diff --git a/docs/pages/database-access/getting-started.mdx b/docs/pages/database-access/getting-started.mdx
index d79fb80c5efbf..345e40cead9ac 100644
--- a/docs/pages/database-access/getting-started.mdx
+++ b/docs/pages/database-access/getting-started.mdx
@@ -28,14 +28,16 @@ release.
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- An AWS account with a PostgreSQL AWS Aurora database and permissions to create
and attach IAM policies.
- A host, e.g., an EC2 instance, where you will run the Teleport Database
Service.
-(!docs/pages/includes/user-client-prereqs.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-## Step 1/3. Set up Aurora
+## Step 1/4. Set up Aurora
In order to allow Teleport connections to an Aurora instance, the instance needs
to support IAM authentication.
@@ -94,13 +96,7 @@ GRANT rds_iam TO alice;
For more information about connecting to the PostgreSQL instance directly,
see the AWS [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToPostgreSQLInstance.html).
-## Step 2/3. Set up Teleport
-
-### Start the Auth Service and Proxy Service
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
-
-### Start the Teleport Database Service
+## Step 2/4. Start the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
@@ -153,7 +149,7 @@ $ teleport db start \
with the policy from [step 1](#step-13-set-up-aurora).
-### Create a user and role
+## Step 3/4. Create a user and role
Create the role that will allow a user to connect to any database using any
database account:
@@ -181,7 +177,7 @@ Create the Teleport user assigned the `db` role we've just created:
$ tctl users add --roles=access,db alice
```
-## Step 3/3. Connect
+## Step 4/4. Connect
Now that Aurora is configured with IAM authentication, Teleport is running, and
the local user is created, we're ready to connect to the database.
diff --git a/docs/pages/database-access/guides/aws-cassandra-keyspaces.mdx b/docs/pages/database-access/guides/aws-cassandra-keyspaces.mdx
index b76ad71ba3104..9e2a6a9f606c8 100644
--- a/docs/pages/database-access/guides/aws-cassandra-keyspaces.mdx
+++ b/docs/pages/database-access/guides/aws-cassandra-keyspaces.mdx
@@ -29,20 +29,15 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- AWS Account with AWS Keyspaces database and permissions to create and attach IAM policies
- The `cqlsh` Cassandra client installed and added to your system's `PATH` environment variable.
- A host, e.g., an Amazon EC2 instance, where you will run the Teleport Database Service.
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
-
-## Step 1/5. Install and configure Teleport
-
-### Set up the Teleport Auth and Proxy Services
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-### Set up the Teleport Database Service
+## Step 1/5. Set up the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
diff --git a/docs/pages/database-access/guides/azure-postgres-mysql.mdx b/docs/pages/database-access/guides/azure-postgres-mysql.mdx
index ae354c02b0949..ef7a190707f70 100644
--- a/docs/pages/database-access/guides/azure-postgres-mysql.mdx
+++ b/docs/pages/database-access/guides/azure-postgres-mysql.mdx
@@ -28,6 +28,7 @@ to Azure PostgreSQL and MySQL servers.
## Prerequisites
(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- Deployed Azure Database for PostgreSQL or MySQL server.
- Azure Active Directory administrative privileges.
- A host, e.g., an Azure VM instance, where you will run the Teleport Database
@@ -153,14 +154,14 @@ role 'azure-database-role.yaml' has been created
(\!docs/pages/includes/add-role-to-user.mdx role="azure-database-access" \!)
-## Step 2/5. Configure Azure service principal
+## Step 3/6. Configure Azure service principal
To authenticate with PostgreSQL or MySQL databases, Teleport Database Service
needs to obtain access tokens from Azure AD.
(!docs/pages/includes/database-access/azure-configure-service-principal.mdx!)
-## Step 3/5. Configure IAM permissions for Teleport
+## Step 4/6. Configure IAM permissions for Teleport
### Create a custom role
@@ -225,7 +226,7 @@ and replace the subscription in "assignableScopes" with your own subscription id
(!docs/pages/includes/database-access/azure-assign-service-principal.mdx!)
-## Step 4/5. Create Azure database users
+## Step 5/6. Create Azure database users
To let Teleport connect to your Azure database authenticating as a service
principal, you need to create Azure AD users authenticated by that principal in the database.
@@ -364,7 +365,7 @@ GRANT ALL ON `%`.* TO 'teleport'@'%';
You can create multiple database users identified by the same service principal.
