Experience unparalleled security and ease in managing IAM Roles Anywhere with Teleport.
Protect your data like never before!
Yes, Teleport works with AWS Roles Anywhere. Teleport's Workload Identity feature can be used in conjunction with AWS Roles Anywhere to allow workloads to securely authenticate with AWS services without using long-lived credentials.1
Teleport Workload Identity issues flexible short-lived identities in X.509 certificates, which AWS Roles Anywhere can use for authentication to AWS services. This is particularly useful for machines that need to securely authenticate with AWS services without using long-lived credentials.To use Teleport with AWS Roles Anywhere, you need to follow these general steps:
For example, to configure Teleport RBAC, you would create a role like this:
yamlkind: roleversion: v6metadata: name: my-workload-roles-anywherespec: allow: spiffe: - path: /svc/example-service
This configuration allows Teleport to issue X.509 certificates containing the specified SPIFFE ID, which can then be used with AWS Roles Anywhere.
It's important to note that this implementation differs from using the Teleport Application Service to protect AWS APIs in a few ways: