diff --git a/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx b/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx
index 2aae7cd963fb5..5341c70af34b3 100644
--- a/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx
+++ b/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx
@@ -88,7 +88,6 @@ that are set up with the `discovery_group` matching
discovery_service:
enabled: true
discovery_group:
-
```
Notice that if you already operate a Discovery Service within your cluster,
diff --git a/docs/pages/enroll-resources/auto-discovery/databases/databases.mdx b/docs/pages/enroll-resources/auto-discovery/databases/databases.mdx
index a6a2db3171bd6..9163f3dc1b814 100644
--- a/docs/pages/enroll-resources/auto-discovery/databases/databases.mdx
+++ b/docs/pages/enroll-resources/auto-discovery/databases/databases.mdx
@@ -73,14 +73,6 @@ Here's an example database discovery configuration for the Discovery Service:
```yaml
discovery_service:
enabled: true
- # discovery_group is used to group discovered resources into different
- # sets. This is required when you have multiple Teleport Discovery services
- # running. It prevents discovered services from colliding in Teleport when
- # managing discovered resources.
- # If two Discovery Services match the same resources, they must be in the
- # same discovery group.
- # If two Discovery Services match different resources, they must be in
- # different discovery groups.
discovery_group: "disc-group"
# poll_interval is the cadence at which the discovery server will run each of its
# discovery cycles. The default is 5m.
diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx
index b26f94f22566c..43a9eaa3d8161 100644
--- a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx
+++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx
@@ -396,6 +396,7 @@ ssh_service:
enabled: off
discovery_service:
enabled: "yes"
+ discovery_group: "gke-myproject"
gcp:
- types: ["gke"]
locations: ["*"]
@@ -433,6 +434,7 @@ clusters in project `myproj-prod` running in `us-east2`, but *not* clusters in
```yaml
discovery_service:
enabled: "yes"
+ discovery_group: "gke-myproject"
gcp:
- types: ["gke"]
locations: ["us-east1"]
diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx
index 2f24fa39bd08b..f1d43d48870c2 100644
--- a/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx
+++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/kubernetes.mdx
@@ -62,11 +62,6 @@ and their default values.
# This section configures the Discovery Service
discovery_service:
enabled: "yes"
- # discovery_group is used to group discovered resources into different
- # sets. This is useful when you have multiple Teleport Discovery services
- # running in the same cluster but polling different cloud providers or cloud
- # accounts. It prevents discovered services from colliding in Teleport when
- # managing discovered resources.
discovery_group: "prod"
aws:
# AWS resource types. Valid options are:
diff --git a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx
index e9fcc2fef6a7d..e87d3ecc104a5 100644
--- a/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx
+++ b/docs/pages/enroll-resources/auto-discovery/servers/azure-discovery.mdx
@@ -235,6 +235,8 @@ the Discovery Service.
In order to enable Azure instance discovery the `discovery_service.azure` section
of `teleport.yaml` must include at least one entry:
+(!docs/pages/includes/discovery/discovery-group.mdx!)
+
```yaml
version: v3
teleport:
@@ -250,6 +252,7 @@ ssh_service:
enabled: off
discovery_service:
enabled: "yes"
+ discovery_group: "azure-prod"
azure:
- types: ["vm"]
subscriptions: [""]
diff --git a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx
index c85ed32e1e98f..e3fa7e2f86d3c 100644
--- a/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx
+++ b/docs/pages/enroll-resources/auto-discovery/servers/ec2-discovery.mdx
@@ -118,6 +118,8 @@ run the Discovery Service.
In order to enable EC2 instance discovery the `discovery_service.aws` section
of `teleport.yaml` must include at least one entry:
+(!docs/pages/includes/discovery/discovery-group.mdx!)
+
```yaml
version: v3
teleport:
@@ -133,6 +135,7 @@ ssh_service:
enabled: off
discovery_service:
enabled: "yes"
+ discovery_group: "aws-prod"
aws:
- types: ["ec2"]
regions: ["us-east-1","us-west-1"]
diff --git a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx
index 3b050c5d9de26..bdd8d639c0ac7 100644
--- a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx
+++ b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx
@@ -231,6 +231,8 @@ the Discovery Service.
In order to enable GCP instance discovery the `discovery_service.gcp` section
of `teleport.yaml` must include at least one entry:
+(!docs/pages/includes/discovery/discovery-group.mdx!)
+
```yaml
version: v3
teleport:
@@ -246,6 +248,7 @@ ssh_service:
enabled: off
discovery_service:
enabled: "yes"
+ discovery_group: "gcp-prod"
gcp:
- types: ["gce"]
# The IDs of GCP projects that VMs can join from.
diff --git a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx
index 55d0e8bad6a54..89b650b1a2bf2 100644
--- a/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx
+++ b/docs/pages/includes/database-access/aws-troubleshooting-max-policy-size.mdx
@@ -23,8 +23,12 @@ You can reduce the policy size by separating them into multiple IAM roles. Use
You can specify `assume_role_arn` in the AWS matchers of Discovery Service's
configuration:
+
+ (!docs/pages/includes/discovery/discovery-group.mdx!)
+
```yaml
discovery_service:
+ discovery_group: "prod"
enabled: "yes"
aws:
- types: ["rds"]
diff --git a/docs/pages/includes/server-access/custom-installer.mdx b/docs/pages/includes/server-access/custom-installer.mdx
index c3f1bdc309133..4d046e5c5bc12 100644
--- a/docs/pages/includes/server-access/custom-installer.mdx
+++ b/docs/pages/includes/server-access/custom-installer.mdx
@@ -39,6 +39,7 @@ Multiple `installer` resources can exist and be specified in the
```yaml
discovery_service:
+ # ...
{{ matcher }}:
- types: {{ matchTypes }}
tags:
diff --git a/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx b/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx
index 1aeaa726d9628..426249a320ac0 100644
--- a/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx
+++ b/docs/pages/reference/agent-services/kubernetes-application-discovery.mdx
@@ -32,6 +32,8 @@ Discovery Service, then restart the agents running these services.
Configuration for the Discovery Service is controlled by the `kubernetes` field,
example:
+(!docs/pages/includes/discovery/discovery-group.mdx!)
+
```yaml
# This section configures the Discovery Service
discovery_service: