The guide instructs the user to generate with tctl auth sign TLS certificates valid for direct auth connection only. The recommended Teleport setup now involves using a Teleport proxy, which is incompatible with the guide.
The guide should:
generate an identity file all the time (instead of TLS certs, identity files are more powerful) as the "Cloud" tab does
explain the user that they can connect to the proxy on 443/3080 and on auth on 3025
link to MachineID guides for usage in CI as this is a common use case and most users doing IaC will want to run it in CI/CD
explain how to issue long-lived certificates and set the correct max sessions on roles so you can issue certificates living longer than 30 hours
ptgott
commented
1 year ago
Applies To
https://goteleport.com/docs/management/guides/terraform-provider/
Details
The guide instructs the user to generate with
tctl auth signTLS certificates valid for direct auth connection only. The recommended Teleport setup now involves using a Teleport proxy, which is incompatible with the guide.The guide should:
Related Issues
Issue reported in the community slack: https://goteleport.slack.com/archives/CEZH6UL64/p1676650728457459