Teleport
Reference for the teleport_database Terraform resource
- Edge version
- Version 17.x
- Version 16.x
- Version 15.x
- Older Versions
Example Usage
# Teleport Database
resource "teleport_database" "example" {
version = "v3"
metadata = {
name = "example"
description = "Test database"
labels = {
"teleport.dev/origin" = "dynamic" // This label is added on Teleport side by default
}
}
spec = {
protocol = "postgres"
uri = "localhost"
}
}
Schema
Required
version
(String) Version is the resource version. It must be specified. Supported values are:v3
.
Optional
metadata
(Attributes) Metadata is the database metadata. (see below for nested schema)spec
(Attributes) Spec is the database spec. (see below for nested schema)sub_kind
(String) SubKind is an optional resource subkind.
Nested Schema for metadata
Required:
name
(String) Name is an object name
Optional:
description
(String) Description is object descriptionexpires
(String) Expires is a global expiry time header can be set on any resource in the system.labels
(Map of String) Labels is a set of labels
Nested Schema for spec
Required:
protocol
(String) Protocol is the database protocol: postgres, mysql, mongodb, etc.uri
(String) URI is the database connection endpoint.
Optional:
ad
(Attributes) AD is the Active Directory configuration for the database. (see below for nested schema)admin_user
(Attributes) AdminUser is the database admin user for automatic user provisioning. (see below for nested schema)aws
(Attributes) AWS contains AWS specific settings for RDS/Aurora/Redshift databases. (see below for nested schema)azure
(Attributes) Azure contains Azure specific database metadata. (see below for nested schema)ca_cert
(String) CACert is the PEM-encoded database CA certificate. DEPRECATED: Moved to TLS.CACert. DELETE IN 10.0.dynamic_labels
(Attributes Map) DynamicLabels is the database dynamic labels. (see below for nested schema)gcp
(Attributes) GCP contains parameters specific to GCP Cloud SQL databases. (see below for nested schema)mongo_atlas
(Attributes) MongoAtlas contains Atlas metadata about the database. (see below for nested schema)mysql
(Attributes) MySQL is an additional section with MySQL database options. (see below for nested schema)oracle
(Attributes) Oracle is an additional Oracle configuration options. (see below for nested schema)tls
(Attributes) TLS is the TLS configuration used when establishing connection to target database. Allows to provide custom CA cert or override server name. (see below for nested schema)
Nested Schema for spec.ad
Optional:
domain
(String) Domain is the Active Directory domain the database resides in.kdc_host_name
(String) KDCHostName is the host name for a KDC for x509 Authentication.keytab_file
(String) KeytabFile is the path to the Kerberos keytab file.krb5_file
(String) Krb5File is the path to the Kerberos configuration file. Defaults to /etc/krb5.conf.ldap_cert
(String) LDAPCert is a certificate from Windows LDAP/AD, optional; only for x509 Authentication.spn
(String) SPN is the service principal name for the database.
Nested Schema for spec.admin_user
Optional:
default_database
(String) DefaultDatabase is the database that the privileged database user logs into by default. Depending on the database type, this database may be used to store procedures or data for managing database users.name
(String) Name is the username of the privileged database user.
Nested Schema for spec.aws
Optional:
account_id
(String) AccountID is the AWS account ID this database belongs to.assume_role_arn
(String) AssumeRoleARN is an optional AWS role ARN to assume when accessing a database. Set this field and ExternalID to enable access across AWS accounts.docdb
(Attributes) DocumentDB contains AWS DocumentDB specific metadata. (see below for nested schema)elasticache
(Attributes) ElastiCache contains AWS ElastiCache Redis specific metadata. (see below for nested schema)external_id
(String) ExternalID is an optional AWS external ID used to enable assuming an AWS role across accounts.iam_policy_status
(Number) IAMPolicyStatus indicates whether the IAM Policy is configured properly for database access. If not, the user must update the AWS profile identity to allow access to the Database. Eg for an RDS Database: the underlying AWS profile allows forrds-db:connect
for the Database.memorydb
(Attributes) MemoryDB contains AWS MemoryDB specific metadata. (see below for nested schema)opensearch
(Attributes) OpenSearch contains AWS OpenSearch specific metadata. (see below for nested schema)rds
(Attributes) RDS contains RDS specific metadata. (see below for nested schema)rdsproxy
(Attributes) RDSProxy contains AWS Proxy specific metadata. (see below for nested schema)redshift
(Attributes) Redshift contains Redshift specific metadata. (see below for nested schema)redshift_serverless
(Attributes) RedshiftServerless contains AWS Redshift Serverless specific metadata. (see below for nested schema)region
(String) Region is a AWS cloud region.secret_store
(Attributes) SecretStore contains secret store configurations. (see below for nested schema)session_tags
(Map of String) SessionTags is a list of AWS STS session tags.