-## Step 5/5. Connect
+## Step 6/6. Connect
Log in to your Teleport cluster. Your Azure database should appear in the list of
available databases:
diff --git a/docs/pages/database-access/guides/azure-redis.mdx b/docs/pages/database-access/guides/azure-redis.mdx
index d985729af0880..aac0fbcf60519 100644
--- a/docs/pages/database-access/guides/azure-redis.mdx
+++ b/docs/pages/database-access/guides/azure-redis.mdx
@@ -19,6 +19,8 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- Deployed Azure Redis server or Azure Redis Enterprise cluster.
- Azure administrative privileges to manage service principals and access
controls.
@@ -27,17 +29,13 @@ This guide will help you to:
- `redis-cli` version `6.2` or newer installed and added to your system's
`PATH` environment variable.
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
-## Step 1/6. Install Teleport
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-## Step 2/6. Create a Teleport user
+## Step 1/5. Create a Teleport user
(!docs/pages/includes/database-access/create-user.mdx!)
-## Step 3/6. Create a Database Service configuration
+## Step 2/5. Create a Database Service configuration
Install Teleport on the host where you will run the Teleport Database Service:
@@ -78,7 +76,7 @@ addition to the region, you can optionally specify
further customize the scopes of the auto-discovery.
-## Step 4/6. Configure IAM permissions for Teleport
+## Step 3/5. Configure IAM permissions for Teleport
The Teleport Database Service needs Azure IAM permissions to:
@@ -147,7 +145,7 @@ and replace the subscription in `assignableScopes` with your own subscription id
(!docs/pages/includes/database-access/azure-assign-service-principal.mdx!)
-## Step 5/6. Start the Database Service
+## Step 4/5. Start the Database Service
Once the service principal is configured with the required IAM permissions,
start the Teleport Database Service:
@@ -156,7 +154,7 @@ start the Teleport Database Service:
$ teleport start --config=/etc/teleport.yaml
```
-## Step 6/6. Connect
+## Step 5/5. Connect
Log in to your Teleport cluster. Your Azure Cache for Redis databases should
appear in the list of available databases:
diff --git a/docs/pages/database-access/guides/azure-sql-server-ad.mdx b/docs/pages/database-access/guides/azure-sql-server-ad.mdx
index 8ef43f2768d7c..c381cb89e59f4 100644
--- a/docs/pages/database-access/guides/azure-sql-server-ad.mdx
+++ b/docs/pages/database-access/guides/azure-sql-server-ad.mdx
@@ -34,20 +34,18 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- SQL Server running on Azure.
- The Teleport Database Service running on an Azure virtual instance.
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
-## Step 1/9. Set up the Teleport Auth and Proxy Services
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-## Step 2/9. Create a Teleport user
+## Step 1/8. Create a Teleport user
(!docs/pages/includes/database-access/create-user.mdx!)
-## Step 3/9. Enable the SQL Server Azure Active Directory integration
+## Step 2/8. Enable the SQL Server Azure Active Directory integration
If you have it enabled, you can go to the next step.
@@ -62,7 +60,7 @@ login to SQL Server.
-## Step 4/9. Configure IAM permissions for Teleport
+## Step 3/8. Configure IAM permissions for Teleport
The Teleport Database Service needs Azure IAM permissions to:
- Discover and register SQL Server instances.
@@ -123,7 +121,7 @@ with your own subscription id:
-## Step 5/9. Configure virtual machine identities
+## Step 4/8. Configure virtual machine identities
In the Teleport Database Service virtual machine's **Identity**
section, enable the system assigned identity. This is used by Teleport to access
@@ -163,7 +161,7 @@ created:
-## Step 6/9. Enable managed identities login on SQL Server
+## Step 5/8. Enable managed identities login on SQL Server
Azure AD SQL Server integration uses database-level authentication (contained
users), meaning we must create a user for our identities on each database we
@@ -186,7 +184,7 @@ the user as a member of the `db_datareader` role:
ALTER ROLE db_datareader ADD MEMBER [sqlserver-identity];
```
-## Step 7/9. Create a Database Service configuration
+## Step 6/8. Create a Database Service configuration
Install Teleport on the host where you will run the Teleport Database Service:
@@ -219,7 +217,7 @@ The command will generate a Database Service configuration with Azure SQL
Server auto-discovery enabled in the `eastus` region and place it at the
`/etc/teleport.yaml` location.
