Installing Teleport on Amazon EC2
We provide pre-built amd64 and arm64 Amazon Linux 2023 based EC2 AMIs with
Teleport pre-installed.
These images are primarily intended for deploying a Teleport cluster using our reference Terraform code.
See the AWS Single-Instance Deployment and the Running Teleport Enterprise in High Availability mode on AWS using Terraform guides for detailed usage examples.
Pre-built Teleport AMIs are only configured to run the Auth Service, Proxy Service, and SSH Service, and are not intended to run as Teleport Agents.
In order to use these AMIs outside of the reference Terraform, you can configure
the Teleport installation by setting configuration variables in the
/etc/teleport.d/conf file on the EC2 instance. See the Starter Cluster Configuration Template
for a list of the available configuration options.
The team at Teleport automatically builds and publishes Teleport Community Edition, Enterprise, and Enterprise FIPS
AMIs when we release a new version of the software. The AMI names follow the format:
teleport-<type>-<version>-<arch> where <type> is either oss or ent
(Enterprise), <version> is the version of Teleport, e.g.
19.0.0-dev, and <arch> is either x86_64 or arm64.
FIPS 140 compatible AMIs (which deploy Teleport in FIPS mode by default) have the -fips suffix after <arch>,
e.g. teleport-ent-19.0.0-dev-x86_64-fips.
The AWS account ID that publishes these AMIs is 146628656107. You can list the available AMIs with
the example awscli commands below. The output is in JSON format by default.
OSS AMIs
aws --region us-west-2 ec2 describe-images --owners 146628656107 --filters 'Name=name,Values=teleport-oss-19.0.0-dev-*'
Enterprise AMIs
aws --region us-west-2 ec2 describe-images --owners 146628656107 --filters 'Name=name,Values=teleport-ent-19.0.0-dev-*'
Enterprise FIPS AMIs
aws --region us-west-2 ec2 describe-images --owners 146628656107 --filters 'Name=name,Values=teleport-ent-19.0.0-dev-*-fips-*'
The image names all include the build timestamp (shown as $TIMESTAMP in the
table below), and are tagged for easier searching.
| Image name | Edition | Architecture | FIPS support | AMI Tags |
|---|---|---|---|---|
teleport-oss-19.0.0-dev-x86_64-$TIMESTAMP | OSS | amd64 | No | TeleportVersion: 19.0.0-dev, TeleportEdition: oss, TeleportFipsEnabled: false |
teleport-oss-19.0.0-dev-arm64-$TIMESTAMP | OSS | arm64 | No | TeleportVersion: 19.0.0-dev, TeleportEdition: oss, TeleportFipsEnabled: false |
teleport-ent-19.0.0-dev-x86_64-$TIMESTAMP | Enterprise | amd64 | No | TeleportVersion: 19.0.0-dev, TeleportEdition: ent, TeleportFipsEnabled: false |
teleport-ent-19.0.0-dev-arm64-$TIMESTAMP | Enterprise | arm64 | No | TeleportVersion: 19.0.0-dev, TeleportEdition: ent, TeleportFipsEnabled: false |
teleport-ent-19.0.0-dev-x86_64-fips-$TIMESTAMP | Enterprise | amd64 | Yes | TeleportVersion: 19.0.0-dev, TeleportEdition: ent, TeleportFipsEnabled: true |
teleport-ent-19.0.0-dev-arm64-fips-$TIMESTAMP | Enterprise | arm64 | Yes | TeleportVersion: 19.0.0-dev, TeleportEdition: ent, TeleportFipsEnabled: true |
All images are based on Amazon Linux 2023 and have been hardened using the Amazon EC2 ImageBuilder STIG hardening component. Teleport AMIs are automatically published to all non-opt-in AWS regions.