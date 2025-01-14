Teleport's Proxy Service and Nodes are stateless. For these components, only the configuration file ( /etc/teleport.yaml by default) should be backed up.

The Auth Service is Teleport's brain, and depending on the backend should be backed up regularly.

For example, a Teleport cluster running on AWS with DynamoDB must back up the following data:

What Where ( Example AWS Customer ) Local Users ( not SSO ) DynamoDB Certificate Authorities DynamoDB Trusted Clusters DynamoDB Connectors: SSO DynamoDB / File System RBAC DynamoDB / File System teleport.yaml File System teleport.service File System license.pem File System TLS key/certificate File System / AWS Certificate Manager Audit log DynamoDB Session recordings S3

For this customer, we would recommend using AWS best practices for backing up DynamoDB. If DynamoDB is used for Teleport audit logs, logged events have a TTL of 1 year.