Teleport Application, getting access denied error while access the application

Question

I have created a Teleport server running on Ubuntu, 22.04 LTS.

I am using Teleport Version v12.0.4.

Configured teleport.yaml file at

etc/teleport.yaml

teleport.yaml config file

version: v2
teleport:
  nodename: ip-xx-xx-x-x
  data_dir: /var/lib/teleport
  log:
    output: stderr
    severity: INFO
    format:
      output: text
  ca_pin: ""
  diag_addr: ""
auth_service:
  enabled: "yes"
  listen_addr: 0.0.0.0:3025
  cluster_name: ip-xx-xx-x-xxx
  proxy_listener_mode: multiplex
  authentication:
      type: github
ssh_service:
  enabled: "yes"
  labels:
    env: devops
  commands:
  - name: hostname
    command: [hostname]
    period: 1m0s
app_service:
    enabled: yes
    debug_app: true
    apps:
    - name: "<application name>"
      uri: "https://applicationname.example.com"
        #insecure_skip_verify: true # Add this line to disable TLS certificate verification
      public_addr: "applicationname.teleport-xyz.example.com"
      labels:
        env: "prod"
        app: "applicationname"
      commands:
      - name: "os"
        command: ["/usr/bin/uname"]
        period: "5s"
proxy_service:
  enabled: "yes"
  web_listen_addr: 0.0.0.0:443
  public_addr: teleport-xyz.example.com:443
  https_keypairs:
  - key_file: /etc/letsencrypt/live/teleport-xyz.example.com/privkey.pem
    cert_file: /etc/letsencrypt/live/teleport-xyz.example.com/fullchain.pem
  https_keypairs_reload_interval: 0s
  acme: {}

Using systemctl start teleport to start the teleport server.

I have created a user with the name XYZ with the role [access].

Access.yaml file:

kind: role
metadata:
  description: Access cluster resources
  id: 167xxxxxxxxxxxxxxx
  name: access
spec:
  allow:
    app_labels:
      app: applicationname
    aws_role_arns:
    - '{{internal.aws_role_arns}}'
    azure_identities:
    - '{{internal.azure_identities}}'
    db_labels:
      '*': '*'
    db_names:
    - '{{internal.db_names}}'
    db_service_labels:
      '*': '*'
    db_users:
    - '{{internal.db_users}}'
    gcp_service_accounts:
    - '{{internal.gcp_service_accounts}}'
    kubernetes_groups:
    - '{{internal.kubernetes_groups}}'
    kubernetes_labels:
      '*': '*'
    kubernetes_resources:
    - kind: pod
      name: '*'
      namespace: '*'
    kubernetes_users:
    - '{{internal.kubernetes_users}}'
    logins:
    - '{{internal.logins}}'
    - ubuntu
    - ec2-user
    node_labels:
      '*': '*'
    rules:
    - resources:
      - event
      verbs:
      - list
      - read
    - resources:
      - session
      verbs:
      - read
      - list
      where: contains(session.participants, user.metadata.name)
    - resources:
      - instance
      verbs:
      - list
      - read
    windows_desktop_labels:
      '*': '*'
    windows_desktop_logins:
    - '{{internal.windows_logins}}'
  deny: {}
  options:
    cert_format: standard
    create_host_user: false
    desktop_clipboard: true
    desktop_directory_sharing: true
    enhanced_recording:
    - command
    - network
    forward_agent: true
    idp:
      saml:
        enabled: true
    max_session_ttl: 30h0m0s
    pin_source_ip: false
    port_forwarding: true
    record_session:
      desktop: true
    ssh_file_copy: true
version: v6

I'm able to login into the web UI.

I try to launch the application from the teleport panel's application section. I get access denied.

access denied image.