Securing Infrastructure Access at Scale in Large Enterprises
Dec 12
Virtual
Register Now
Teleport logoTry For Free
Fork me on GitHub

Teleport

Reference for the teleport_app Terraform resource

Example Usage

# Teleport App

resource "teleport_app" "example" {
  version = "v3"
  metadata = {
    name        = "example"
    description = "Test app"
    labels = {
      "teleport.dev/origin" = "dynamic" // This label is added on Teleport side by default
    }
  }

  spec = {
    uri = "localhost:3000"
  }
}

Schema

Required

  • version (String) Version is the resource version. It must be specified. Supported values are:v3.

Optional

  • metadata (Attributes) Metadata is the app resource metadata. (see below for nested schema)
  • spec (Attributes) Spec is the app resource spec. (see below for nested schema)
  • sub_kind (String) SubKind is an optional resource subkind.

Nested Schema for metadata

Required:

  • name (String) Name is an object name

Optional:

  • description (String) Description is object description
  • expires (String) Expires is a global expiry time header can be set on any resource in the system.
  • labels (Map of String) Labels is a set of labels

Nested Schema for spec

Optional:

  • aws (Attributes) AWS contains additional options for AWS applications. (see below for nested schema)
  • cloud (String) Cloud identifies the cloud instance the app represents.
  • cors (Attributes) CORSPolicy defines the Cross-Origin Resource Sharing settings for the app. (see below for nested schema)
  • dynamic_labels (Attributes Map) DynamicLabels are the app's command labels. (see below for nested schema)
  • insecure_skip_verify (Boolean) InsecureSkipVerify disables app's TLS certificate verification.
  • integration (String) Integration is the integration name that must be used to access this Application. Only applicable to AWS App Access. If present, the Application must use the Integration's credentials instead of ambient credentials to access Cloud APIs.
  • public_addr (String) PublicAddr is the public address the application is accessible at.
  • required_app_names (List of String) RequiredAppNames is a list of app names that are required for this app to function. Any app listed here will be part of the authentication redirect flow and authenticate along side this app.
  • rewrite (Attributes) Rewrite is a list of rewriting rules to apply to requests and responses. (see below for nested schema)
  • uri (String) URI is the web app endpoint.
  • user_groups (List of String) UserGroups are a list of user group IDs that this app is associated with.

Nested Schema for spec.aws

Optional:

  • external_id (String) ExternalID is the AWS External ID used when assuming roles in this app.

Nested Schema for spec.cors

Optional:

  • allow_credentials (Boolean) allow_credentials indicates whether credentials are allowed.
  • allowed_headers (List of String) allowed_headers specifies which headers can be used when accessing the app.
  • allowed_methods (List of String) allowed_methods specifies which methods are allowed when accessing the app.
  • allowed_origins (List of String) allowed_origins specifies which origins are allowed to access the app.
  • exposed_headers (List of String) exposed_headers indicates which headers are made available to scripts via the browser.
  • max_age (Number) max_age indicates how long (in seconds) the results of a preflight request can be cached.

Nested Schema for spec.dynamic_labels

Optional:

  • command (List of String) Command is a command to run
  • period (String) Period is a time between command runs
  • result (String) Result captures standard output

Nested Schema for spec.rewrite

Optional:

  • headers (Attributes List) Headers is a list of headers to inject when passing the request over to the application. (see below for nested schema)
  • jwt_claims (String) JWTClaims configures whether roles/traits are included in the JWT token.
  • redirect (List of String) Redirect defines a list of hosts which will be rewritten to the public address of the application if they occur in the "Location" header.

Nested Schema for spec.rewrite.headers

Optional:

  • name (String) Name is the http header name.
  • value (String) Value is the http header value.