Teleport Identity Security 설정
요약
Teleport Identity Security는 설정에 YAML 파일 형식을 사용합니다. 이 예제 설정을 프로덕션에 사용하지 마십시오. 설정 파일을 환경 요구 사항에 맞게 편집해야 합니다. 이 예제 설정에는 올바른 들여쓰기 사용을 보여주기 위한 모든 가능한 설정 옵션이 YAML 형식으로 포함되어 있습니다.
Teleport Identity Security는 설정에 YAML 파일 형식을 사용합니다. 아래에 전체 설정 레퍼런스 파일이 나와 있습니다. 이는 identity-security.yaml에 대한 주석과 모든 사용 가능한 옵션을 제공합니다.
이 레퍼런스를 사용하기 전에#
Warning
이 예제 설정을 프로덕션에 사용하지 마십시오.
설정 파일을 환경 요구 사항에 맞게 편집해야 합니다. 레퍼런스 설정을 복사해서 사용하면 의도치 않은 효과가 발생합니다.
레퍼런스 설정#
이 예제 설정에는 올바른 들여쓰기 사용을 보여주기 위한 모든 가능한 설정 옵션이 YAML 형식으로 포함되어 있습니다.
Teleport Identity Security 설정#
이 설정은 Teleport Identity Security 프로세스에 적용됩니다.
<!-- INCLUDE:ENGLISH:docs/pages/includes/config-reference/identity-security.yaml -->
# IP and the port for Teleport Identity Security to bind to.
address: 0.0.0.0:8080
# Registration CA certificates for the Identity Security service.
# These are used to verify the authenticity of the Teleport clusters
# when they register with the Identity Security service.
# The Identity Security service uses these certificates to ensure that
# only trusted Teleport clusters can register and communicate with it.
# You can specify multiple CA certificates if you have multiple Teleport clusters
# that need to register with the Identity Security service.
# The certificates should be the Teleport Host CA certificate and be in the
# PEM format.
registration_cas:
- /var/is/teleport-host-ca.pem
- /var/is/teleport-host-ca2.pem
# TLS certificate for the HTTPS/gRPC connections. Configuring these properly is
# critical for security.
tls:
cert: /var/lib/teleport/identity_security_cert.pem
key: /var/lib/teleport/identity_security_key.pem
# Teleport Identity Security service storage configuration.
backend:
# postgres defines connection parameters for the PostgreSQL database
# used by the Identity Security service to store its data.
# If you use a PostgreSQL cluster, you must ensure to define
# the connection string to connect to the primary node (the writer).
postgres:
# Address and port for the PostgreSQL database to connect to.
# This is used to store the Identity Security service data.
# The database should be running and accessible from the Identity Security service.
# If you do not need a PostgreSQL database, you can disable this feature.
connection: postgres://teleport:teleport_password@localhost:5432/identity_security?sslmode=disable
