Securing Infrastructure Access at Scale in Large Enterprises
Dec 12
Virtual
Register Now
Teleport logoTry For Free
Fork me on GitHub

Teleport

Reference for the teleport_access_list Terraform resource

Example Usage

resource "teleport_access_list" "crane-operation" {
  header = {
    metadata = {
      name = "crane-operation"
      labels = {
        example = "yes"
      }
    }
  }
  spec = {
    description = "Used to grant access to the crane."
    owners = [
      {
        name        = "gru"
        description = "The supervillain."
      }
    ]
    membership_requires = {
      roles = ["minion"]
    }
    ownership_requires = {
      roles = ["supervillain"]
    }
    grants = {
      roles = ["crane-operator"]
      traits = [{
        key    = "allowed-machines"
        values = ["crane", "forklift"]
      }]
    }
    title = "Crane operation"
    audit = {
      recurrence = {
        frequency    = 3  # audit every 3 months
        day_of_month = 15 # audit happen 15's day of the month. Possible values are 1, 15, and 31.
      }
    }
  }
}

Schema

Optional

Nested Schema for header

Required:

  • version (String) Version is the API version used to create the resource. It must be specified. Based on this version, Teleport will apply different defaults on resource creation or deletion. It must be an integer prefixed by "v". For example: v1

Optional:

  • kind (String) kind is a resource kind.
  • metadata (Attributes) metadata is resource metadata. (see below for nested schema)
  • sub_kind (String) sub_kind is an optional resource sub kind, used in some resources.

Nested Schema for header.metadata

Required:

  • name (String) name is an object name.

Optional:

  • description (String) description is object description.
  • expires (String) expires is a global expiry time header can be set on any resource in the system.
  • labels (Map of String) labels is a set of labels.
  • namespace (String) namespace is object namespace. The field should be called "namespace" when it returns in Teleport 2.4.
  • revision (String) revision is an opaque identifier which tracks the versions of a resource over time. Clients should ignore and not alter its value but must return the revision in any updates of a resource.

Nested Schema for spec

Required:

Optional:

  • description (String) description is an optional plaintext description of the Access List.
  • membership_requires (Attributes) membership_requires describes the requirements for a user to be a member of the Access List. For a membership to an Access List to be effective, the user must meet the requirements of Membership_requires and must be in the members list. (see below for nested schema)
  • owner_grants (Attributes) owner_grants describes the access granted by owners to this Access List. (see below for nested schema)
  • ownership_requires (Attributes) ownership_requires describes the requirements for a user to be an owner of the Access List. For ownership of an Access List to be effective, the user must meet the requirements of ownership_requires and must be in the owners list. (see below for nested schema)
  • title (String) title is a plaintext short description of the Access List.

Nested Schema for spec.audit

Required:

Optional:

  • next_audit_date (String) next_audit_date is when the next audit date should be done by.
  • notifications (Attributes) notifications is the configuration for notifying users. (see below for nested schema)

Nested Schema for spec.audit.recurrence

Required:

  • frequency (Number) frequency is the frequency of reviews. This represents the period in months between two reviews. Supported values are 0, 1, 3, 6, and 12.

Optional:

  • day_of_month (Number) day_of_month is the day of month that reviews will be scheduled on. Supported values are 0, 1, 15, and 31.

Nested Schema for spec.audit.notifications

Optional:

  • start (String) start specifies when to start notifying users that the next audit date is coming up.

Nested Schema for spec.grants

Optional:

  • roles (List of String) roles are the roles that are granted to users who are members of the Access List.
  • traits (Attributes List) traits are the traits that are granted to users who are members of the Access List. (see below for nested schema)

Nested Schema for spec.grants.traits

Optional:

  • key (String) key is the name of the trait.
  • values (List of String) values is the list of trait values.

Nested Schema for spec.owners

Optional:

  • description (String) description is the plaintext description of the owner and why they are an owner.
  • name (String) name is the username of the owner.

Nested Schema for spec.membership_requires

Optional:

  • roles (List of String) roles are the user roles that must be present for the user to obtain access.
  • traits (Attributes List) traits are the traits that must be present for the user to obtain access. (see below for nested schema)

Nested Schema for spec.membership_requires.traits

Optional:

  • key (String) key is the name of the trait.
  • values (List of String) values is the list of trait values.

Nested Schema for spec.owner_grants

Optional:

  • roles (List of String) roles are the roles that are granted to users who are members of the Access List.
  • traits (Attributes List) traits are the traits that are granted to users who are members of the Access List. (see below for nested schema)

Nested Schema for spec.owner_grants.traits

Optional:

  • key (String) key is the name of the trait.
  • values (List of String) values is the list of trait values.

Nested Schema for spec.ownership_requires

Optional:

  • roles (List of String) roles are the user roles that must be present for the user to obtain access.
  • traits (Attributes List) traits are the traits that must be present for the user to obtain access. (see below for nested schema)

Nested Schema for spec.ownership_requires.traits

Optional:

  • key (String) key is the name of the trait.
  • values (List of String) values is the list of trait values.