-## Step 8/9. Start Teleport Database Service
+## Step 7/8. Start Teleport Database Service
Start the Database Service:
@@ -236,7 +234,7 @@ $ teleport start --config=/etc/teleport.yaml
Service.
-## Step 9/9. Connect
+## Step 8/8. Connect
Log in to your Teleport cluster. Your database should appear in the list of
available databases:
diff --git a/docs/pages/database-access/guides/cassandra-self-hosted.mdx b/docs/pages/database-access/guides/cassandra-self-hosted.mdx
index e4dfbb062cb04..7edc53d919258 100644
--- a/docs/pages/database-access/guides/cassandra-self-hosted.mdx
+++ b/docs/pages/database-access/guides/cassandra-self-hosted.mdx
@@ -29,20 +29,14 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- Self-hosted Cassandra or ScyllaDB instance.
- The `cqlsh` Cassandra client installed and added to your system's `PATH` environment variable.
+(!docs/pages/includes/tctl.mdx!)
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
-
-## Step 1/5. Install and configure Teleport
-
-### Set up the Teleport Auth and Proxy Services
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
-
-### Set up the Teleport Database Service
+## Step 1/5. Set up the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
diff --git a/docs/pages/database-access/guides/cockroachdb-self-hosted.mdx b/docs/pages/database-access/guides/cockroachdb-self-hosted.mdx
index b3329d08c37e6..26fdc0032aa78 100644
--- a/docs/pages/database-access/guides/cockroachdb-self-hosted.mdx
+++ b/docs/pages/database-access/guides/cockroachdb-self-hosted.mdx
@@ -29,19 +29,15 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- CockroachDB cluster.
- A host, e.g., an Amazon EC2 instance, where you will run the Teleport Database
Service.
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
-## Step 1/3. Install and configure Teleport
-
-### Set up the Teleport Auth and Proxy Services
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-### Set up the Teleport Database Service
+## Step 1/4. Set up the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
@@ -94,11 +90,11 @@ $ teleport db start \
See [YAML reference](../reference/configuration.mdx).
-### Create a Teleport user
+## Step 2/4. Create a Teleport user
(!docs/pages/includes/database-access/create-user.mdx!)
-## Step 2/3. Configure CockroachDB
+## Step 3/4. Configure CockroachDB
### Create a CockroachDB user
@@ -157,7 +153,7 @@ $ cockroach start \
# other flags...
```
-## Step 3/3. Connect
+## Step 4/4. Connect
Log in to your Teleport cluster. Your CockroachDB cluster should appear in the
list of available databases:
diff --git a/docs/pages/database-access/guides/elastic.mdx b/docs/pages/database-access/guides/elastic.mdx
index 8b315bca0c0d2..437dc96af3b82 100644
--- a/docs/pages/database-access/guides/elastic.mdx
+++ b/docs/pages/database-access/guides/elastic.mdx
@@ -17,6 +17,8 @@ This guide will help you to configure secured access to an Elasticsearch databas
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- A self-hosted Elasticsearch database. Elastic Cloud [does not support client certificates](https://www.elastic.co/guide/en/cloud/current/ec-restrictions.html#ec-restrictions-security), which are required for setting up Database Access.
- A host where you will run the Teleport Database Service. If you are already running the Teleport
@@ -26,15 +28,9 @@ This guide will help you to configure secured access to an Elasticsearch databas
See [Installation](../../installation.mdx) for details.
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
-## Step 1/5. Install and configure Teleport
-
-### Set up the Teleport Auth and Proxy Services
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-### Set up the Teleport Database Service
+## Step 1/5. Set up the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
diff --git a/docs/pages/database-access/guides/mongodb-atlas.mdx b/docs/pages/database-access/guides/mongodb-atlas.mdx
index 29e1293b4dcb9..15c40d079f364 100644
--- a/docs/pages/database-access/guides/mongodb-atlas.mdx
+++ b/docs/pages/database-access/guides/mongodb-atlas.mdx
@@ -19,19 +19,15 @@ In this guide you will:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx)
+
- [MongoDB Atlas](https://www.mongodb.com/cloud/atlas) cluster.
- A host, e.g., an Amazon EC2 instance, where you will run the Teleport Database
Service.
