Reference for the teleport_discovery_config Terraform data-source
This page describes the supported values of the teleport_discovery_config data source of the
Teleport Terraform provider.
Schema
Required
header(Attributes) Header is the resource header. (see below for nested schema)spec(Attributes) Spec is an DiscoveryConfig specification. (see below for nested schema)
Nested Schema for header
Required:
metadata(Attributes) metadata is resource metadata. (see below for nested schema)version(String) Version is the API version used to create the resource. It must be specified. Based on this version, Teleport will apply different defaults on resource creation or deletion. It must be an integer prefixed by "v". For example:v1
Optional:
kind(String) kind is a resource kind.sub_kind(String) sub_kind is an optional resource sub kind, used in some resources.
Nested Schema for header.metadata
Required:
name(String) name is an object name.
Optional:
description(String) description is object description.expires(String) expires is a global expiry time header can be set on any resource in the system.labels(Map of String) labels is a set of labels.namespace(String) namespace is object namespace. The field should be called "namespace" when it returns in Teleport 2.4.revision(String) revision is an opaque identifier which tracks the versions of a resource over time. Clients should ignore and not alter its value but must return the revision in any updates of a resource.
Nested Schema for spec
Optional:
access_graph(Attributes) AccessGraph is the configurations for syncing Cloud accounts into Access Graph. (see below for nested schema)aws(Attributes List) AWS is a list of AWS Matchers. (see below for nested schema)azure(Attributes List) Azure is a list of Azure Matchers. (see below for nested schema)discovery_group(String) DiscoveryGroup is used by discovery_service to add extra matchers. All the discovery_services that have the same discovery_group, will load the matchers of this resource.gcp(Attributes List) GCP is a list of GCP Matchers. (see below for nested schema)kube(Attributes List) Kube is a list of Kubernetes Matchers. (see below for nested schema)
Nested Schema for spec.access_graph
Optional:
aws(Attributes List) AWS is a configuration for AWS Access Graph service poll service. (see below for nested schema)azure(Attributes List) Azure is a configuration for Azure Access Graph service poll service. (see below for nested schema)poll_interval(String) PollInterval is the frequency at which to poll for resources
Nested Schema for spec.access_graph.aws
Optional:
assume_role(Attributes) AssumeRoleARN is the AWS role to assume for database discovery. (see below for nested schema)cloud_trail_logs(Attributes) Configuration settings for collecting AWS CloudTrail logs via an SQS queue. (see below for nested schema)eks_audit_logs(Attributes) (see below for nested schema)integration(String) Integration is the integration name used to generate credentials to interact with AWS APIs.regions(List of String) Regions are AWS regions to import resources from.
Nested Schema for spec.access_graph.aws.assume_role
Optional:
external_id(String) ExternalID is the external ID used to assume a role in another account.role_arn(String) RoleARN is the fully specified AWS IAM role ARN.
Nested Schema for spec.access_graph.aws.cloud_trail_logs
Optional:
region(String) The AWS region of the SQS queue for CloudTrail notifications, ex.: "us-east-2".sqs_queue(String) The name or URL for CloudTrail log events, ex.: "demo-cloudtrail-queue".
Nested Schema for spec.access_graph.aws.eks_audit_logs
Optional:
tags(Map of List of String) The tags of EKS clusters for which apiserver audit logs should be fetched.
Nested Schema for spec.access_graph.azure
Optional:
integration(String) Integration is the integration name used to generate credentials to interact with AWS APIs.subscription_id(String) SubscriptionID Is the ID of the Azure subscription to sync resources from
Nested Schema for spec.aws
Optional:
assume_role(Attributes) AssumeRoleARN is the AWS role to assume for database discovery. (see below for nested schema)install(Attributes) Params sets the join method when installing on discovered EC2 nodes (see below for nested schema)integration(String) Integration is the integration name used to generate credentials to interact with AWS APIs. Environment credentials will not be used when this value is set.kube_app_discovery(Boolean) KubeAppDiscovery controls whether Kubernetes App Discovery will be enabled for agents running on discovered clusters, currently only affects AWS EKS discovery in integration mode.organization(Attributes) Organization is an AWS Organization matcher for discovering resources accross multiple accounts under an Organization. (see below for nested schema)regions(List of String) Regions are AWS regions to query for databases.setup_access_for_arn(String) SetupAccessForARN is the role that the Discovery Service should create EKS Access Entries for. This value should match the IAM identity that Teleport Kubernetes Service uses. If this value is empty, the Discovery Service will attempt to set up access for its own identity (self).ssm(Attributes) SSM provides options to use when sending a document command to an EC2 node (see below for nested schema)tags(Map of List of String) Tags are AWS resource Tags to match.types(List of String) Types are AWS database types to match, "ec2", "rds", "redshift", "elasticache", or "memorydb".
