Kind: db_server

Version: v3

Represents a database access server.

Example:

kind: "string" sub_kind: "string" version: "string" metadata: spec: status: scope: "string"

Field Name Description Type kind The database server resource kind. string metadata The database server metadata. Metadata scope The advertized scope of the server which can not change once assigned. string spec The database server spec. Database Server Spec V3 status The database server status. Database Server Status V3 sub_kind An optional resource subkind. string version The resource version. string

Contains Active Directory specific database configuration.

Example:

keytab_file: "string" krb5_file: "string" domain: "string" spn: "string" ldap_cert: "string" kdc_host_name: "string" ldap_service_account_name: "string" ldap_service_account_sid: "string"

Field Name Description Type domain The Active Directory domain the database resides in. string kdc_host_name The host name for a KDC for x509 Authentication. string keytab_file The path to the Kerberos keytab file. string krb5_file The path to the Kerberos configuration file. Defaults to /etc/krb5.conf. string ldap_cert A certificate from Windows LDAP/AD, optional; only for x509 Authentication. string ldap_service_account_name The name of service account for performing LDAP queries. Required for x509 Auth / PKINIT. string ldap_service_account_sid The SID of service account for performing LDAP queries. Required for x509 Auth / PKINIT. string spn The service principal name for the database. string

Contains AWS metadata about the database.

Example:

region: "string" redshift: rds: account_id: "string" elasticache: secret_store: memorydb: rdsproxy: redshift_serverless: external_id: "string" assume_role_arn: "string" opensearch: iam_policy_status: session_tags: "string": "string" "string": "string" "string": "string" docdb: elasticache_serverless:

Field Name Description Type account_id The AWS account ID this database belongs to. string assume_role_arn An optional AWS role ARN to assume when accessing a database. Set this field and ExternalID to enable access across AWS accounts. string docdb Contains Amazon DocumentDB-specific metadata. DocumentDB elasticache Contains Amazon ElastiCache Redis-specific metadata. ElastiCache elasticache_serverless Contains Amazon ElastiCache Serverless metadata. ElastiCache Serverless external_id An optional AWS external ID used to enable assuming an AWS role across accounts. string iam_policy_status Indicates whether the IAM Policy is configured properly for database access. If not, the user must update the AWS profile identity to allow access to the Database. Eg for an RDS Database: the underlying AWS profile allows for rds-db:connect for the Database. IAM Policy Status memorydb Contains AWS MemoryDB specific metadata. MemoryDB opensearch Contains AWS OpenSearch specific metadata. OpenSearch rds Contains RDS specific metadata. RDS rdsproxy Contains AWS Proxy specific metadata. RDS Proxy redshift Contains Redshift specific metadata. Redshift redshift_serverless Contains metatada specific to Amazon Redshift Serverless. Redshift Serverless region A AWS cloud region. string secret_store Contains secret store configurations. Secret Store session_tags A list of AWS STS session tags. map[string]string

Contains AlloyDB specific configuration elements.

Example:

endpoint_type: "string" endpoint_override: "string"

Field Name Description Type endpoint_override An override of endpoint address to use. string endpoint_type The database endpoint type to use. Should be one of: "private", "public", "psc". string

Contains Azure specific database metadata.

Example:

name: "string" resource_id: "string" redis: is_flexi_server: true

Field Name Description Type is_flexi_server True if the database is an Azure Flexible server. Boolean name The Azure database server name. string redis Contains Azure Cache for Redis specific database metadata. Azure Redis resource_id The Azure fully qualified ID for the resource. string

Contains Azure Cache for Redis specific database metadata.

Example:

clustering_policy: "string"

Field Name Description Type clustering_policy The clustering policy for Redis Enterprise. string

A label that has a value as a result of the output generated by running command, e.g. hostname

Example:

period: command: - "string" - "string" - "string" result: "string"

Field Name Description Type command A command to run []string period A time between command runs Duration result Captures standard output string

Contains information about privileged database user used for automatic user provisioning.

Example:

name: "string" default_database: "string"

Field Name Description Type default_database The database that the privileged database user logs into by default. Depending on the database type, this database may be used to store procedures or data for managing database users. string name The username of the privileged database user. string

The database server spec.

Example:

version: "string" hostname: "string" host_id: "string" rotation: database: proxy_ids: - "string" - "string" - "string" relay_group: "string" relay_ids: - "string" - "string" - "string"

Field Name Description Type database The database proxied by this database server. Database V3 host_id The ID of the host the database server is running on. string hostname The database server hostname. string proxy_ids A list of proxy IDs this server is expected to be connected to. []string relay_group The name of the Relay group that the server is connected to string relay_ids The list of Relay host IDs that the server is connected to []string rotation Contains the server CA rotation information. Rotation version The Teleport version that the server is running. string

The database server status.

