AlloyDB를 통한 데이터베이스 액세스

서비스 계정을 사용하여 AlloyDB에 대한 Teleport 데이터베이스 액세스를 구성하는 방법.

Teleport can provide secure access to AlloyDB via the Teleport Database Service . This allows for fine-grained access control through Teleport's RBAC . In this guide, you will: Configure your AlloyDB database with a service account. Add the database to your Teleport cluster. Connect to the database via Teleport. 작동 방식 # The Teleport Database Service uses IAM authentication to communicate with AlloyDB. When a user connects to the database via Teleport, the Teleport Database Service obtains Google Cloud credentials and authenticates to Google Cloud as an IAM principal with permissions to access the database. 사전 요구 사항 # A running Teleport cluster. If you want to get started with Teleport, sign up for a free trial or set up a demo environment . The tctl and tsh clients. Installing `tctl` and `tsh` clients Determine the version of your Teleport cluster. The tctl and tsh clients must be at most one major version behind your Teleport cluster version. Send a GET request to the Proxy Service at /v1/webapi/find and use a JSON query tool to obtain your cluster version. Replace with the web address of your Teleport Proxy Service: $ TELEPORT_DOMAIN= $ TELEPORT_VERSION="$(curl -s https://$TELEPORT_DOMAIN/v1/webapi/find | jq -r '.server_version')" Follow the instructions for your platform to install tctl and tsh clients: AlloyDB 클러스터와 인스턴스가 배포된 Google Cloud 계정. 인스턴스가 IAM 데이터베이스 인증 을 사용하도록 구성되어 있는지 확인하세요. 명령줄 클라이언트 psql 이 설치되어 있고 시스템 PATH 환경 변수에 추가되어 있어야 합니다. Teleport Database Service를 실행할 호