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
-## Step 1/3. Configure Teleport
-
-### Set up the Teleport Auth and Proxy services
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-### Set up the Teleport Database Service
+## Step 1/4. Set up the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
@@ -180,11 +176,11 @@ $ curl -o /tmp/isrgrootx1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
You can then use `/tmp/isrgrootx1.pem` as the value of the `db_service.databases[*].ca_cert_file` configuration option or `--ca-cert` CLI flag.
-### Create Teleport user
+## Step 2/4. Create a Teleport user
(!docs/pages/includes/database-access/create-user.mdx!)
-## Step 2/3. Configure Atlas
+## Step 3/4. Configure Atlas
### Enable self-managed X.509 authentication
@@ -227,7 +223,7 @@ certificate with `CN=alice` subject.
letters `CN=`.
-## Step 3/3. Connect
+## Step 4/4. Connect
Log into your Teleport cluster and see available databases:
diff --git a/docs/pages/database-access/guides/mongodb-self-hosted.mdx b/docs/pages/database-access/guides/mongodb-self-hosted.mdx
index 7c88879171599..58e6d36999d6d 100644
--- a/docs/pages/database-access/guides/mongodb-self-hosted.mdx
+++ b/docs/pages/database-access/guides/mongodb-self-hosted.mdx
@@ -20,6 +20,15 @@ In this guide you will:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
+
+
+You will need to install Teleport version `7.0` or newer to access self-hosted
+MongoDB instances.
+
+
+
- MongoDB cluster (standalone or replica set) version `(=mongodb.min_version=)` or newer.
@@ -29,17 +38,10 @@ In this guide you will:
April 2021 so if you're still using an older version, consider upgrading.
-(!docs/pages/includes/user-client-prereqs.mdx!)
+(!docs/pages/includes/tctl.mdx!)
## Step 1/3. Install and configure Teleport
-### Set up the Teleport Auth and Proxy services
-
-You will need to install Teleport version `7.0` or newer to access self-hosted
-MongoDB instances.
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
-
### Set up the Teleport Database service
(!docs/pages/includes/database-access/token.mdx!)
diff --git a/docs/pages/database-access/guides/mysql-cloudsql.mdx b/docs/pages/database-access/guides/mysql-cloudsql.mdx
index ed54b6d05ff1f..977b750e581dd 100644
--- a/docs/pages/database-access/guides/mysql-cloudsql.mdx
+++ b/docs/pages/database-access/guides/mysql-cloudsql.mdx
@@ -18,11 +18,20 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
+
+
+Teleport Database Access for Cloud SQL MySQL is available starting from the
+`7.0` release.
+
+
+
- Google Cloud account
- A host, e.g., a Compute Engine instance, where you will run the Teleport Database
Service
-(!docs/pages/includes/user-client-prereqs.mdx!)
+(!docs/pages/includes/tctl.mdx!)
## Step 1/5. Create a service account for the Teleport Database Service
@@ -107,12 +116,7 @@ file from the Connections tab under Security section:
-## Step 3/5. Set up the Teleport Auth and Proxy services
-
-Teleport Database Access for Cloud SQL MySQL is available starting from the
-`7.0` release.
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+## Step 3/5. Set up the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
diff --git a/docs/pages/database-access/guides/mysql-self-hosted.mdx b/docs/pages/database-access/guides/mysql-self-hosted.mdx
index ca67ed2e7de87..2cf8fbedb9782 100644
--- a/docs/pages/database-access/guides/mysql-self-hosted.mdx
+++ b/docs/pages/database-access/guides/mysql-self-hosted.mdx
@@ -18,19 +18,19 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- A self-hosted MySQL or MariaDB instance.
- A host, e.g., an Amazon EC2 instance, where you will run the Teleport Database
Service.
-(!docs/pages/includes/user-client-prereqs.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-## Step 1/4. Set up the Teleport Auth and Proxy Services
+## Step 1/4. Set up the Teleport Database Service
Teleport Database Access for MySQL is available starting from Teleport version
`6.0` and MariaDB starting from version `9.0`.
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
-
(!docs/pages/includes/database-access/token.mdx!)
Install Teleport on the host where you will run the Teleport Database Service:
diff --git a/docs/pages/database-access/guides/postgres-cloudsql.mdx b/docs/pages/database-access/guides/postgres-cloudsql.mdx
index e3715c4002fe5..055e21c27ebd7 100644
--- a/docs/pages/database-access/guides/postgres-cloudsql.mdx
+++ b/docs/pages/database-access/guides/postgres-cloudsql.mdx
@@ -19,12 +19,21 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
+
+
+Teleport Database Access for Cloud SQL PostgreSQL is available starting from
+the `6.2` Teleport release.
+
+
+
- Google Cloud account
- Command-line client `psql` installed and added to your system's `PATH` environment variable.
- A host, e.g., a Compute Engine instance, where you will run the Teleport Database
Service
-(!docs/pages/includes/user-client-prereqs.mdx!)
+(!docs/pages/includes/tctl.mdx!)
## Step 1/7. Enable Cloud SQL IAM authentication
@@ -178,12 +187,7 @@ file from the Connections tab under Security section:
-## Step 5/7. Set up the Teleport Auth and Proxy services
-
-Teleport Database Access for Cloud SQL PostgreSQL is available starting from
-the `6.2` Teleport release.
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+## Step 5/7. Set up the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
diff --git a/docs/pages/database-access/guides/postgres-redshift.mdx b/docs/pages/database-access/guides/postgres-redshift.mdx
index 9c87d6838dc3b..d57f033d9d51b 100644
--- a/docs/pages/database-access/guides/postgres-redshift.mdx
+++ b/docs/pages/database-access/guides/postgres-redshift.mdx
@@ -19,23 +19,21 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- AWS account with a Redshift cluster and permissions to create and attach IAM
policies.
- Command-line client `psql` installed and added to your system's `PATH` environment variable.
- A host, e.g., an EC2 instance, where you will run the Teleport Database
Service.
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
-## Step 1/6. Install Teleport
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-## Step 2/6. Create a Teleport user
+## Step 1/5. Create a Teleport user
(!docs/pages/includes/database-access/create-user.mdx!)
-## Step 3/6. Create a Database Service configuration
+## Step 2/5. Create a Database Service configuration
(!docs/pages/includes/database-access/token.mdx!)
@@ -72,7 +70,7 @@ The command will generate a Database Service configuration with Redshift
database auto-discovery enabled on the `us-west-1` region and place it at the
`/etc/teleport.yaml` location.
-## Step 4/6. Create an IAM policy for Teleport
+## Step 3/5. Create an IAM policy for Teleport
Teleport needs AWS IAM permissions to be able to:
@@ -81,7 +79,7 @@ Teleport needs AWS IAM permissions to be able to:
(!docs/pages/includes/database-access/aws-bootstrap.mdx!)
-## Step 5/6. Start the Database Service
+## Step 4/5. Start the Database Service
Run the following command on the Database Service node:
@@ -103,7 +101,7 @@ may not propagate immediately and can take a few minutes to come into effect.
-## Step 6/6. Connect
+## Step 5/5. Connect
diff --git a/docs/pages/database-access/guides/postgres-self-hosted.mdx b/docs/pages/database-access/guides/postgres-self-hosted.mdx
index 865d2fb714d37..f6cea961cf9fc 100644
--- a/docs/pages/database-access/guides/postgres-self-hosted.mdx
+++ b/docs/pages/database-access/guides/postgres-self-hosted.mdx
@@ -18,19 +18,23 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
+
+
+Teleport Database Access for PostgreSQL is available starting from the `6.0`
+release.
+
+
+
- A self-hosted PostgreSQL instance.
- Command-line client `psql` installed and added to your system's `PATH` environment variable.
- A host, e.g., an Amazon EC2 instance, where you will run the Teleport Database
Service.
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
-## Step 1/5. Set up the Teleport Auth and Proxy services
-
-Teleport Database Access for PostgreSQL is available starting from the `6.0`
-release.
+(!docs/pages/includes/tctl.mdx!)
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+## Step 1/5. Set up the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
diff --git a/docs/pages/database-access/guides/rds.mdx b/docs/pages/database-access/guides/rds.mdx
index 0d36e22f6d384..83c70a84e9096 100644
--- a/docs/pages/database-access/guides/rds.mdx
+++ b/docs/pages/database-access/guides/rds.mdx
@@ -29,22 +29,20 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- AWS account with RDS and Aurora databases and permissions to create and attach
IAM policies.
- A host, e.g., an EC2 instance, where you will run the Teleport Database
Service.
