Database Access FAQ
Teleport Database Access currently supports PostgreSQL, MySQL, and MongoDB protocols.
For PostgreSQL and MySQL, both self-hosted and cloud-hosted versions such as AWS RDS, Aurora (except for Serverless version which doesn't support IAM auth), Redshift, and GCP Cloud SQL are supported. See available guides for all supported configurations.
The following PostgreSQL protocol features aren't currently supported:
- Canceling requests in progress. Cancel requests issued by the PostgreSQL clients connected to Teleport proxy won't be passed to the database server.
- Any of the authentication methods except for client certificate authentication and IAM authentication for cloud databases.
Teleport administrators can set
proxy configuration fields to public addresses over which respective database
clients should connect. See Proxy Configuration
for more details.
This is useful when Teleport web proxy UI is running behind an L7 load balancer (e.g. ALB in AWS) in which case PostgreSQL/MySQL proxy need to be exposed on a plain TCP load balancer (e.g. NLB in AWS).
Teleport relies on client certificates for authentication so any database client that supports this method of authentication and uses modern TLS (1.2+) should work.
Standard command-line clients such as
mongo are supported,
there are also instructions for configuring select graphical clients.
We plan to support more databases in the future based on customer demand.