Teleport
Database Access
- Version 15.x
- Version 14.x
- Version 13.x
- Version 12.x
- Older Versions
- Available for:
- OpenSource
- Team
- Cloud
- Enterprise
Teleport can provide secure connections to your databases while improving both access control and visibility.
Some of the things you can do with database access:
- Enable users to retrieve short-lived database certificates using a Single Sign-On flow, thus maintaining their organization-wide identity.
- Configure role-based access controls for databases and implement custom Access Request workflows.
- Capture database activity in the Teleport audit log.
Demo
Let's connect to a PostgreSQL server with psql and pgAdmin 4 after authenticating
with GitHub, execute a few SQL queries and observe them in the audit log:
Getting started
- Getting started: Connect Aurora PostgreSQL in a 10 minute guide.
How to connect your database to Teleport
- Active Directory SQL Server: Connect Microsoft SQL Server with Active Directory authentication.
- Active Directory SQL Server with PKINIT: Connect Microsoft SQL Server with Active Directory PKINIT authentication.
- AWS DynamoDB: Connect AWS DynamoDB.
- AWS OpenSearch: Connect AWS OpenSearch.
- AWS ElastiCache & MemoryDB: Connect AWS ElastiCache or AWS MemoryDB for Redis database.
- AWS RDS & Aurora: Connect AWS RDS or Aurora PostgreSQL, MariaDB or MySQL database.
- AWS RDS Proxy: Connect AWS RDS Proxy instances to Teleport.
- AWS Redshift: Connect AWS Redshift database.
- AWS Redshift Serverless: Connect to AWS Redshift serverless.
- AWS Keyspaces (Apache Cassandra): Connect to an AWS Keyspaces database.
- Azure PostgreSQL & MySQL: Connect Azure PostgreSQL or MySQL.
- Azure Cache for Redis: Connect Azure Cache for Redis.
- Azure SQL Server: Connect Azure SQL Server with Azure Active Directory authentication.
- GCP Cloud SQL MySQL: Connect GCP Cloud SQL MySQL database.
- GCP Cloud SQL PostgreSQL: Connect GCP Cloud SQL PostgreSQL database.
- MongoDB Atlas: Connect MongoDB Atlas cluster.
- Self-Hosted ClickHouse: Connect self-hosted ClickHouse database.
- Self-hosted CockroachDB: Connect self-hosted CockroachDB database.
- Self-hosted Elasticsearch
- Self-hosted MongoDB: Connect self-hosted MongoDB database.
- Self-hosted MySQL & MariaDB: Connect self-hosted MySQL or MariaDB database.
- Self-hosted PostgreSQL: Connect self-hosted PostgreSQL database.
- Self-hosted Redis Cluster: Connect a self-hosted Redis Cluster.
- Self-hosted Redis: Connect self-hosted Redis.
- Self-Hosted Cassandra & ScyllaDB: Connect self-hosted Cassandra or ScyllaDB.
- Self-Hosted Oracle: Connect self-hosted Oracle database.
- Snowflake: Connect Snowflake.
Other guides
- GUI clients: Configure database graphical clients.
- Dynamic Registration: Register/unregister databases without restarting Teleport.
- High Availability: Deploy database access in HA configuration.
- AWS Auto-Discovery: Configure Teleport to discover for AWS-hosted databases.
- AWS Cross-Account Access: Connect AWS databases in external AWS accounts.
Resources
To learn more about configuring role-based access control for database access, check out the RBAC section.
The Architecture section provides a more in-depth look at Teleport Database Service internals such as networking and security.
See Reference for an overview of database access-related configuration and CLI commands.
If you hit any issues, check out the Troubleshooting documentation for common problems and solutions.
FAQ
Finally, check out Frequently Asked Questions.