Nested Schema for spec.aws.docdb
Optional:
cluster_id
(String) ClusterID is the cluster identifier.endpoint_type
(String) EndpointType is the type of the endpoint.instance_id
(String) InstanceID is the instance identifier.
Nested Schema for spec.aws.elasticache
Optional:
endpoint_type
(String) EndpointType is the type of the endpoint.replication_group_id
(String) ReplicationGroupID is the Redis replication group ID.transit_encryption_enabled
(Boolean) TransitEncryptionEnabled indicates whether in-transit encryption (TLS) is enabled.user_group_ids
(List of String) UserGroupIDs is a list of user group IDs.
Nested Schema for spec.aws.memorydb
Optional:
acl_name
(String) ACLName is the name of the ACL associated with the cluster.cluster_name
(String) ClusterName is the name of the MemoryDB cluster.endpoint_type
(String) EndpointType is the type of the endpoint.tls_enabled
(Boolean) TLSEnabled indicates whether in-transit encryption (TLS) is enabled.
Nested Schema for spec.aws.opensearch
Optional:
domain_id
(String) DomainID is the ID of the domain.domain_name
(String) DomainName is the name of the domain.endpoint_type
(String) EndpointType is the type of the endpoint.
Nested Schema for spec.aws.rds
Optional:
cluster_id
(String) ClusterID is the RDS cluster (Aurora) identifier.iam_auth
(Boolean) IAMAuth indicates whether database IAM authentication is enabled.instance_id
(String) InstanceID is the RDS instance identifier.resource_id
(String) ResourceID is the RDS instance resource identifier (db-xxx).security_groups
(List of String) SecurityGroups is a list of attached security groups for the RDS instance.subnets
(List of String) Subnets is a list of subnets for the RDS instance.vpc_id
(String) VPCID is the VPC where the RDS is running.
Nested Schema for spec.aws.rdsproxy
Optional:
custom_endpoint_name
(String) CustomEndpointName is the identifier of an RDS Proxy custom endpoint.name
(String) Name is the identifier of an RDS Proxy.resource_id
(String) ResourceID is the RDS instance resource identifier (prx-xxx).
Nested Schema for spec.aws.redshift
Optional:
cluster_id
(String) ClusterID is the Redshift cluster identifier.
Nested Schema for spec.aws.redshift_serverless
Optional:
endpoint_name
(String) EndpointName is the VPC endpoint name.workgroup_id
(String) WorkgroupID is the workgroup ID.workgroup_name
(String) WorkgroupName is the workgroup name.
Nested Schema for spec.aws.secret_store
Optional:
key_prefix
(String) KeyPrefix specifies the secret key prefix.kms_key_id
(String) KMSKeyID specifies the AWS KMS key for encryption.
Nested Schema for spec.azure
Optional:
is_flexi_server
(Boolean) IsFlexiServer is true if the database is an Azure Flexible server.name
(String) Name is the Azure database server name.redis
(Attributes) Redis contains Azure Cache for Redis specific database metadata. (see below for nested schema)resource_id
(String) ResourceID is the Azure fully qualified ID for the resource.
Nested Schema for spec.azure.redis
Optional:
clustering_policy
(String) ClusteringPolicy is the clustering policy for Redis Enterprise.
Nested Schema for spec.dynamic_labels
Optional:
command
(List of String) Command is a command to runperiod
(String) Period is a time between command runsresult
(String) Result captures standard output
Nested Schema for spec.gcp
Optional:
instance_id
(String) InstanceID is the Cloud SQL instance ID.project_id
(String) ProjectID is the GCP project ID the Cloud SQL instance resides in.
Nested Schema for spec.mongo_atlas
Optional:
name
(String) Name is the Atlas database instance name.
Nested Schema for spec.mysql
Optional:
server_version
(String) ServerVersion is the server version reported by DB proxy if the runtime information is not available.
Nested Schema for spec.oracle
Optional:
audit_user
(String) AuditUser is the Oracle database user privilege to access internal Oracle audit trail.
Nested Schema for spec.tls
Optional:
ca_cert
(String) CACert is an optional user provided CA certificate used for verifying database TLS connection.mode
(Number) Mode is a TLS connection mode. 0 is "verify-full"; 1 is "verify-ca", 2 is "insecure".server_name
(String) ServerName allows to provide custom hostname. This value will override the servername/hostname on a certificate during validation.trust_system_cert_pool
(Boolean) TrustSystemCertPool allows Teleport to trust certificate authorities available on the host system. If not set (by default), Teleport only trusts self-signed databases with TLS certificates signed by Teleport's Database Server CA or the ca_cert specified in this TLS setting. For cloud-hosted databases, Teleport downloads the corresponding required CAs for validation.