Fork me on GitHub

Teleport Cloud Architecture



We have designed the Teleport Cloud environment to be secure; however we are still in the process of scrutinizing and executing on our security roadmap and working with independent security auditors to identify any gaps. Only once this is complete, the team will evaluate whether the Teleport Cloud is ready for strict compliance use-cases.


We completed our most current SOC2 type 2 audit on April 12th, 2021.

The report covers:

  • Teleport Open Source
  • Teleport Enterprise, self-hosted
  • Teleport Enterprise, cloud-hosted

Reach out to for report details.

Managed Teleport Settings

SSH sessions are recorded on nodes. Teleport Cloud Proxy does not terminate SSH sessions when using OpenSSH and tsh sessions. The Cloud Proxy terminates TLS for Application, Database and Kubernetes sessions.

Data retention

The session recordings are stored in S3 using at-rest encryption. We have yet to define specific retention policies.

Customer data, including audit logging, is backed up using the DynamoDB "point in time recovery" system. Data can be recovered up to 35 days. This retention period is not configurable.

High Availability

Clusters are deployed in a single AWS region in 2 availability zones. AWS guarantees 99.99% of monthly uptime percentage.

Teleport Cloud commits to SLA of 99.5%% of monthly uptime percentage, a maximum of 3 hours 40 minutes of downtime per month.

Have a suggestion or can’t find something?