https://github.com/cruxstack/terraform-teleport-configuration
Terraform module to configure Teleport, a zero-trust solution from Gravitational, to AWS in high-availability architecture
https://github.com/cruxstack/terraform-teleport-configuration
Last synced: 10 days ago
JSON representation
Terraform module to configure Teleport, a zero-trust solution from Gravitational, to AWS in high-availability architecture
- Host: GitHub
- URL: https://github.com/cruxstack/terraform-teleport-configuration
- Owner: cruxstack
- License: mit
- Created: 2025-05-16T23:47:03.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2025-05-19T15:58:38.000Z (9 months ago)
- Last Synced: 2025-05-19T16:56:18.681Z (9 months ago)
- Language: HCL
- Homepage: https://registry.terraform.io/modules/cruxstack/teleport-node/aws/latest
- Size: 13.7 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# terraform-teleport-configuration
Opinionated Terraform module for **configurating Teleport clusters**. It works
for both **Teleport Cloud** and **self-hosted cluster**. The module provisions
and maintains:
- Provision tokens using IAM, EC2 GitHub, etc. join methods
- Roles with allow/deny rules and options
- Identity-provider connectors for GitHub, Okta, generic SAML, etc.
## Usage
```hcl
module "teleport" {
source = "cruxstack/configuration/teleport"
version = "x.x.x"
tp_domain = "teleport.example.com"
tp_tokens = {
node = {
roles = ["App", "Db", "Node"]
join_method = "iam"
aws = {
allow = [{ account = "111111111111"}]
}
}
}
tp_github_connector = {
enabled = true
oauth_client = {
id = "xxxxxxxxx"
secret = "xxxxxxxxx"
}
team_mappings = [{
org = "cruxstack"
team = "developers"
roles = ["access"]
}]
}
}
````
## Inputs
| Variable | Type | Default | Description |
|-----------------------|-------------- |-----------------------|--------------------------------------------------------------|
| `enabled` | `bool` | `true` | set to false to prevent the module from creating resources |
| `tp_edition` | `string` | `"cloud"` | teleport edition |
| `tp_domain` | `string` | n/a | domain to the teleport proxy service |
| `tp_tokens` | `map(object)` | `{}` | token definitions keyed by name |
| `tp_roles` | `map(object)` | `{}` | teleport role definitions |
| `tp_github_connector` | `object` | `{ enabled = false }` | github oauth connector settings |
| `tp_okta_connector` | `object` | `{ enabled = false }` | okta saml connector settings |
| `tp_saml_connector` | `object` | `{ enabled = false }` | generic saml connector settings |
## Outputs
| Name | Type | Description |
|-----------------------|-----------------|-----------------------------------------------------------|
| `token_ids` | `list(string)` | ids of all `teleport_provision_token` resources |
| `role_names` | `set(string)` | set of role names managed by this module |
| `github_connector_id` | `string` | id of the github connector (`null` when connector disabled)|