Database Access

Teleport can provide secure connections to your databases while improving both access control and visibility.

Some of the things you can do with database access:

• Enable users to retrieve short-lived database certificates using a Single Sign-On flow, thus maintaining their organization-wide identity.
• Configure role-based access controls for databases and implement custom Access Request workflows.
• Capture database activity in the Teleport audit log.

Demo

Let's connect to a PostgreSQL server with psql and pgAdmin 4 after authenticating with GitHub, execute a few SQL queries and observe them in the audit log:

Getting started

• Getting started: Connect Aurora PostgreSQL in a 10 minute guide.

How to connect your database to Teleport

• Active Directory SQL Server (Preview): Connect Microsoft SQL Server with Active Directory authentication.
• Active Directory SQL Server with PKINIT (Preview): Connect Microsoft SQL Server with Active Directory PKINIT authentication.
• AWS DynamoDB: Connect AWS DynamoDB.
• AWS OpenSearch: Connect AWS OpenSearch.
• AWS ElastiCache & MemoryDB: Connect AWS ElastiCache or AWS MemoryDB for Redis database.
• AWS RDS & Aurora: Connect AWS RDS or Aurora PostgreSQL, MariaDB or MySQL database.
• AWS RDS Proxy: Connect AWS RDS Proxy instances to Teleport.
• AWS Redshift: Connect AWS Redshift database.
• AWS Redshift Serverless: Connect to AWS Redshift serverless.
• AWS Keyspaces (Apache Cassandra): Connect to an AWS Keyspaces database.
• Azure PostgreSQL & MySQL: Connect Azure PostgreSQL or MySQL.
• Azure Cache for Redis: Connect Azure Cache for Redis.
• Azure SQL Server (Preview): Connect Azure SQL Server with Azure Active Directory authentication.
• GCP Cloud SQL MySQL: Connect GCP Cloud SQL MySQL database.
• GCP Cloud SQL PostgreSQL: Connect GCP Cloud SQL PostgreSQL database.
• MongoDB Atlas: Connect MongoDB Atlas cluster.
• Self-hosted CockroachDB: Connect self-hosted CockroachDB database.
• Self-hosted Elasticsearch
• Self-hosted MongoDB: Connect self-hosted MongoDB database.
• Self-hosted MySQL & MariaDB: Connect self-hosted MySQL or MariaDB database.
• Self-hosted PostgreSQL: Connect self-hosted PostgreSQL database.
• Self-hosted Redis Cluster: Connect a self-hosted Redis Cluster.
• Self-hosted Redis: Connect self-hosted Redis.
• Self-Hosted Cassandra & ScyllaDB: Connect self-hosted Cassandra or ScyllaDB.
• Self-Hosted Oracle: Connect self-hosted Oracle database.
• Snowflake (Preview): Connect Snowflake.

Other guides

• GUI clients: Configure database graphical clients.
• Dynamic Registration: Register/unregister databases without restarting Teleport.
• High Availability: Deploy database access in HA configuration.
• AWS Cross-Account Access: Connect AWS databases in external AWS accounts.

Resources

To learn more about configuring role-based access control for database access, check out the RBAC section.

The Architecture section provides a more in-depth look at Teleport Database Service internals such as networking and security.

See Reference for an overview of database access-related configuration and CLI commands.

If you hit any issues, check out the Troubleshooting documentation for common problems and solutions.

FAQ

Finally, check out Frequently Asked Questions.