Join Services to your Teleport Cluster
A Teleport service manages access to resources in your infrastructure, such as Kubernetes clusters, Windows desktops, internal web applications, and databases. A single Teleport process can run multiple Teleport services.
There are multiple methods you can use to join a Teleport process to your cluster in order to run Teleport services, including an instance of the Proxy Service. Choose the method that best suits your infrastructure:
|Method
|Description
|When to use
|EC2 Identity Document
|A Teleport process running on an EC2 instance authenticates to your cluster via a signed EC2 instance identity document.
|Your Teleport process will run on EC2 and your Teleport cluster is self hosted.
|AWS IAM
|A Teleport process uses AWS credentials to join the cluster, whether running on EC2 or not.
|At least some of your infrastructure runs on AWS.
|Azure Managed Identity
|A Teleport process demonstrates that it runs in your Azure subscription by sending a signed attested data document and access token to the Teleport Auth Service.
|Your Teleport process will run on Azure.
|Kubernetes ServiceAccount
|A Teleport process uses a Kubernetes-signed proof to establish a trust relationship with your Teleport cluster.
|Your Teleport process will run on Kubernetes.
|GCP IAM
|A Teleport process uses a GCP-signed token to establish a trust relationship with your Teleport cluster.
|Your Teleport process will run on a GCP VM.
|OCI IAM
|A Teleport process uses Oracle Cloud credentials to join the cluster.
|Your Teleport process will run on an OCI Compute instance.
|Join Token
|A Teleport process presents a join token provided when starting the service.
|There is no other supported method for your cloud provider.