Nested Schema for spec.aws.assume_role
Optional:
external_id(String) ExternalID is the external ID used to assume a role in another account.role_arn(String) RoleARN is the fully specified AWS IAM role ARN.
Nested Schema for spec.aws.install
Optional:
azure(Attributes) Azure is the set of Azure-specific installation parameters. (see below for nested schema)enroll_mode(Number) EnrollMode indicates the enrollment mode to be used when adding a node. Valid values: 0: uses eice for EC2 matchers which use an integration and script for all the other methods 1: uses script mode 2: uses eice mode (deprecated)http_proxy_settings(Attributes) HTTPProxySettings defines HTTP proxy settings for making HTTP requests. When set, this will set the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables before running the installation. (see below for nested schema)install_teleport(Boolean) InstallTeleport disables agentless discoveryjoin_method(String) JoinMethod is the method to use when joining the clusterjoin_token(String) JoinToken is the token to use when joining the clusterproxy_addr(String) PublicProxyAddr is the address of the proxy the discovered node should use to connect to the cluster.script_name(String) ScriptName is the name of the teleport installer script resource for the cloud instance to executesshd_config(String) SSHDConfig provides the path to write sshd configuration changessuffix(String) Suffix indicates the installation suffix for the teleport installation. Set this value if you want multiple installations of Teleport. See --install-suffix flag in teleport-update program. Note: only supported for Amazon EC2. Suffix name can only contain alphanumeric characters and hyphens.update_group(String) UpdateGroup indicates the update group for the teleport installation. This value is used to group installations in order to update them in batches. See --group flag in teleport-update program. Note: only supported for Amazon EC2. Group name can only contain alphanumeric characters and hyphens.
Nested Schema for spec.aws.install.azure
Optional:
client_id(String) ClientID is the client ID of the managed identity discovered nodes should use to join the cluster.
Nested Schema for spec.aws.install.http_proxy_settings
Optional:
http_proxy(String) HTTPProxy is the URL for the HTTP proxy to use when making requests. When applied, this will set the HTTP_PROXY environment variable.https_proxy(String) HTTPSProxy is the URL for the HTTPS Proxy to use when making requests. When applied, this will set the HTTPS_PROXY environment variable.no_proxy(String) NoProxy is a comma separated list of URLs that will be excluded from proxying. When applied, this will set the NO_PROXY environment variable.
Nested Schema for spec.aws.organization
Optional:
organization_id(String) OrganizationID is the AWS Organization ID to match against. Required.organizational_units(Attributes) OrganizationalUnits contains rules for matchings AWS accounts based on their Organizational Units. (see below for nested schema)
Nested Schema for spec.aws.organization.organizational_units
Optional:
exclude(List of String) Exclude is a list of AWS Organizational Unit IDs to exclude. Only exact matches or wildcard (*) are supported. If empty, no Organizational Units are excluded by default.include(List of String) Include is a list of AWS Organizational Unit IDs to match. Only exact matches or wildcard (*) are supported. If empty, all Organizational Units are included by default.
Nested Schema for spec.aws.ssm
Optional:
document_name(String) DocumentName is the name of the document to use when executing an SSM command
Nested Schema for spec.azure
Optional:
install_params(Attributes) Params sets the join method when installing on discovered Azure nodes. (see below for nested schema)integration(String) Integration is the integration name used to generate credentials to interact with Azure APIs. Environment credentials will not be used when this value is set.regions(List of String) Regions are Azure locations to match for databases.resource_groups(List of String) ResourceGroups are Azure resource groups to query for resources.subscriptions(List of String) Subscriptions are Azure subscriptions to query for resources.tags(Map of List of String) ResourceTags are Azure tags on resources to match.types(List of String) Types are Azure types to match: "mysql", "postgres", "aks", "vm"
Nested Schema for spec.azure.install_params
Required:
join_method(String) JoinMethod is the method to use when joining the clusterjoin_token(String) JoinToken is the token to use when joining the cluster
Optional:
azure(Attributes) Azure is the set of Azure-specific installation parameters. (see below for nested schema)enroll_mode(Number) EnrollMode indicates the enrollment mode to be used when adding a node. Valid values: 0: uses eice for EC2 matchers which use an integration and script for all the other methods 1: uses script mode 2: uses eice mode (deprecated)http_proxy_settings(Attributes) HTTPProxySettings defines HTTP proxy settings for making HTTP requests. When set, this will set the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables before running the installation. (see below for nested schema)install_teleport(Boolean) InstallTeleport disables agentless discoveryproxy_addr(String) PublicProxyAddr is the address of the proxy the discovered node should use to connect to the cluster.script_name(String) ScriptName is the name of the teleport installer script resource for the cloud instance to executesshd_config(String) SSHDConfig provides the path to write sshd configuration changessuffix(String) Suffix indicates the installation suffix for the teleport installation. Set this value if you want multiple installations of Teleport. See --install-suffix flag in teleport-update program. Note: only supported for Amazon EC2. Suffix name can only contain alphanumeric characters and hyphens.update_group(String) UpdateGroup indicates the update group for the teleport installation. This value is used to group installations in order to update them in batches. See --group flag in teleport-update program. Note: only supported for Amazon EC2. Group name can only contain alphanumeric characters and hyphens.
