Teleport Cloud Architecture
We have designed the Teleport Cloud environment to be secure; however we are still in the process of scrutinizing and executing on our security roadmap and working with independent security auditors to identify any gaps. Only once this is complete, the team will evaluate whether the Teleport Cloud is ready for strict compliance use-cases.
We completed our most current SOC2 type 2 audit on April 12th, 2021.
The report covers:
- Teleport Open Source
- Teleport Enterprise, self-hosted
- Teleport Enterprise, cloud-hosted
Reach out to https://goteleport.com/cloud/sales for report details.
SSH sessions are recorded on nodes.
Teleport Cloud Proxy does not terminate SSH sessions when using OpenSSH and
The Cloud Proxy terminates TLS for Application, Database and Kubernetes sessions.
The session recordings are stored in S3 using at-rest encryption. We have yet to define specific retention policies.
Customer data, including audit logging, is backed up using the DynamoDB "point in time recovery" system. Data can be recovered up to 35 days. This retention period is not configurable.
Clusters are deployed in a single AWS region in 2 availability zones. AWS guarantees 99.99% of monthly uptime percentage.
Teleport Cloud commits to SLA of 99.5%% of monthly uptime percentage, a maximum of 3 hours 40 minutes of downtime per month.