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
-## Step 1/7. Install Teleport
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-## Step 2/7. Create a Teleport user
+## Step 1/6. Create a Teleport user
(!docs/pages/includes/database-access/create-user.mdx!)
-## Step 3/7. Create a Database Service configuration
+## Step 2/6. Create a Database Service configuration
(!docs/pages/includes/database-access/token.mdx!)
@@ -81,7 +79,7 @@ The command will generate a Database Service configuration with RDS/Aurora
database auto-discovery enabled on the `us-west-1` region and place it at the
`/etc/teleport.yaml` location.
-## Step 4/7. Create an IAM policy for Teleport
+## Step 3/6. Create an IAM policy for Teleport
Teleport needs AWS IAM permissions to be able to:
@@ -90,7 +88,7 @@ Teleport needs AWS IAM permissions to be able to:
(!docs/pages/includes/database-access/aws-bootstrap.mdx!)
-## Step 5/7. Start the Database Service
+## Step 4/6. Start the Database Service
Start the Database Service:
@@ -112,7 +110,7 @@ not propagate immediately and can take a few minutes to come into effect.
credential provider chain to find AWS credentials. See [Specifying Credentials](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials) for more information.
-## Step 6/7. Create a database IAM user
+## Step 5/6. Create a database IAM user
Database users must allow IAM authentication in order to be used with Database
Access for RDS. See below how to enable it for your database engine.
@@ -145,7 +143,7 @@ Access for RDS. See below how to enable it for your database engine.
See [Creating a database account using IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.DBAccounts.html)
for more information.
-## Step 7/7. Connect
+## Step 6/6. Connect
Once the Database Service has started and joined the cluster, log in to see the
registered databases:
diff --git a/docs/pages/database-access/guides/redis-aws.mdx b/docs/pages/database-access/guides/redis-aws.mdx
index 14ca2fb9893f5..e9e3843ef2574 100644
--- a/docs/pages/database-access/guides/redis-aws.mdx
+++ b/docs/pages/database-access/guides/redis-aws.mdx
@@ -18,6 +18,8 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- AWS account with at least one ElastiCache or MemoryDB for Redis clusters
**In-transit encryption via (TLS) must be enabled**.
- Permissions to create and attach IAM policies.
@@ -25,15 +27,13 @@ This guide will help you to:
- A host, e.g., an EC2 instance, where you will run the Teleport Database
Service.
-## Step 1/7. Install Teleport
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-## Step 2/7. Create a Teleport user
+## Step 1/6. Create a Teleport user
(!docs/pages/includes/database-access/create-user.mdx!)
-## Step 3/7. Create a Database Service configuration
+## Step 2/6. Create a Database Service configuration
(!docs/pages/includes/database-access/token.mdx!)
@@ -96,7 +96,7 @@ The command will generate a Database Service configuration with ElastiCache or
MemoryDB database auto-discovery enabled on the `us-west-1` region and place it
at the `/etc/teleport.yaml` location.
-## Step 4/7. Create an IAM policy for Teleport
+## Step 3/6. Create an IAM policy for Teleport
Teleport needs AWS IAM permissions to be able to:
@@ -106,7 +106,7 @@ Teleport needs AWS IAM permissions to be able to:
(!docs/pages/includes/database-access/aws-bootstrap.mdx!)
-## Step 5/7. Start the Database Service
+## Step 4/6. Start the Database Service
Start the Database Service:
@@ -117,7 +117,7 @@ $ teleport start --config=/etc/teleport.yaml
The Database Service will discover and register all ElastiCache and MemoryDB
for Redis clusters according to the configuration.
-## Step 6/7. Create a Teleport-managed ElastiCache or MemoryDB user (optional)
+## Step 5/6. Create a Teleport-managed ElastiCache or MemoryDB user (optional)
To provide better security, it is recommended to use [Redis
ACL](https://redis.io/docs/manual/security/acl/) for authentication with Redis
@@ -141,7 +141,7 @@ The Database Service will automatically discover this user if it is associated
with a registered database. Keep in mind that it may take the Database Service
some time (up to 20 minutes) to discover this user once the tag is added.
-## Step 7/7. Connect
+## Step 6/6. Connect
Once the Database Service has started and joined the cluster, log in to see the
registered databases:
diff --git a/docs/pages/database-access/guides/redis-cluster.mdx b/docs/pages/database-access/guides/redis-cluster.mdx
index 36176d240a048..078f573b51b97 100644
--- a/docs/pages/database-access/guides/redis-cluster.mdx
+++ b/docs/pages/database-access/guides/redis-cluster.mdx
@@ -30,28 +30,19 @@ This guide will help you to:
## Prerequisites
-- Redis version `6.0` or newer.
