# Reference for the teleport\_trusted\_cluster Terraform resource

This page describes the supported values of the teleport\_trusted\_cluster resource of the Teleport Terraform provider.

## Example Usage

```
# Teleport trusted cluster

resource "teleport_trusted_cluster" "cluster" {
  version = "v2"
  metadata = {
    name = "primary"
    labels = {
      test = "yes"
    }
  }

  spec = {
    enabled = false
    role_map = [{
      remote = "test"
      local  = ["admin"]
    }]
    proxy_addr = "localhost:3080"
    token      = "salami"
  }
}

```

## Schema

### Required

- `spec` (Attributes) Spec is a Trusted Cluster specification. (see [below for nested schema](#nested-schema-for-spec))
- `version` (String) Version is the resource version. It must be specified. Supported values are: `v2`.

### Optional

- `metadata` (Attributes) Metadata holds resource metadata. (see [below for nested schema](#nested-schema-for-metadata))
- `sub_kind` (String) SubKind is an optional resource sub kind, used in some resources.

### Nested Schema for `spec`

Optional:

- `enabled` (Boolean) Enabled is a bool that indicates if the TrustedCluster is enabled or disabled. Setting Enabled to false has a side effect of deleting the user and host certificate authority (CA).
- `role_map` (Attributes List) RoleMap specifies role mappings to remote roles. (see [below for nested schema](#nested-schema-for-specrole_map))
- `roles` (List of String) Roles is a list of roles that users will be assuming when connecting to this cluster.
- `token` (String, Sensitive) Token is the authorization token provided by another cluster needed by this cluster to join.
- `tunnel_addr` (String) ReverseTunnelAddress is the address of the SSH proxy server of the cluster to join. If not set, it is derived from `<metadata.name>:<default reverse tunnel port>`.
- `web_proxy_addr` (String) ProxyAddress is the address of the web proxy server of the cluster to join. If not set, it is derived from `<metadata.name>:<default web proxy server port>`.

### Nested Schema for `spec.role_map`

Optional:

- `local` (List of String) Local specifies local roles to map to
- `remote` (String) Remote specifies remote role name to map from

### Nested Schema for `metadata`

Required:

- `name` (String) Name is an object name

Optional:

- `description` (String) Description is object description
- `expires` (String) Expires is a global expiry time header can be set on any resource in the system.
- `labels` (Map of String) Labels is a set of labels