# Maximum number of connections to the PostgreSQL database.
max_conns: 20
# Minimum number of connections to the PostgreSQL database.
min_conns: 10
# Maximum time a connection can be open before it is closed.
max_conn_lifetime: 24h
# Maximum time a connection can be idle before it is closed.
max_conn_idle_time: 10m
# Health check period for the PostgreSQL database.
health_check_period: 10s
# Maximum connection lifetime jitter in seconds.
max_conn_lifetime_jitter: 10s
# If you want to use IAM authentication instead of password authentication,
# you can uncomment the following section and provide the AWS region.
#
# iam:
# aws_region: us-west-2
# postgres_read_replica defines connection parameters for the PostgreSQL read replica
# used by the Identity Security service to store its data.
# postgres_read_replica:
# Address and port for the PostgreSQL database to connect to.
# This is used to store the Identity Security service data.
# The database should be running and accessible from the Identity Security service.
# If you do not need a PostgreSQL database, you can disable this feature.
# connection: postgres://teleport:teleport_password@localhost:5432/identity_security?sslmode=disable
# Maximum number of connections to the PostgreSQL database.
# max_conns: 20
# Minimum number of connections to the PostgreSQL database.
# min_conns: 10
# Maximum time a connection can be open before it is closed.
# max_conn_lifetime: 24h
# Maximum time a connection can be idle before it is closed.
# max_conn_idle_time: 10m
# Health check period for the PostgreSQL database.
# health_check_period: 10s
# Maximum connection lifetime jitter in seconds.
# max_conn_lifetime_jitter: 10s
# If you want to use IAM authentication instead of password authentication,
# you can uncomment the following section and provide the AWS region.
# iam:
# aws_region: us-west-2
# Teleport Identity Security Identity Activity Center configuration.
identity_activity_center:
# region defines the AWS region where the Identity Activity Center is deployed.
region: eu-central-1
# The AWS Athena database and table used by the Identity Activity Center.
# This is used to query the Identity Activity Center data.
database: identity_activity_center
# The AWS Athena table used by the Identity Activity Center.
# This is used to query the Identity Activity Center data.
# The table should be created in the Athena database specified above.
table: identity_activity_center_table
# The S3 long-term bucket used by the Identity Activity Center to store its data.
# This must be the same bucket used by the Athena database and table.
s3: s3://long-term-bucket/data/
# Transient S3 bucket location used by the Identity Activity Center to store temporary data
# such as query results.
s3_results: s3://transient-bucket/results/
# Transient S3 bucket location used by the Identity Activity Center to store large files.
s3_large_files: s3://transient-bucket/large_files
# Workgroup name used by the Identity Activity Center to execute Athena queries.
workgroup: identity-activity-center-workgroup
# AWS SQS queue URL used by the Identity Activity Center to send notifications
# between the Teleport Identity Security replicas.
sqs_queue_url: https://sqs.eu-central-1.amazonaws.com/123456789/example-queue
# MaxMind GeoIP database path used by the Identity Activity Center
# to enrich the Identity Activity Center data with geolocation information.
# This is optional.
maxmind_geoip_city_db_path: /path/to/geoIp-city.mmdb
# Teleport Identity Security metrics endpoint configuration.
metrics:
# Enable Teleport Identity Security Metrics. This is used to collect
# and expose metrics about the Identity Security service such as
# the number of requests, errors, and latency.
# This is useful for monitoring and alerting purposes.
# If you do not need these metrics, you can disable this feature.
enabled: true
# Address and port for Teleport Identity Security Metrics to bind to.
address: 0.0.0.0:3000
# TLS configuration for the metrics endpoint.
# If you do not need TLS for the metrics endpoint, you can disable it.
# tls:
# cert: /var/lib/is/identity_security_metrics_cert.pem
# key: /var/lib/is/identity_security_metrics_key.pem
# Teleport Identity Security profiling endpoint configuration.
# This is used to collect profiling data about the Identity Security service.
pprof: false
# Teleport Identity Security tracing configuration.
# This is used to collect distributed tracing data about the Identity Security service.
# If you do not need tracing, you can disable this feature.
tracing:
# Enable Teleport Identity Security Tracing. This is used to collect
# and export tracing data about the Identity Security service.
enabled: false
# Exporter URL for the tracing data.
# This should be the URL of the OpenTelemetry Collector or any other
# compatible tracing backend.
# The URL should include the protocol (e.g., "otlp://") and the address
# of the tracing backend (e.g., "localhost:4317").
exporter_url: "otlp://localhost:4317"
# Sampling rate for the tracing data. This controls how many traces are sampled
# per million requests.
# A value of 1000 means that 1000 traces will be sampled per million requests
# i.e. 10%.
sampling_rate_per_million: 1000
# Logging configuration.
log:
# Possible severity values are DEBUG, INFO (default), WARN,
# and ERROR.
level: debug
<!-- /INCLUDE:ENGLISH -->
추가 읽기#
- Teleport Identity Security 설치: Teleport Identity Security 설치 방법.
- Teleport Identity Security: Teleport Identity Security 사용 방법.