Reference for the teleport_access_list Terraform resource
This page describes the supported values of the teleport_access_list resource of the Teleport Terraform provider.
Example Usage
resource "teleport_access_list" "crane-operation" {
  header = {
    metadata = {
      name = "crane-operation"
      labels = {
        example = "yes"
      }
    }
  }
  spec = {
    description = "Used to grant access to the crane."
    owners = [
      {
        name        = "gru"
        description = "The supervillain."
      }
    ]
    membership_requires = {
      roles = ["minion"]
    }
    ownership_requires = {
      roles = ["supervillain"]
    }
    grants = {
      roles = ["crane-operator"]
      traits = [{
        key    = "allowed-machines"
        values = ["crane", "forklift"]
      }]
    }
    title = "Crane operation"
    audit = {
      recurrence = {
        frequency    = 3  # audit every 3 months
        day_of_month = 15 # audit happen 15's day of the month. Possible values are 1, 15, and 31.
      }
    }
  }
}
Schema
Optional
- header(Attributes) header is the header for the resource. (see below for nested schema)
- spec(Attributes) spec is the specification for the Access List. (see below for nested schema)
Nested Schema for header
Required:
- version(String) Version is the API version used to create the resource. It must be specified. Based on this version, Teleport will apply different defaults on resource creation or deletion. It must be an integer prefixed by "v". For example:- v1
Optional:
- kind(String) kind is a resource kind.
- metadata(Attributes) metadata is resource metadata. (see below for nested schema)
- sub_kind(String) sub_kind is an optional resource sub kind, used in some resources.
Nested Schema for header.metadata
Required:
- name(String) name is an object name.
Optional:
- description(String) description is object description.
- expires(String) expires is a global expiry time header can be set on any resource in the system.
- labels(Map of String) labels is a set of labels.
- namespace(String) namespace is object namespace. The field should be called "namespace" when it returns in Teleport 2.4.
- revision(String) revision is an opaque identifier which tracks the versions of a resource over time. Clients should ignore and not alter its value but must return the revision in any updates of a resource.
Nested Schema for spec
Required:
- owners(Attributes List) owners is a list of owners of the Access List. (see below for nested schema)
Optional:
- audit(Attributes) audit describes the frequency that this Access List must be audited. (see below for nested schema)
- description(String) description is an optional plaintext description of the Access List.
- grants(Attributes) grants describes the access granted by membership to this Access List. (see below for nested schema)
- membership_requires(Attributes) membership_requires describes the requirements for a user to be a member of the Access List. For a membership to an Access List to be effective, the user must meet the requirements of Membership_requires and must be in the members list. (see below for nested schema)
- owner_grants(Attributes) owner_grants describes the access granted by owners to this Access List. (see below for nested schema)
- ownership_requires(Attributes) ownership_requires describes the requirements for a user to be an owner of the Access List. For ownership of an Access List to be effective, the user must meet the requirements of ownership_requires and must be in the owners list. (see below for nested schema)
- title(String) title is a plaintext short description of the Access List.
- type(String) type can be an empty string which denotes a regular Access List, "scim" which represents an Access List created from SCIM group or "static" for Access Lists managed by IaC tools.
Nested Schema for spec.owners
Optional:
- description(String) description is the plaintext description of the owner and why they are an owner.
- membership_kind(Number) membership_kind describes the type of membership, either- MEMBERSHIP_KIND_USERor- MEMBERSHIP_KIND_LIST.
- name(String) name is the username of the owner.
Nested Schema for spec.audit
Optional:
- next_audit_date(String) next_audit_date is when the next audit date should be done by.
- notifications(Attributes) notifications is the configuration for notifying users. (see below for nested schema)
- recurrence(Attributes) recurrence is the recurrence definition (see below for nested schema)
Nested Schema for spec.audit.notifications
Optional:
- start(String) start specifies when to start notifying users that the next audit date is coming up.
Nested Schema for spec.audit.recurrence
Optional:
- day_of_month(Number) day_of_month is the day of month that reviews will be scheduled on. Supported values are 0, 1, 15, and 31.
- frequency(Number) frequency is the frequency of reviews. This represents the period in months between two reviews. Supported values are 0, 1, 3, 6, and 12.
Nested Schema for spec.grants
Optional:
- roles(List of String) roles are the roles that are granted to users who are members of the Access List.
- traits(Attributes List) traits are the traits that are granted to users who are members of the Access List. (see below for nested schema)
Nested Schema for spec.grants.traits
Optional:
- key(String) key is the name of the trait.
- values(List of String) values is the list of trait values.
Nested Schema for spec.membership_requires
Optional:
- roles(List of String) roles are the user roles that must be present for the user to obtain access.
- traits(Attributes List) traits are the traits that must be present for the user to obtain access. (see below for nested schema)
Nested Schema for spec.membership_requires.traits
Optional:
- key(String) key is the name of the trait.
- values(List of String) values is the list of trait values.
Nested Schema for spec.owner_grants
Optional:
- roles(List of String) roles are the roles that are granted to users who are members of the Access List.
- traits(Attributes List) traits are the traits that are granted to users who are members of the Access List. (see below for nested schema)
Nested Schema for spec.owner_grants.traits
Optional:
- key(String) key is the name of the trait.
- values(List of String) values is the list of trait values.
Nested Schema for spec.ownership_requires
Optional:
- roles(List of String) roles are the user roles that must be present for the user to obtain access.
- traits(Attributes List) traits are the traits that must be present for the user to obtain access. (see below for nested schema)
Nested Schema for spec.ownership_requires.traits
Optional:
- key(String) key is the name of the trait.
- values(List of String) values is the list of trait values.