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+- Redis version `6.0` or newer.
- `redis-cli` version `6.2` or newer installed and added to your system's `PATH` environment variable.
-
-- A host where you will run the Teleport Database Service. Teleport version 9.0
- or newer must be installed.
-
- See [Installation](../../installation.mdx) for details.
-
-(!docs/pages/includes/user-client-prereqs.mdx!)
+- A host where you will run the Teleport Database Service.
Redis `7.0` and RESP3 (REdis Serialization Protocol) are currently not supported.
-## Step 1/6. Install and configure Teleport
-
-### Set up the Teleport Auth and Proxy Services
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-### Set up the Teleport Database Service
+## Step 1/6. Set up the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
diff --git a/docs/pages/database-access/guides/redis.mdx b/docs/pages/database-access/guides/redis.mdx
index a73abdfbaced5..2f6a8d96e346d 100644
--- a/docs/pages/database-access/guides/redis.mdx
+++ b/docs/pages/database-access/guides/redis.mdx
@@ -30,6 +30,8 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- Redis version `6.0` or newer.
- `redis-cli` version `6.2` or newer installed and added to your system's `PATH` environment variable.
@@ -39,19 +41,13 @@ This guide will help you to:
See [Installation](../../installation.mdx) for details.
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
Redis `7.0` and RESP3 (REdis Serialization Protocol) are currently not supported.
-## Step 1/5. Install and configure Teleport
-
-### Set up the Teleport Auth and Proxy Services
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-### Set up the Teleport Database Service
+## Step 1/5. Set up the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
diff --git a/docs/pages/database-access/guides/snowflake.mdx b/docs/pages/database-access/guides/snowflake.mdx
index 17d8806e21c77..8825a60d8dee4 100644
--- a/docs/pages/database-access/guides/snowflake.mdx
+++ b/docs/pages/database-access/guides/snowflake.mdx
@@ -28,6 +28,8 @@ This guide will help you to:
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- Snowflake account with `SECURITYADMIN` role or higher.
- `snowsql` installed and added to your system's `PATH` environment variable.
@@ -36,17 +38,9 @@ This guide will help you to:
See [Installation](../../installation.mdx) for details.
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
(!docs/pages/includes/tctl.mdx!)
-## Step 1/5. Install and configure Teleport
-
-### Set up the Teleport Auth and Proxy Services
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
-
-### Set up the Teleport Database Service
+## Step 1/5. Set up the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
diff --git a/docs/pages/database-access/guides/sql-server-ad.mdx b/docs/pages/database-access/guides/sql-server-ad.mdx
index 6a1e926a2082a..92743aff71ed9 100644
--- a/docs/pages/database-access/guides/sql-server-ad.mdx
+++ b/docs/pages/database-access/guides/sql-server-ad.mdx
@@ -37,23 +37,21 @@ Directory authentication.
## Prerequisites
+(!docs/pages/includes/edition-prereqs-tabs.mdx!)
+
- A SQL Server database with Active Directory authentication enabled.
- A SQL Server network listener configured with a Certificate using Subject Alternative Names
- A Windows machine joined to the same Active Directory domain as the database.
- A Linux node joined to the same Active Directory domain as the database. This
guide will walk you through the joining steps if you don't have one.
-(!docs/pages/includes/user-client-prereqs.mdx!)
-
-## Step 1/7. Set up the Teleport Auth and Proxy
-
-(!docs/pages/includes/database-access/start-auth-proxy.mdx!)
+(!docs/pages/includes/tctl.mdx!)
-## Step 2/7. Create a Teleport user
+## Step 1/7. Create a Teleport user
(!docs/pages/includes/database-access/create-user.mdx!)
-## Step 3/7. Join the Linux node to Active Directory
+## Step 2/7. Join the Linux node to Active Directory
You can skip this step if you already have a Linux node joined to the same
@@ -128,7 +126,7 @@ example.com
...
```
-## Step 4/7. Create keytab file
+## Step 3/7. Create keytab file
Teleport requires a keytab file to obtain Kerberos service tickets from your
Active Directory for authentication with SQL Server. The easiest way to generate
@@ -214,7 +212,7 @@ KVNO Principal
authentication failures.
