diff --git a/docs/pages/application-access/getting-started.mdx b/docs/pages/application-access/getting-started.mdx index 785ee588fa51d..0c3f6f5440f9e 100644 --- a/docs/pages/application-access/getting-started.mdx +++ b/docs/pages/application-access/getting-started.mdx @@ -37,12 +37,14 @@ Download the latest version of Teleport for your platform from our [downloads page](https://goteleport.com/teleport/download). We will assume that you have configured DNS records for `teleport.example.com` -and `*.teleport.example.com` to point to the Teleport node. +and `*.teleport.example.com` to point to the Teleport Proxy Service. +### Configure TLS Teleport uses TLS to communicate with clients, and can fetch certificates automatically via Let's Encrypt. (!docs/pages/includes/acme.mdx!) +### Start Teleport Now start Teleport and point it to the application endpoint: ```code @@ -55,6 +57,7 @@ $ sudo teleport start \ Make sure to update `--app-name` and `--app-uri` accordingly if you're using your own web application. +### Create a user Next, let's create a user to access the application we've just connected. Teleport has a built-in role called `access` that allows users to access cluster resources. Create a local user assigned this role: ```code diff --git a/docs/pages/database-access/getting-started.mdx b/docs/pages/database-access/getting-started.mdx index 2fd4868f87660..7bf0d0d550b71 100644 --- a/docs/pages/database-access/getting-started.mdx +++ b/docs/pages/database-access/getting-started.mdx @@ -14,7 +14,7 @@ Here's an overview of what we will do: 2. Download and install Teleport (=teleport.version=) and connect it to the Aurora database. 3. Connect to the Aurora database via Teleport. -## Step 1/3. Setup Aurora +## Step 1/3. Set up Aurora In order to allow Teleport connections to an Aurora instance, it needs to support IAM authentication. @@ -73,18 +73,23 @@ GRANT rds_iam TO alice; For more information about connecting to the PostgreSQL instance directly, see Amazon [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToPostgreSQLInstance.html). -## Step 2/3. Setup Teleport +## Step 2/3. Set up Teleport Teleport Database Access is available starting from `6.0.0` release. Download the appropriate version of Teleport for your platform from our [downloads page](https://goteleport.com/teleport/download). + +### Configure TLS + Teleport requires a valid TLS certificate to operate and can fetch one automatically using Let's Encrypt. (!docs/pages/includes/acme.mdx!) +### Start Teleport + Now start Teleport and point it to your Aurora database instance. Make sure to update the database endpoint and region appropriately. @@ -102,9 +107,11 @@ $ sudo teleport start --config=/tmp/teleport.yaml \ title="AWS Credentials" > The node that connects to the database should have AWS credentials configured - with the policy from [step 1](#step-13-setup-aurora). + with the policy from [step 1](#step-13-set-up-aurora). +### Create a user and role + Create the role that will allow a user to connect to any database using any database account: diff --git a/docs/pages/includes/acme.mdx b/docs/pages/includes/acme.mdx index 8464812a887d4..fb33518d61cdd 100644 --- a/docs/pages/includes/acme.mdx +++ b/docs/pages/includes/acme.mdx @@ -1,9 +1,11 @@ -Let's Encrypt verifies that you control the domain name of your Teleport deployment by communicating with the HTTPS server listening on port 443 of your Teleport Proxy Service. +Let's Encrypt verifies that you control the domain name of your Teleport deployment by communicating with the HTTPS server listening on port 443 of your Teleport Proxy Service. -You can configure Teleport to complete the Let's Encrypt verification process—called the ACME protocol—by running the following `teleport configure` command, where `tele.example.com` is the domain name of your Teleport cluster and `user@example.com` is an email address used for notifications (you can use any domain): +You can configure the Teleport Proxy service to complete the Let's Encrypt verification process when it starts up. + +Run the following `teleport configure` command, where `tele.example.com` is the domain name of your Teleport cluster and `user@example.com` is an email address used for notifications (you can use any domain): ```code -teleport configure --acme --acme-email=user@example.com --cluster-name=tele.example.com +teleport configure --acme --acme-email=user@example.com --cluster-name=tele.example.com > /etc/teleport.yaml ``` The `--acme`, `--acme-email`, and `--cluster-name` flags will add the following settings to your Teleport configuration file: