Join Services to your Teleport Cluster
A Teleport service manages access to resources in your infrastructure, such as Kubernetes clusters, Windows desktops, internal web applications, and databases. A single Teleport process can run multiple Teleport services.
There are multiple methods you can use to join a Teleport process to your cluster in order to run Teleport services, including an instance of the Proxy Service. Choose the method that best suits your infrastructure:
| Method | Description | When to use |
|---|---|---|
| EC2 Identity Document | A Teleport process running on an EC2 instance authenticates to your cluster via a signed EC2 instance identity document. | Your Teleport process will run on EC2 and your Teleport cluster is self hosted. |
| AWS IAM | A Teleport process uses AWS credentials to join the cluster, whether running on EC2 or not. | At least some of your infrastructure runs on AWS. |
| Azure Managed Identity | A Teleport process demonstrates that it runs in your Azure subscription by sending a signed attested data document and access token to the Teleport Auth Service. | Your Teleport process will run on Azure. |
| Kubernetes ServiceAccount | A Teleport process uses a Kubernetes-signed proof to establish a trust relationship with your Teleport cluster. | Your Teleport process will run on Kubernetes. |
| GCP IAM | A Teleport process uses a GCP-signed token to establish a trust relationship with your Teleport cluster. | Your Teleport process will run on a GCP VM. |
| Join Token | A Teleport process presents a join token provided when starting the service. | There is no other supported method for your cloud provider. |