Skip to content

Commit

Permalink
Respond to PR feedback
Browse files Browse the repository at this point in the history
- Substitute "proxy" for "node" where it was incorrectly used
- Some small stylistic fixes
- Clarify that "teleport configure" does not write the config
  itself
  • Loading branch information
ptgott committed Feb 16, 2022
1 parent 396ee38 commit 09539df
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 7 deletions.
5 changes: 4 additions & 1 deletion docs/pages/application-access/getting-started.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,14 @@ Download the latest version of Teleport for your platform from our
[downloads page](https://goteleport.com/teleport/download).

We will assume that you have configured DNS records for `teleport.example.com`
and `*.teleport.example.com` to point to the Teleport node.
and `*.teleport.example.com` to point to the Teleport Proxy Service.

### Configure TLS
Teleport uses TLS to communicate with clients, and can fetch certificates automatically via Let's Encrypt.

(!docs/pages/includes/acme.mdx!)

### Start Teleport
Now start Teleport and point it to the application endpoint:

```code
Expand All @@ -55,6 +57,7 @@ $ sudo teleport start \
Make sure to update `--app-name` and `--app-uri` accordingly if you're using
your own web application.

### Create a user
Next, let's create a user to access the application we've just connected. Teleport has a built-in role called `access` that allows users to access cluster resources. Create a local user assigned this role:

```code
Expand Down
13 changes: 10 additions & 3 deletions docs/pages/database-access/getting-started.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Here's an overview of what we will do:
2. Download and install Teleport (=teleport.version=) and connect it to the Aurora database.
3. Connect to the Aurora database via Teleport.

## Step 1/3. Setup Aurora
## Step 1/3. Set up Aurora

In order to allow Teleport connections to an Aurora instance, it needs to support
IAM authentication.
Expand Down Expand Up @@ -73,18 +73,23 @@ GRANT rds_iam TO alice;
For more information about connecting to the PostgreSQL instance directly,
see Amazon [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToPostgreSQLInstance.html).

## Step 2/3. Setup Teleport
## Step 2/3. Set up Teleport

Teleport Database Access is available starting from `6.0.0` release.

Download the appropriate version of Teleport for your platform from
our [downloads page](https://goteleport.com/teleport/download).


### Configure TLS

Teleport requires a valid TLS certificate to operate and can fetch one automatically
using Let's Encrypt.

(!docs/pages/includes/acme.mdx!)

### Start Teleport

Now start Teleport and point it to your Aurora database instance. Make sure to
update the database endpoint and region appropriately.

Expand All @@ -102,9 +107,11 @@ $ sudo teleport start --config=/tmp/teleport.yaml \
title="AWS Credentials"
>
The node that connects to the database should have AWS credentials configured
with the policy from [step 1](#step-13-setup-aurora).
with the policy from [step 1](#step-13-set-up-aurora).
</Admonition>

### Create a user and role

Create the role that will allow a user to connect to any database using any
database account:

Expand Down
8 changes: 5 additions & 3 deletions docs/pages/includes/acme.mdx
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
Let's Encrypt verifies that you control the domain name of your Teleport deployment by communicating with the HTTPS server listening on port 443 of your Teleport Proxy Service.
Let's Encrypt verifies that you control the domain name of your Teleport deployment by communicating with the HTTPS server listening on port 443 of your Teleport Proxy Service.

You can configure Teleport to complete the Let's Encrypt verification process—called the ACME protocol—by running the following `teleport configure` command, where `tele.example.com` is the domain name of your Teleport cluster and `[email protected]` is an email address used for notifications (you can use any domain):
You can configure the Teleport Proxy service to complete the Let's Encrypt verification process when it starts up.

Run the following `teleport configure` command, where `tele.example.com` is the domain name of your Teleport cluster and `[email protected]` is an email address used for notifications (you can use any domain):

```code
teleport configure --acme [email protected] --cluster-name=tele.example.com
teleport configure --acme [email protected] --cluster-name=tele.example.com > /etc/teleport.yaml
```

The `--acme`, `--acme-email`, and `--cluster-name` flags will add the following settings to your Teleport configuration file:
Expand Down

0 comments on commit 09539df

Please sign in to comment.