Skip to main content

Hybrid & Multi-Cloud with Machine & Workload Identity

Teleport Machine & Workload Identity streamlines hybrid and multi-cloud operations while reducing management costs. It integrates with Terraform, Pulumi, AWS, GCP, Azure, and also provides solutions for on-premises environments.

Choose your cloud provider

Manage access for all clouds with one credential

Managing IAM for machines and applications in one cloud is doable. But when organizations move outside one cloud provider, either to a hybrid on-prem architecture or multiple cloud providers (or both), complexity grows quickly. Distributing, managing, and rotating cloud credentials for on-premises servers or for services that span multiple clouds introduces operational complexity and increases the risk of mismanagement.

Teleport issues credentials compatible with all major cloud providers that can also be used for mTLS between applications, making securing communication between clouds easier.

Secure and auditable access with ephemeral credentials

Teleport generates a credential in x.509 or JWT form, compatible with:

  • AWS IAM Roles Anywhere
  • Google Cloud Workload Identity Federation
  • Microsoft Entra Workload ID
  • OCI Workload Identity Federation

You can use these credentials with Infrastructure-as-Code like Terraform and Pulumi, applications that need to access a cloud provider API from outside that cloud (i.e. sending logs to an AWS S3 bucket from GCP), and with human users authenticating with cloud providers via CLI. The credentials are ephemeral, with a custom time-to-live set, and Teleport automatically rotates them. Teleport provides a comprehensive audit log of every credential issued to make compliance reporting easy.