Example:

target_health:

Field Name Description Type target_health The health status of network connectivity between the agent and the database. Target Health

The database spec.

Example:

protocol: "string" uri: "string" ca_cert: "string" dynamic_labels: "string": "string": "string": aws: gcp: azure: tls: ad: mysql: admin_user: mongo_atlas: oracle:

Field Name Description Type ad The Active Directory configuration for the database. AD admin_user The database admin user for automatic user provisioning. Database Admin User aws Contains AWS specific settings for RDS/Aurora/Redshift databases. AWS azure Contains Azure specific database metadata. Azure ca_cert The PEM-encoded database CA certificate. DEPRECATED: Moved to TLS.CACert. DELETE IN 10.0. string dynamic_labels The database dynamic labels. map[string]Command Label V2 gcp Contains parameters specific to GCP Cloud SQL databases. GCP Cloud SQL mongo_atlas Contains Atlas metadata about the database. Mongo Atlas mysql An additional section with MySQL database options. MySQL Options oracle An additional Oracle configuration options. Oracle Options protocol The database protocol: postgres, mysql, mongodb, etc. string tls The TLS configuration used when establishing connection to target database. Allows to provide custom CA cert or override server name. Database TLS uri The database connection endpoint. string

Contains runtime information about the database.

Example:

ca_cert: "string" aws: mysql: managed_users: - "string" - "string" - "string" azure:

Field Name Description Type aws The auto-discovered AWS cloud database metadata. AWS azure The auto-discovered Azure cloud database metadata. Azure ca_cert The auto-downloaded cloud database CA certificate. string managed_users A list of database users that are managed by Teleport. []string mysql An additional section with MySQL runtime database information. MySQL Options

Contains TLS configuration options.

Example:

mode: ca_cert: "string" server_name: "string" trust_system_cert_pool: true

Field Name Description Type ca_cert An optional user provided CA certificate used for verifying database TLS connection. string mode A TLS connection mode. 0 is "verify-full"; 1 is "verify-ca", 2 is "insecure". Database TLS Mode server_name Allows to provide custom hostname. This value will override the servername/hostname on a certificate during validation. string trust_system_cert_pool Allows Teleport to trust certificate authorities available on the host system. If not set (by default), Teleport only trusts self-signed databases with TLS certificates signed by Teleport's Database Server CA or the ca_cert specified in this TLS setting. For cloud-hosted databases, Teleport downloads the corresponding required CAs for validation. Boolean

Represents the level of TLS verification performed by DB agent when connecting to a database.

Represents a single proxied database.

Example:

kind: "string" sub_kind: "string" version: "string" metadata: spec: status:

Field Name Description Type kind The database resource kind. string metadata The database metadata. Metadata spec The database spec. Database Spec V3 status The database runtime information. Database Status V3 sub_kind An optional resource subkind. string version The resource version. It must be specified. Supported values are: v3 . string

Contains Amazon DocumentDB-specific metadata.

Example:

cluster_id: "string" instance_id: "string" endpoint_type: "string"

Field Name Description Type cluster_id The cluster identifier. string endpoint_type The type of the endpoint. string instance_id The instance identifier. string

A wrapper around duration to set up custom marshal/unmarshal

Contains Amazon ElastiCache Redis-specific metadata.

Example:

replication_group_id: "string" user_group_ids: - "string" - "string" - "string" transit_encryption_enabled: true endpoint_type: "string"

Field Name Description Type endpoint_type The type of the endpoint. string replication_group_id The Redis replication group ID. string transit_encryption_enabled Indicates whether in-transit encryption (TLS) is enabled. Boolean user_group_ids A list of user group IDs. []string

Contains Amazon ElastiCache Serverless metadata.

Example:

cache_name: "string"

Field Name Description Type cache_name An ElastiCache Serverless cache name. string

Contains parameters specific to GCP databases. The name "GCPCloudSQL" is a legacy from a time when only GCP Cloud SQL was supported.

Example:

project_id: "string" instance_id: "string" alloydb:

Field Name Description Type alloydb Contains AlloyDB specific configuration elements. AlloyDB instance_id The Cloud SQL instance ID. string project_id The GCP project ID the Cloud SQL instance resides in. string

Represents states that describe if an AWS database has its IAM policy properly configured or not. This enum is set in a Sync.Map during an IAM task that checks for the validity of IAM policy, and the database gets updated with the value from this map during a heartbeat.

Contains AWS MemoryDB specific metadata.

