Hardening Infrastructure Security Against SSO Identity Provider Compromise
Jul 11
Virtual
Register Today
Support
LOG IN
Teleport logoTry For Free
Contact SalesTry for Free
Support
LOG IN
Fork me on GitHub

Teleport

Reference for the teleport_app Terraform resource

Version 16.x

Example Usage 

# Teleport App

resource "teleport_app" "example" {
  metadata = {
    name        = "example"
    description = "Test app"
    labels = {
      "teleport.dev/origin" = "dynamic" // This label is added on Teleport side by default
    }
  }

  spec = {
    uri = "localhost:3000"
  }
}

Schema

Required

  • version (String) Version is the resource version. It must be specified. Supported values are:v3.

Optional

  • metadata (Attributes) Metadata is the app resource metadata. (see below for nested schema)
  • spec (Attributes) Spec is the app resource spec. (see below for nested schema)
  • sub_kind (String) SubKind is an optional resource subkind.

Nested Schema for metadata

Required:

  • name (String) Name is an object name

Optional:

  • description (String) Description is object description
  • expires (String) Expires is a global expiry time header can be set on any resource in the system.
  • labels (Map of String) Labels is a set of labels

Nested Schema for spec

Optional:

  • aws (Attributes) AWS contains additional options for AWS applications. (see below for nested schema)
  • cloud (String) Cloud identifies the cloud instance the app represents.
  • dynamic_labels (Attributes Map) DynamicLabels are the app's command labels. (see below for nested schema)
  • insecure_skip_verify (Boolean) InsecureSkipVerify disables app's TLS certificate verification.
  • integration (String) Integration is the integration name that must be used to access this Application. Only applicable to AWS App Access. If present, the Application must use the Integration's credentials instead of ambient credentials to access Cloud APIs.
  • public_addr (String) PublicAddr is the public address the application is accessible at.
  • rewrite (Attributes) Rewrite is a list of rewriting rules to apply to requests and responses. (see below for nested schema)
  • uri (String) URI is the web app endpoint.
  • user_groups (List of String) UserGroups are a list of user group IDs that this app is associated with.

Nested Schema for spec.aws

Optional:

  • external_id (String) ExternalID is the AWS External ID used when assuming roles in this app.

Nested Schema for spec.dynamic_labels

Optional:

  • command (List of String) Command is a command to run
  • period (String) Period is a time between command runs
  • result (String) Result captures standard output

Nested Schema for spec.rewrite

Optional:

  • headers (Attributes List) Headers is a list of headers to inject when passing the request over to the application. (see below for nested schema)
  • jwt_claims (String) JWTClaims configures whether roles/traits are included in the JWT token.
  • redirect (List of String) Redirect defines a list of hosts which will be rewritten to the public address of the application if they occur in the "Location" header.

Nested Schema for spec.rewrite.headers

Optional:

  • name (String) Name is the http header name.
  • value (String) Value is the http header value.