Securing Infrastructure Access at Scale in Large Enterprises
Dec 12
Virtual
Register Now
Teleport logoTry For Free
Fork me on GitHub

Teleport

Reference for the teleport_trusted_cluster Terraform resource

Example Usage

# Teleport trusted cluster

resource "teleport_trusted_cluster" "cluster" {
  metadata = {
    name = "primary"
    labels = {
      test = "yes"
    }
  }

  spec = {
    enabled = false
    role_map = [{
      remote = "test"
      local  = ["admin"]
    }]
    proxy_addr = "localhost:3080"
    token      = "salami"
  }
}

Schema

Required

  • spec (Attributes) Spec is a Trusted Cluster specification. (see below for nested schema)
  • version (String) Version is the resource version. It must be specified. Supported values are: v2.

Optional

  • metadata (Attributes) Metadata holds resource metadata. (see below for nested schema)
  • sub_kind (String) SubKind is an optional resource sub kind, used in some resources.

Nested Schema for spec

Optional:

  • enabled (Boolean) Enabled is a bool that indicates if the TrustedCluster is enabled or disabled. Setting Enabled to false has a side effect of deleting the user and host certificate authority (CA).
  • role_map (Attributes List) RoleMap specifies role mappings to remote roles. (see below for nested schema)
  • roles (List of String) Roles is a list of roles that users will be assuming when connecting to this cluster.
  • token (String, Sensitive) Token is the authorization token provided by another cluster needed by this cluster to join.
  • tunnel_addr (String) ReverseTunnelAddress is the address of the SSH proxy server of the cluster to join. If not set, it is derived from <metadata.name>:<default reverse tunnel port>.
  • web_proxy_addr (String) ProxyAddress is the address of the web proxy server of the cluster to join. If not set, it is derived from <metadata.name>:<default web proxy server port>.

Nested Schema for spec.role_map

Optional:

  • local (List of String) Local specifies local roles to map to
  • remote (String) Remote specifies remote role name to map from

Nested Schema for metadata

Required:

  • name (String) Name is an object name

Optional:

  • description (String) Description is object description
  • expires (String) Expires is a global expiry time header can be set on any resource in the system.
  • labels (Map of String) Labels is a set of labels