Skip to main content

Using the Teleport Terraform Provider

Report an Issue
Video guide
This is a fake video link, YouTube API key is not available
This is a fake video link, YouTube API key is not available

The Teleport Terraform provider allows Teleport administrators to use Terraform to configure Teleport via dynamic resources.

Get started

For an example of using the Teleport Terraform provider to deploy Teleport Agents, configure Single Sign-On, and manage role-based access controls, see Getting Started.

Authenticate the provider

The provider must obtain an identity to connect to Teleport. The method to obtain it depends on where the Terraform code is executed. You must pick the correct guide for your setup.

For quick local demos, you can generate temporary credentials for the Terraform provider.

If you are using a third-party cloud platform to manage infrastructure as code, you can use the platform to authenticate the Teleport Terraform provider. The Teleport Terraform provider integrates with the following solutions:

It is also possible to set up the Teleport Terraform provider with a CI platform or cloud VM that has a built-in authentication system, as well as a dedicated server with long-running workloads.

If none of the above options fit your use case, you may want to consider long-lived credentials. We discourage this option because it is the least secure.

Manage resources

Once you have a functional Teleport Terraform provider, you will want to configure your resources with it.

For instructions on managing specific Teleport dynamic resources with Terraform, read Managing Resources with Infrastructure as Code.

The list of supported resources and their fields is available in the Terraform reference.

Finally, you can import your existing resources in Terraform.

Upgrade the provider

Make sure the Teleport Terraform provider remains up to date so your configuration is compatible with your Teleport backend.

  1. Determine the version your Teleport cluster expects for client tools. Substitute example.teleport.sh with the domain name of your Teleport cluster. (This command assumes that you have the jq CLI installed on your system.)

    curl https://example.teleport.sh/webapi/ping | \  jq -r '.auto_update.tools_version'
      18.7.2

  2. Ensure the terraform.required_providers block of your Teleport Terraform provider configuration specifies the correct version:

    terraform {
  required_providers {
    teleport = {
      source  = "terraform.releases.teleport.dev/gravitational/teleport"
      version = "18.7.2"
    }
  }
}