Reference for the teleport_integration Terraform data-source
This page describes the supported values of the teleport_integration data source of the
Teleport Terraform provider.
Schema
Required
metadata(Attributes) Metadata is resource metadata (see below for nested schema)spec(Attributes) Spec is an Integration specification. (see below for nested schema)sub_kind(String) SubKind is an optional resource sub kind, used in some resourcesversion(String) Version is the API version used to create the resource. It must be specified. Based on this version, Teleport will apply different defaults on resource creation or deletion. It must be an integer prefixed by "v". For example:v1
Nested Schema for metadata
Required:
name(String) Name is an object name
Optional:
description(String) Description is object descriptionexpires(String) Expires is a global expiry time header can be set on any resource in the system.labels(Map of String) Labels is a set of labels
Nested Schema for spec
Optional:
aws_oidc(Attributes) AWSOIDC contains the specific fields to handle the AWS OIDC Integration subkind (see below for nested schema)aws_ra(Attributes) AWSRA contains the specific fields to handle the AWS Roles Anywhere Integration subkind. (see below for nested schema)azure_oidc(Attributes) AzureOIDC contains the specific fields to handle the Azure OIDC Integration subkind (see below for nested schema)
Nested Schema for spec.aws_oidc
Optional:
audience(String) Audience is used to record a name of a plugin or a discover service in Teleport that depends on this integration. Audience value can either be empty or "aws-identity-center". Preset audience may impose specific behavior on the integration CRUD API, such as preventing integration from update or deletion. Empty audience value should be treated as a default and backward-compatible behavior of the integration.issuer_s3_uri(String) IssuerS3URI is the Identity Provider that was configured in AWS. This bucket/prefix/* files must be publicly accessible and contain the following: > .well-known/openid-configuration > .well-known/jwks Format:s3://<bucket>/<prefix>Optional. The proxy's endpoint is used if it is not specified. DEPRECATED: Thumbprint validation requires the issuer to update the IdP in AWS everytime the issuer changes the certificate. Amazon had some whitelisted providers where the thumbprint was ignored. S3 hosted providers was in that list. Amazon is now trusting all the root certificate authorities, and this workaround is no longer needed. DELETE IN 18.0.role_arn(String) RoleARN contains the Role ARN used to set up the Integration. This is the AWS Role that Teleport will use to issue tokens for API Calls.
Nested Schema for spec.aws_ra
Optional:
profile_sync_config(Attributes) ProfileSyncConfig contains the configuration for the AWS Roles Anywhere Profile sync. This is used to create AWS Roles Anywhere profiles as application servers. (see below for nested schema)trust_anchor_arn(String) TrustAnchorARN contains the AWS IAM Roles Anywhere Trust Anchor ARN used to set up the Integration.
Nested Schema for spec.aws_ra.profile_sync_config
Optional:
enabled(Boolean) Enabled is set to true if this integration should sync profiles as application servers.profile_accepts_role_session_name(Boolean) ProfileAcceptsRoleSessionName indicates whether the profile accepts a custom Role Session name.profile_arn(String) ProfileARN is the ARN of the Roles Anywhere Profile used to generate credentials to access the AWS APIs.profile_name_filters(List of String) ProfileNameFilters is a list of filters applied to the profile name. Only matching profiles will be synchronized as application servers. If empty, no filtering is applied. Filters can be globs, for example: profile* name Or regexes if they're prefixed and suffixed with ^ and $, for example: ^profile.*$ ^.name.$role_arn(String) RoleARN is the ARN of the IAM Role to assume when accessing the AWS APIs.
Nested Schema for spec.azure_oidc
Optional:
client_id(String) ClientID specifies the ID of Azure enterprise application (client) that corresponds to this plugin.tenant_id(String) TenantID specifies the ID of Entra Tenant (Directory) that this plugin integrates with.