.Images[0].ImageId')
     if [[ "${AMI_ID}" == "" || "${AMI_ID}" == "null" ]]; then

diff --git a/assets/aws/update-ami-ids.sh b/assets/aws/update-ami-ids.sh
@@ -1,6 +1,12 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -euo pipefail
 
+# Note: to run this script on MacOS you will need to:
+# - install gnu-sed (using Brew), then edit the PATH in your shell's RC file to use the GNU version first
+# -- (something like "export PATH=/usr/local/opt/gnu-sed/libexec/gnubin:$PATH")
+# - install findutils (using Brew), then edit the PATH in your shell's RC file to use the GNU version first
+# -- (something like "export PATH=/usr/local/opt/findutils/libexec/gnubin:$PATH")
+
 # shellcheck disable=SC2086
 usage() { echo "Usage: $(basename $0) [-a <AWS account ID>] [-m <cloudformation/terraform>] [-t <oss/ent/ent-fips>] [-r <comma-separated regions>] [-v version]" 1>&2; exit 1; }
 while getopts ":a:m:t:r:v:" o; do

diff --git a/examples/aws/cloudformation/ent.yaml b/examples/aws/cloudformation/ent.yaml
@@ -97,21 +97,24 @@ Mappings:
     t2.xlarge: {Arch: HVM64}
 
   AWSRegionArch2AMI:
-    # All AMIs from AWS - gravitational-teleport-ami-ent-6.0.2
-    eu-west-1: {HVM64 : ami-0c736c8094289e22a}
-    eu-west-2: {HVM64 : ami-0748e8ecfc3ebb868}
-    us-east-1: {HVM64 : ami-098615f9e05054582}
-    us-east-2: {HVM64 : ami-092d37b152970c523}
-    us-west-2: {HVM64 : ami-09813e1ab7ef9abf2}
-    us-west-1: {HVM64 : ami-064cdbbd893bdda25}
-    ap-south-1: {HVM64 : ami-0aca5db8064997b1a}
-    ap-northeast-2: {HVM64 : ami-0d3934da569981a70}
-    ap-southeast-1: {HVM64 : ami-0723170f168a437f5}
-    ap-southeast-2: {HVM64 : ami-04fe9ecc0bc020b71}
-    ap-northeast-1: {HVM64 : ami-0ef2f3ec65297f8be}
-    ca-central-1: {HVM64 : ami-0f729b2b97644a7de}
-    eu-central-1: {HVM64 : ami-0714fa1e74a8229de}
-    sa-east-1: {HVM64 : ami-02d7217c90d99d0d5}
+    # All AMIs from AWS - gravitational-teleport-ami-ent-6.2.0
+    eu-north-1: {HVM64: ami-05ff5c0be3d4b8da4}
+    ap-south-1: {HVM64 : ami-0e506367fa6bf06ad}
+    eu-west-1: {HVM64 : ami-08ed956d9054124ec}
+    eu-west-2: {HVM64 : ami-0c13fdee73c56a9e5}
+    eu-west-3: {HVM64: ami-087bdce4ab6a2964d}
+    ap-northeast-1: {HVM64 : ami-028f6fc0f6bcc5467}
+    ap-northeast-2: {HVM64 : ami-0257a5282caf5dc8b}
+    ap-northeast-3: {HVM64: ami-0a36f2dfdca83ea7d}
+    sa-east-1: {HVM64 : ami-0db7a0b15f1fec84e}
+    ca-central-1: {HVM64 : ami-026797dc673798718}
+    ap-southeast-1: {HVM64 : ami-0ee78fe8e1d7b0f0b}
+    ap-southeast-2: {HVM64 : ami-012555117300eccf7}
+    eu-central-1: {HVM64 : ami-0a9f8367882508a34}
+    us-east-1: {HVM64 : ami-00a70c0830e3e28be}
+    us-east-2: {HVM64 : ami-0e3636771bd5a9558}
+    us-west-1: {HVM64 : ami-0f0e438f7c80db8aa}
+    us-west-2: {HVM64 : ami-0d4a763166ba78e9e}
 
 Resources:
 # Auth server setup

diff --git a/examples/aws/cloudformation/oss.yaml b/examples/aws/cloudformation/oss.yaml
@@ -97,21 +97,24 @@ Mappings:
     t2.xlarge: {Arch: HVM64}
 