Nested Schema for spec.azure.install_params.azure
Required:
client_id(String) ClientID is the client ID of the managed identity discovered nodes should use to join the cluster.
Nested Schema for spec.azure.install_params.http_proxy_settings
Optional:
http_proxy(String) HTTPProxy is the URL for the HTTP proxy to use when making requests. When applied, this will set the HTTP_PROXY environment variable.https_proxy(String) HTTPSProxy is the URL for the HTTPS Proxy to use when making requests. When applied, this will set the HTTPS_PROXY environment variable.no_proxy(String) NoProxy is a comma separated list of URLs that will be excluded from proxying. When applied, this will set the NO_PROXY environment variable.
Nested Schema for spec.gcp
Optional:
install_params(Attributes) Params sets the join method when installing on discovered GCP nodes. (see below for nested schema)labels(Map of List of String) Labels are GCP labels to match.locations(List of String) Locations are GKE locations to search resources for.project_ids(List of String) ProjectIDs are the GCP project ID where the resources are deployed.service_accounts(List of String) ServiceAccounts are the emails of service accounts attached to VMs.tags(Map of List of String) Tags is obsolete and only exists for backwards compatibility. Use Labels instead.types(List of String) Types are GKE resource types to match: "gke", "vm".
Nested Schema for spec.gcp.install_params
Optional:
azure(Attributes) Azure is the set of Azure-specific installation parameters. (see below for nested schema)enroll_mode(Number) EnrollMode indicates the enrollment mode to be used when adding a node. Valid values: 0: uses eice for EC2 matchers which use an integration and script for all the other methods 1: uses script mode 2: uses eice mode (deprecated)http_proxy_settings(Attributes) HTTPProxySettings defines HTTP proxy settings for making HTTP requests. When set, this will set the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables before running the installation. (see below for nested schema)install_teleport(Boolean) InstallTeleport disables agentless discoveryjoin_method(String) JoinMethod is the method to use when joining the clusterjoin_token(String) JoinToken is the token to use when joining the clusterproxy_addr(String) PublicProxyAddr is the address of the proxy the discovered node should use to connect to the cluster.script_name(String) ScriptName is the name of the teleport installer script resource for the cloud instance to executesshd_config(String) SSHDConfig provides the path to write sshd configuration changessuffix(String) Suffix indicates the installation suffix for the teleport installation. Set this value if you want multiple installations of Teleport. See --install-suffix flag in teleport-update program. Note: only supported for Amazon EC2. Suffix name can only contain alphanumeric characters and hyphens.update_group(String) UpdateGroup indicates the update group for the teleport installation. This value is used to group installations in order to update them in batches. See --group flag in teleport-update program. Note: only supported for Amazon EC2. Group name can only contain alphanumeric characters and hyphens.
Nested Schema for spec.gcp.install_params.azure
Optional:
client_id(String) ClientID is the client ID of the managed identity discovered nodes should use to join the cluster.
Nested Schema for spec.gcp.install_params.http_proxy_settings
Optional:
http_proxy(String) HTTPProxy is the URL for the HTTP proxy to use when making requests. When applied, this will set the HTTP_PROXY environment variable.https_proxy(String) HTTPSProxy is the URL for the HTTPS Proxy to use when making requests. When applied, this will set the HTTPS_PROXY environment variable.no_proxy(String) NoProxy is a comma separated list of URLs that will be excluded from proxying. When applied, this will set the NO_PROXY environment variable.
Nested Schema for spec.kube
Optional:
labels(Map of List of String) Labels are Kubernetes services labels to match.namespaces(List of String) Namespaces are Kubernetes namespaces in which to discover servicestypes(List of String) Types are Kubernetes services types to match. Currently only 'app' is supported.