Example:

cluster_name: "string" acl_name: "string" tls_enabled: true endpoint_type: "string"

Field Name Description Type acl_name The name of the ACL associated with the cluster. string cluster_name The name of the MemoryDB cluster. string endpoint_type The type of the endpoint. string tls_enabled Indicates whether in-transit encryption (TLS) is enabled. Boolean

Resource metadata

Example:

name: "string" description: "string" labels: "string": "string" "string": "string" "string": "string" expires: revision: "string"

Field Name Description Type description Object description string expires A global expiry time header can be set on any resource in the system. labels A set of labels map[string]string name An object name string revision An opaque identifier which tracks the versions of a resource over time. Clients should ignore and not alter its value but must return the revision in any updates of a resource. string

Contains Atlas metadata about the database.

Example:

name: "string"

Field Name Description Type name The Atlas database instance name. string

Additional MySQL database options.

Example:

server_version: "string"

Field Name Description Type server_version The server version reported by DB proxy if the runtime information is not available. string

Contains AWS OpenSearch specific metadata.

Example:

domain_name: "string" domain_id: "string" endpoint_type: "string"

Field Name Description Type domain_id The ID of the domain. string domain_name The name of the domain. string endpoint_type The type of the endpoint. string

Contains Oracle-specific configuration options.

Example:

audit_user: "string" retry_count: 1 shuffle_hostnames: true

Field Name Description Type audit_user The name of the Oracle database user that should be used to access the internal audit trail. string retry_count The maximum number of times to retry connecting to a host upon failure. If not specified it defaults to 2, for a total of 3 connection attempts. number shuffle_hostnames , when true, randomizes the order of hosts to connect to from the provided list. Boolean

Contains AWS RDS specific database metadata.

Example:

instance_id: "string" cluster_id: "string" resource_id: "string" iam_auth: true subnets: - "string" - "string" - "string" vpc_id: "string" security_groups: - "string" - "string" - "string"

Field Name Description Type cluster_id The RDS cluster (Aurora) identifier. string iam_auth Indicates whether database IAM authentication is enabled. Boolean instance_id The RDS instance identifier. string resource_id The RDS instance resource identifier (db-xxx). string security_groups A list of attached security groups for the RDS instance. []string subnets A list of subnets for the RDS instance. []string vpc_id The VPC where the RDS is running. string

Contains AWS RDS Proxy specific database metadata.

Example:

name: "string" custom_endpoint_name: "string" resource_id: "string"

Field Name Description Type custom_endpoint_name The identifier of an RDS Proxy custom endpoint. string name The identifier of an RDS Proxy. string resource_id The RDS instance resource identifier (prx-xxx). string

Contains metadata specific to Amazon Redshift.

Example:

cluster_id: "string"

Field Name Description Type cluster_id The Redshift cluster identifier. string

Contains Amazon Redshift Serverless-specific metadata.

Example:

workgroup_name: "string" endpoint_name: "string" workgroup_id: "string"

Field Name Description Type endpoint_name The VPC endpoint name. string workgroup_id The workgroup ID. string workgroup_name The workgroup name. string

A status of the rotation of the certificate authority

Example:

state: "string" phase: "string" mode: "string" current_id: "string" started: grace_period: last_rotated: schedule:

Field Name Description Type current_id The ID of the rotation operation to differentiate between rotation attempts. string grace_period A period during which old and new CA are valid for checking purposes, but only new CA is issuing certificates. Duration last_rotated Specifies the last time of the completed rotation. mode Sets manual or automatic rotation mode. string phase The current rotation phase. string schedule A rotation schedule - used in automatic mode to switch between phases. Rotation Schedule started Set to the time when rotation has been started in case if the state of the rotation is "in_progress". state Could be one of "init" or "in_progress". string

A rotation schedule setting time switches for different phases.

Example:

update_clients: update_servers: standby:

Field Name Description Type standby Specifies time to switch to the "Standby" phase. update_clients Specifies time to switch to the "Update clients" phase update_servers Specifies time to switch to the "Update servers" phase.

Contains secret store configurations.

Example:

key_prefix: "string" kms_key_id: "string"

Field Name Description Type key_prefix Specifies the secret key prefix. string kms_key_id Specifies the AWS KMS key for encryption. string

Describes the health status of network connectivity between an agent and a resource.

Example:

address: "string" protocol: "string" status: "string" transition_timestamp: transition_reason: "string" transition_error: "string" message: "string"

Field Name Description Type address The resource address. string message Additional information meant for a user. string protocol The health check protocol such as "tcp". string status The health status, one of "", "unknown", "healthy", "unhealthy". string transition_error Shows the health check error observed when the transition happened. Empty when transitioning to "healthy". string transition_reason A unique single word reason why the last transition occurred. string transition_timestamp The time that the last status transition occurred.