   AWSRegionArch2AMI:
-    # All AMIs from AWS - gravitational-teleport-ami-oss-6.0.2
-    eu-west-1: {HVM64 : ami-01fb303b9d3ed6e6e}
-    eu-west-2: {HVM64 : ami-0fe50b996a5de236e}
-    us-east-1: {HVM64 : ami-03ea11a9030d743f7}
-    us-east-2: {HVM64 : ami-03a6f0406f904f5e0}
-    us-west-2: {HVM64 : ami-0226e43c16ebdc913}
-    us-west-1: {HVM64 : ami-073a0fb5af141ee60}
-    ap-south-1: {HVM64 : ami-05e4c581e8ed1aff1}
-    ap-northeast-2: {HVM64 : ami-01eceef32e28b922a}
-    ap-southeast-1: {HVM64 : ami-0212cce94a761f9fa}
-    ap-southeast-2: {HVM64 : ami-02f7eb20742a2c766}
-    ap-northeast-1: {HVM64 : ami-0535e53234f3af001}
-    ca-central-1: {HVM64 : ami-0848f22c493b90a5d}
-    eu-central-1: {HVM64 : ami-0de583abcab304f4a}
-    sa-east-1: {HVM64 : ami-02219a04cfa8b7a52}
+    # All AMIs from AWS - gravitational-teleport-ami-oss-6.2.0
+    eu-north-1: {HVM64: ami-0eef7480d85b07d78}
+    ap-south-1: {HVM64 : ami-0d6449bf7fc103c8f}
+    eu-west-1: {HVM64 : ami-02030ad502e2e822b}
+    eu-west-2: {HVM64 : ami-023264050aa2a562f}
+    eu-west-3: {HVM64: ami-0211c6e2e821dd249}
+    ap-northeast-1: {HVM64 : ami-0738b06d49be46ab2}
+    ap-northeast-2: {HVM64 : ami-00a439b2218e9cbcd}
+    ap-northeast-3: {HVM64: ami-02bb8618b75d025aa}
+    sa-east-1: {HVM64 : ami-004f6e5a6e2dba915}
+    ca-central-1: {HVM64 : ami-09eda1c3961d66075}
+    ap-southeast-1: {HVM64 : ami-0c22d9c6ae40b1c80}
+    ap-southeast-2: {HVM64 : ami-0fc0d65a14b4b8ae6}
+    eu-central-1: {HVM64 : ami-096b74806fa379c51}
+    us-east-1: {HVM64 : ami-03078e35a35dce03c}
+    us-east-2: {HVM64 : ami-0aa7027f2a2ee0b05}
+    us-west-1: {HVM64 : ami-0644d8fa06ad60960}
+    us-west-2: {HVM64 : ami-02150067a5fef0196}
 
 Resources:
 # Auth server setup

diff --git a/examples/aws/terraform/AMIS.md b/examples/aws/terraform/AMIS.md
@@ -6,56 +6,65 @@ is updated when new AMI versions are released.
 ### OSS
 
 ```
-# ap-south-1 v6.0.2 OSS: ami-05e4c581e8ed1aff1
-# ap-northeast-2 v6.0.2 OSS: ami-01eceef32e28b922a
-# ap-southeast-1 v6.0.2 OSS: ami-0212cce94a761f9fa
-# ap-southeast-2 v6.0.2 OSS: ami-02f7eb20742a2c766
-# ap-northeast-1 v6.0.2 OSS: ami-0535e53234f3af001
-# ca-central-1 v6.0.2 OSS: ami-0848f22c493b90a5d
-# eu-central-1 v6.0.2 OSS: ami-0de583abcab304f4a
-# eu-west-1 v6.0.2 OSS: ami-01fb303b9d3ed6e6e
-# eu-west-2 v6.0.2 OSS: ami-0fe50b996a5de236e
-# sa-east-1 v6.0.2 OSS: ami-02219a04cfa8b7a52
-# us-east-1 v6.0.2 OSS: ami-03ea11a9030d743f7
-# us-east-2 v6.0.2 OSS: ami-03a6f0406f904f5e0
-# us-west-1 v6.0.2 OSS: ami-073a0fb5af141ee60
-# us-west-2 v6.0.2 OSS: ami-0226e43c16ebdc913
+# eu-north-1 v6.2.0 OSS: ami-0eef7480d85b07d78
+# ap-south-1 v6.2.0 OSS: ami-0d6449bf7fc103c8f
+# eu-west-1 v6.2.0 OSS: ami-02030ad502e2e822b
+# eu-west-2 v6.2.0 OSS: ami-023264050aa2a562f
+# eu-west-3 v6.2.0 OSS: ami-0211c6e2e821dd249
+# ap-northeast-1 v6.2.0 OSS: ami-0738b06d49be46ab2
+# ap-northeast-2 v6.2.0 OSS: ami-00a439b2218e9cbcd
+# ap-northeast-3 v6.2.0 OSS: ami-02bb8618b75d025aa
+# sa-east-1 v6.2.0 OSS: ami-004f6e5a6e2dba915
+# ca-central-1 v6.2.0 OSS: ami-09eda1c3961d66075
+# ap-southeast-1 v6.2.0 OSS: ami-0c22d9c6ae40b1c80
+# ap-southeast-2 v6.2.0 OSS: ami-0fc0d65a14b4b8ae6
+# eu-central-1 v6.2.0 OSS: ami-096b74806fa379c51
+# us-east-1 v6.2.0 OSS: ami-03078e35a35dce03c
+# us-east-2 v6.2.0 OSS: ami-0aa7027f2a2ee0b05
+# us-west-1 v6.2.0 OSS: ami-0644d8fa06ad60960
+# us-west-2 v6.2.0 OSS: ami-02150067a5fef0196
 ```
 
