Teleport
Database Access
- Version 16.x
- Version 15.x
- Version 14.x
- Version 13.x
- Older Versions
Teleport can provide secure connections to your databases while improving both access control and visibility.
Some of the things you can do with database access:
- Enable users to retrieve short-lived database certificates using a Single Sign-On flow, thus maintaining their organization-wide identity.
- Configure role-based access controls for databases and implement custom Access Request workflows.
- Capture database activity in the Teleport audit log.
Demo
Let's connect to a PostgreSQL server with psql
and pgAdmin 4 after authenticating
with GitHub, execute a few SQL queries and observe them in the audit log:
Getting started
- Getting started: Connect Aurora PostgreSQL in a 10 minute guide.
How to connect your database to Teleport
- Active Directory SQL Server: Connect Microsoft SQL Server with Active Directory authentication.
- Active Directory SQL Server with PKINIT: Connect Microsoft SQL Server with Active Directory PKINIT authentication.
- AWS DynamoDB: Connect AWS DynamoDB.
- AWS OpenSearch: Connect AWS OpenSearch.
- AWS ElastiCache & MemoryDB: Connect AWS ElastiCache or AWS MemoryDB for Redis database.
- AWS RDS & Aurora: Connect AWS RDS or Aurora PostgreSQL, MariaDB or MySQL database.
- AWS RDS Proxy for MariaDB/MySQL: Connect AWS RDS Proxy instances to Teleport.
- AWS RDS Proxy for PostgreSQL: Connect AWS RDS Proxy instances to Teleport.
- AWS RDS Proxy for SQL Server: Connect AWS RDS Proxy instances to Teleport.
- AWS Redshift: Connect AWS Redshift database.
- AWS Redshift Serverless: Connect to AWS Redshift serverless.
- AWS Keyspaces (Apache Cassandra): Connect to an AWS Keyspaces database.
- Azure PostgreSQL & MySQL: Connect Azure PostgreSQL or MySQL.
- Azure Cache for Redis: Connect Azure Cache for Redis.
- Azure SQL Server: Connect Azure SQL Server with Azure Active Directory authentication.
- GCP Cloud SQL MySQL: Connect GCP Cloud SQL MySQL database.
- GCP Cloud SQL PostgreSQL: Connect GCP Cloud SQL PostgreSQL database.
- MongoDB Atlas: Connect MongoDB Atlas cluster.
- Self-Hosted ClickHouse: Connect self-hosted ClickHouse database.
- Self-hosted CockroachDB: Connect self-hosted CockroachDB database.
- Self-hosted Elasticsearch
- Self-hosted MongoDB: Connect self-hosted MongoDB database.
- Self-hosted MySQL & MariaDB: Connect self-hosted MySQL or MariaDB database.
- Self-hosted PostgreSQL: Connect self-hosted PostgreSQL database.
- Self-hosted Redis Cluster: Connect a self-hosted Redis Cluster.
- Self-hosted Redis: Connect self-hosted Redis.
- Self-Hosted Cassandra & ScyllaDB: Connect self-hosted Cassandra or ScyllaDB.
- Self-Hosted Oracle: Connect self-hosted Oracle database.
- Snowflake: Connect Snowflake.
- Vitess: Connect Vitess.
Other guides
- GUI clients: Configure database graphical clients.
- Dynamic Registration: Register/unregister databases without restarting Teleport.
- High Availability: Deploy database access in HA configuration.
- AWS Cross-Account Access: Connect AWS databases in external AWS accounts.
Resources
To learn more about configuring role-based access control for database access, check out the RBAC section.
Learn how to configure automatic user provisioning, which removes the need for creating individual user accounts in advance or using the same set of shared database accounts for all users.
The Architecture section provides a more in-depth look at Teleport Database Service internals such as networking and security.
See Reference for an overview of database access-related configuration and CLI commands.
If you hit any issues, check out the Troubleshooting documentation for common problems and solutions.
FAQ
Finally, check out Frequently Asked Questions.