benarent/gist:6df9dbe2e572f607fb4c34a1333a0edd

## gistfile1.txt
#cloud-config
# created MOTD
# setup pam-exec
# setup teleport.yaml

write_files:
  - path: /etc/motd
    content: |
        hello teleport user.
  - path: /etc/pam.d/teleport
    content: |
        account	required	pam_exec.so	/etc/pam-exec.d/teleport_acct
        session	required	pam_motd.so
        session	required	pam_exec.so	/bin/bash
        session	required	pam_permit.so
  - encoding: b64
    content: IyEvYmluL2Jhc2gKQ09NTUVOVD0iVXNlciAke1RFTEVQT1JUX1VTRVJOQU1FfSB3aXRoIHJvbGVzIFwke1RFTEVQT1JUX1JPTEVTfSBjcmVhdGVkIGJ5IFRlbGVwb3J0LiIKaWQgLXUgIlwke1RFTEVQT1JUX0xPR0lOfSIgJj4vZGV2L251bGwgIHx8IC91c3Ivc2Jpbi91c2VyYWRkIC1tIC1jICIke0NPTU1FTlR9IiAiJHtURUxFUE9SVF9MT0dJTn0iIC1zIC9iaW4vYmFzaCAyPiAvdG1wL3BhbS5lcnJvcgpleGl0IDA=
    path: /etc/pam-exec.d/teleport_acct
  - path: /etc/teleport.yaml
    content: |
        teleport:
            auth_token: ${auth_token}
            auth_servers:
                - "${auth_servers}:443"
        auth_service:
            enabled: false
        proxy_service:
            enabled: false
        ssh_service:
            enabled: true
            pam:
              enabled: true
              service_name: "teleport"
            labels:
                aws: staging
                boot: tf
                demo: pam-create-user
            commands:
              - name: arch
                command: [uname, -p]
                period: 1h0m0s
              - name: kernel
                command: [uname, -r]
                period: 1h0m0s
              - name: uptime
                command: [uptime, -p]
                period: 1h0m0s
              - name: internal
                command: [curl, "http://169.254.169.254/latest/meta-data/local-ipv4"]
                period: 1h0m0s
              - name: external
                command: [curl, "http://169.254.169.254/latest/meta-data/public-ipv4"]
                period: 1h0m0s
              - name: aws_tag_test
                command: ['/usr/local/bin/get-tag.sh', 'Name']
                period: 1h0m0s

runcmd:
  - 'chmod +x /etc/pam-exec.d/teleport_acct'
  - 'systemctl enable teleport.service'
  - 'systemctl start teleport.service'
	#cloud-config
	# created MOTD
	# setup pam-exec
	# setup teleport.yaml

	write_files:
	- path: /etc/motd
	content: \|
	hello teleport user.
	- path: /etc/pam.d/teleport
	content: \|
	account required pam_exec.so /etc/pam-exec.d/teleport_acct
	session required pam_motd.so
	session required pam_exec.so /bin/bash
	session required pam_permit.so
	- encoding: b64
	content: IyEvYmluL2Jhc2gKQ09NTUVOVD0iVXNlciAke1RFTEVQT1JUX1VTRVJOQU1FfSB3aXRoIHJvbGVzIFwke1RFTEVQT1JUX1JPTEVTfSBjcmVhdGVkIGJ5IFRlbGVwb3J0LiIKaWQgLXUgIlwke1RFTEVQT1JUX0xPR0lOfSIgJj4vZGV2L251bGwgIHx8IC91c3Ivc2Jpbi91c2VyYWRkIC1tIC1jICIke0NPTU1FTlR9IiAiJHtURUxFUE9SVF9MT0dJTn0iIC1zIC9iaW4vYmFzaCAyPiAvdG1wL3BhbS5lcnJvcgpleGl0IDA=
	path: /etc/pam-exec.d/teleport_acct
	- path: /etc/teleport.yaml
	content: \|
	teleport:
	auth_token: ${auth_token}
	auth_servers:
	- "${auth_servers}:443"
	auth_service:
	enabled: false
	proxy_service:
	enabled: false
	ssh_service:
	enabled: true
	pam:
	enabled: true
	service_name: "teleport"
	labels:
	aws: staging
	boot: tf
	demo: pam-create-user
	commands:
	- name: arch
	command: [uname, -p]
	period: 1h0m0s
	- name: kernel
	command: [uname, -r]
	period: 1h0m0s
	- name: uptime
	command: [uptime, -p]
	period: 1h0m0s
	- name: internal
	command: [curl, "http://169.254.169.254/latest/meta-data/local-ipv4"]
	period: 1h0m0s
	- name: external
	command: [curl, "http://169.254.169.254/latest/meta-data/public-ipv4"]
	period: 1h0m0s
	- name: aws_tag_test
	command: ['/usr/local/bin/get-tag.sh', 'Name']
	period: 1h0m0s

	runcmd:
	- 'chmod +x /etc/pam-exec.d/teleport_acct'
	- 'systemctl enable teleport.service'
	- 'systemctl start teleport.service'