 ### Enterprise
 
 ```
-# ap-south-1 v6.0.2 Enterprise: ami-0aca5db8064997b1a
-# ap-northeast-2 v6.0.2 Enterprise: ami-0d3934da569981a70
-# ap-southeast-1 v6.0.2 Enterprise: ami-0723170f168a437f5
-# ap-southeast-2 v6.0.2 Enterprise: ami-04fe9ecc0bc020b71
-# ap-northeast-1 v6.0.2 Enterprise: ami-0ef2f3ec65297f8be
-# ca-central-1 v6.0.2 Enterprise: ami-0f729b2b97644a7de
-# eu-central-1 v6.0.2 Enterprise: ami-0714fa1e74a8229de
-# eu-west-1 v6.0.2 Enterprise: ami-0c736c8094289e22a
-# eu-west-2 v6.0.2 Enterprise: ami-0748e8ecfc3ebb868
-# sa-east-1 v6.0.2 Enterprise: ami-02d7217c90d99d0d5
-# us-east-1 v6.0.2 Enterprise: ami-098615f9e05054582
-# us-east-2 v6.0.2 Enterprise: ami-092d37b152970c523
-# us-west-1 v6.0.2 Enterprise: ami-064cdbbd893bdda25
-# us-west-2 v6.0.2 Enterprise: ami-09813e1ab7ef9abf2
+# eu-north-1 v6.2.0 Enterprise: ami-05ff5c0be3d4b8da4
+# ap-south-1 v6.2.0 Enterprise: ami-0e506367fa6bf06ad
+# eu-west-1 v6.2.0 Enterprise: ami-08ed956d9054124ec
+# eu-west-2 v6.2.0 Enterprise: ami-0c13fdee73c56a9e5
+# eu-west-3 v6.2.0 Enterprise: ami-087bdce4ab6a2964d
+# ap-northeast-1 v6.2.0 Enterprise: ami-028f6fc0f6bcc5467
+# ap-northeast-2 v6.2.0 Enterprise: ami-0257a5282caf5dc8b
+# ap-northeast-3 v6.2.0 Enterprise: ami-0a36f2dfdca83ea7d
+# sa-east-1 v6.2.0 Enterprise: ami-0db7a0b15f1fec84e
+# ca-central-1 v6.2.0 Enterprise: ami-026797dc673798718
+# ap-southeast-1 v6.2.0 Enterprise: ami-0ee78fe8e1d7b0f0b
+# ap-southeast-2 v6.2.0 Enterprise: ami-012555117300eccf7
+# eu-central-1 v6.2.0 Enterprise: ami-0a9f8367882508a34
+# us-east-1 v6.2.0 Enterprise: ami-00a70c0830e3e28be
+# us-east-2 v6.2.0 Enterprise: ami-0e3636771bd5a9558
+# us-west-1 v6.2.0 Enterprise: ami-0f0e438f7c80db8aa
+# us-west-2 v6.2.0 Enterprise: ami-0d4a763166ba78e9e
 ```
 
 ### Enterprise FIPS
 
 ```
-# ap-south-1 v6.0.2 Enterprise FIPS: ami-0252c2f03c38d5a83
-# ap-northeast-2 v6.0.2 Enterprise FIPS: ami-06a6404a60f7e0e38
-# ap-southeast-1 v6.0.2 Enterprise FIPS: ami-094ea89a3f60855ec
-# ap-southeast-2 v6.0.2 Enterprise FIPS: ami-0020456844cb76968
-# ap-northeast-1 v6.0.2 Enterprise FIPS: ami-0b9ee56285aae9d05
-# ca-central-1 v6.0.2 Enterprise FIPS: ami-076b22ef0dfe4037f
-# eu-central-1 v6.0.2 Enterprise FIPS: ami-0154cb54cc8587e58
-# eu-west-1 v6.0.2 Enterprise FIPS: ami-08975755b8c23c164
-# eu-west-2 v6.0.2 Enterprise FIPS: ami-07cef22c77c0633ac
-# sa-east-1 v6.0.2 Enterprise FIPS: ami-0063942600c3e7bac
-# us-east-1 v6.0.2 Enterprise FIPS: ami-02a9b68643fef4ef7
-# us-east-2 v6.0.2 Enterprise FIPS: ami-06354cb40cd214d92
-# us-west-1 v6.0.2 Enterprise FIPS: ami-016c28b5e4b5923f1
-# us-west-2 v6.0.2 Enterprise FIPS: ami-01239b455a88459b0
+# eu-north-1 v6.2.0 Enterprise FIPS: ami-0ef3a593cf76412cc
+# ap-south-1 v6.2.0 Enterprise FIPS: ami-0aa26b9f7b648fbf0
+# eu-west-1 v6.2.0 Enterprise FIPS: ami-0a5fb46d5f1355a3c
+# eu-west-2 v6.2.0 Enterprise FIPS: ami-045b624f2160bdbcb
+# eu-west-3 v6.2.0 Enterprise FIPS: ami-08cbdce943ef2d229
+# ap-northeast-1 v6.2.0 Enterprise FIPS: ami-0d04fb3a9a89177d7
+# ap-northeast-2 v6.2.0 Enterprise FIPS: ami-0bf842bbb61351484
+# ap-northeast-3 v6.2.0 Enterprise FIPS: ami-02911fb25bdc7d813
+# sa-east-1 v6.2.0 Enterprise FIPS: ami-05da34d5495265ef0
+# ca-central-1 v6.2.0 Enterprise FIPS: ami-0b9f86c2838ad8791
+# ap-southeast-1 v6.2.0 Enterprise FIPS: ami-05bcd5ede24cca6bf
+# ap-southeast-2 v6.2.0 Enterprise FIPS: ami-00a92f2b6e9a6df4f
+# eu-central-1 v6.2.0 Enterprise FIPS: ami-0207c8316b5f94f40
+# us-east-1 v6.2.0 Enterprise FIPS: ami-0fb1d80acbae6a89f
+# us-east-2 v6.2.0 Enterprise FIPS: ami-0d3b5b91753377eaa
+# us-west-1 v6.2.0 Enterprise FIPS: ami-0a25edc80c846506f
+# us-west-2 v6.2.0 Enterprise FIPS: ami-0799002d5898102ba
 ```
diff --git a/examples/aws/terraform/ha-autoscale-cluster/README.md b/examples/aws/terraform/ha-autoscale-cluster/README.md
@@ -45,7 +45,7 @@ export TF_VAR_cluster_name="teleport.example.com"
 # OSS: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-oss*'
 # Enterprise: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-ent*'
 # FIPS 140-2 images are also available for Enterprise customers, look for '-fips' on the end of the AMI's name
-export TF_VAR_ami_name="gravitational-teleport-ami-ent-6.0.2"
+export TF_VAR_ami_name="gravitational-teleport-ami-ent-6.2.0"
 
 # AWS SSH key name to provision in installed instances, should be available in the region
 export TF_VAR_key_name="example"

diff --git a/examples/aws/terraform/starter-cluster/README.md b/examples/aws/terraform/starter-cluster/README.md
@@ -86,7 +86,7 @@ TF_VAR_license_path ?="/path/to/license"
 # OSS: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-oss*'
 # Enterprise: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-ent*'
 # FIPS 140-2 images are also available for Enterprise customers, look for '-fips' on the end of the AMI's name
-TF_VAR_ami_name ?="gravitational-teleport-ami-ent-6.0.2"
+TF_VAR_ami_name ?="gravitational-teleport-ami-ent-6.2.0"
 
 # Route 53 hosted zone to use, must be a root zone registered in AWS, e.g. example.com
 TF_VAR_route53_zone ?="example.com"