-## Step 5/7. Set up the Teleport Database Service
+## Step 4/7. Set up the Teleport Database Service
(!docs/pages/includes/database-access/token.mdx!)
@@ -310,7 +308,7 @@ object typically resides under the AWS Reserved / RDS path:
toggle is enabled.
-## Step 6/8. Start the Database Service
+## Step 5/7. Start the Database Service
Start the Database Service:
```code
@@ -318,7 +316,7 @@ $ teleport start --config=/etc/teleport.yaml
```
-## Step 7/8. Create SQL Server AD users
+## Step 6/7. Create SQL Server AD users
You can skip this step if you already have Active Directory logins in your
@@ -332,7 +330,7 @@ logins that will use Active Directory authentication:
master> CREATE LOGIN [EXAMPLE\alice] FROM WINDOWS WITH DEFAULT_DATABASE = [master], DEFAULT_LANGUAGE = [us_english];
```
-## Step 8/8. Connect
+## Step 7/7. Connect
Log in to your Teleport cluster. Your SQL Server database should appear in the
list of available databases:
diff --git a/docs/pages/includes/database-access/start-auth-proxy.mdx b/docs/pages/includes/database-access/start-auth-proxy.mdx
deleted file mode 100644
index 19357af8973fe..0000000000000
--- a/docs/pages/includes/database-access/start-auth-proxy.mdx
+++ /dev/null
@@ -1,55 +0,0 @@
-
-
-
-On the host where you will run the Auth Service and Proxy Service, download the
-latest version of Teleport for your platform from our
-[downloads page](https://goteleport.com/download) and follow the
-installation [instructions](/docs/installation).
-
-Teleport requires a valid TLS certificate to operate and can fetch one
-automatically using Let's Encrypt's ACME protocol. Before Let's Encrypt can
-issue a TLS certificate for the Teleport Proxy host's domain, the ACME protocol
-must verify that an HTTPS server is reachable on port 443 of the host.
-
-You can configure the Teleport Proxy service to complete the Let's Encrypt
-verification process when it starts up.
-
-Run the following `teleport configure` command, where `tele.example.com` is the
-domain name of your Teleport cluster and `user@example.com` is an email address
-used for notifications (you can use any domain):
-
-```code
-teleport configure --acme --acme-email=user@example.com --cluster-name=tele.example.com > /etc/teleport.yaml
-```
-
-The `--acme`, `--acme-email`, and `--cluster-name` flags will add the following
-settings to your Teleport configuration file:
-
-```yaml
-proxy_service:
- enabled: "yes"
- web_listen_addr: :443
- public_addr: tele.example.com:443
- acme:
- enabled: "yes"
- email: user@example.com
-```
-
-Port 443 on your Teleport Proxy Service host must allow traffic from all sources.
-
-Next, start the Teleport Auth and Proxy Services:
-
-```code
-$ sudo teleport start
-```
-
-
-
-If you do not have a Teleport Cloud account, use our [signup form](https://goteleport.com/signup/) to
-get started. Teleport Cloud manages instances of the Proxy Service and Auth
-Service, and automatically issues and renews the required TLS certificate.
-
-
-
-
-(!docs/pages/includes/tctl.mdx!)
diff --git a/docs/pages/reference/helm-reference/teleport-kube-agent.mdx b/docs/pages/reference/helm-reference/teleport-kube-agent.mdx
index 1d75467009602..7343899b0ca84 100644
--- a/docs/pages/reference/helm-reference/teleport-kube-agent.mdx
+++ b/docs/pages/reference/helm-reference/teleport-kube-agent.mdx
@@ -416,7 +416,7 @@ You can specify multiple selectors by including additional list elements.
- For AWS database auto-discovery to work, your Database Service pods will need to use a role which has appropriate IAM permissions as per the [database documentation](../../database-access/guides/rds.mdx#step-47-create-an-iam-policy-for-teleport).
+ For AWS database auto-discovery to work, your Database Service pods will need to use a role which has appropriate IAM permissions as per the [database documentation](../../database-access/guides/rds.mdx#step-36-create-an-iam-policy-for-teleport).
After configuring a role, you can use an `eks.amazonaws.com/role-arn` annotation with the `annotations.serviceAccount` value to associate it with the service account and grant permissions: