Skip to main content
Version: 19.x (unreleased)

Reference for the teleport_lock Terraform resource

Report an Issue

This page describes the supported values of the teleport_lock resource of the Teleport Terraform provider.

Example Usage

# Generate a random UUID to use as the lock name.
resource "random_uuid" "my_lock" {}

resource "teleport_lock" "my_lock" {
  version = "v2"
  metadata = {
    name        = random_uuid.my_lock.result
    description = "Ongoing incident investigation."
  }

  spec = {
    target = {
      user = "john"
    }
  }
}

Schema

Optional

  • metadata (Attributes) Metadata holds resource metadata. (see below for nested schema)
  • spec (Attributes) Spec is a Lock specification. (see below for nested schema)
  • sub_kind (String) SubKind is an optional resource sub kind, used in some resources.
  • version (String) Version is the resource version. It must be specified. Supported values are: v2.

Nested Schema for metadata

Optional:

  • description (String) Description is object description
  • expires (String) Expires is a global expiry time header can be set on any resource in the system.
  • labels (Map of String) Labels is a set of labels
  • name (String) Name is an object name

Nested Schema for spec

Optional:

  • created_at (String) CreatedAt is the date time that the lock was created.
  • created_by (String) CreatedBy is the username of the author of the lock.
  • expires (String) Expires if set specifies when the lock ceases to be in force.
  • message (String) Message is the message displayed to locked-out users.
  • target (Attributes) Target describes the set of interactions that the lock applies to. (see below for nested schema)

Nested Schema for spec.target

Optional:

  • access_request (String) AccessRequest specifies the UUID of an Access Request.
  • bot_instance_id (String) BotInstanceID is the bot instance ID if this is a bot identity and is ignored otherwise.
  • device (String) Device is the device ID of a trusted device. Requires Teleport Enterprise.
  • join_token (String) JoinToken is the name of the join token used when this identity originally joined. This is only valid for bot identities, and cannot be used to target token-joined bots.
  • login (String) Login specifies the name of a local UNIX user.
  • mfa_device (String) MFADevice specifies the UUID of a user MFA device.
  • role (String) Role specifies the name of an RBAC role known to the root cluster. In remote clusters, this constraint is evaluated before translating to local roles.
  • server_id (String) ServerID is the host id of the Teleport instance.
  • user (String) User specifies the name of a Teleport user.
  • windows_desktop (String) WindowsDesktop specifies the name of a Windows desktop.