Teleport Access Plane for AWS

Improve Security & Compliance for AWS Infrastructure

Easily control who can provision and access your critical AWS resources
Get Started
Teleport is available in the
Secure Access for SaaS

Secure your growing AWS Infrastructure

As your AWS infrastructure grows, so does the management and access headache. This in turn could potentially lead to less secured access to your AWS infrastructure. By using Teleport to manage your connectivity, authentication, authorization, and audit you can scale your AWS infrastructure while reducing the potential of inadvertently opening up your AWS resources to being compromised.

Meet security and compliance regulations

Implement security, enforce compliance, and gain visibility into user behavior by consolidating access to EC2 instances, EKS clusters, Aurora, RDS and Redshift databases, and applications, like the AWS Management Console .

Increase developer productivity, save time and money

Teleport enables engineers to access any resource anywhere with a single log in. Teleport is open source and is deployed as a single-binary, allowing for seamless integration with the rest of your AWS stack.

Unique challenges faced by AWS customers

Managing identity-based access to AWS resources across multiple accounts is time-consuming and complex but necessary to control costs, as well as ensure security and compliance.
identity screen for aws
Infrastructure sprawl
You need to control who can provision infrastructure to control costs and prevent sprawl.
Granular access
Different teams require different levels of identity-based access for different resources.
Security & Compliance
You need to lock down who can provision & access your AWS infrastructure and keep detailed audit logs.

Why AWS customers big and small trust Teleport

Our unique approach to AWS infrastructure access is not only more secure — it actually improves developer productivity. By providing an identity-aware AWS infrastructure access solution that developers love to use, you can easily implement security and compliance without worrying about backdoors that outmoded solutions encourage.

  • Teleport has been essential in meeting our SOC 2 and ISO 27001 compliance requirements while enabling our engineering teams to stay productive. With Teleport's flexible solution for just-in-time access requests, we can limit access to AWS infrastructure to only those who need it without putting the brakes on agility. And complete audit is built in.

    Tomas Fedor

    Infrastructure Lead, Productboard

  • Teleport Access Requests changed the game in simplifying our infrastructure access for various compliances. It's led to more freedom and innovation by allowing us to move away from pre-defined root accounts. We have been extremely happy with the product.

    Erik Redding

    Director, Site Reliability Engineering, Elastic

  • Audit and recorded sessions in Teleport give us an understanding of exactly what was happening at any given moment. This is incredibly critical from a security and compliance perspective.

    Mario Loria

    Senior Site Reliability Engineer II, Carta

Get the most out of AWS Management Console

Control who can provision AWS resources

With Teleport, you can separate who can provision AWS resources from who can access them. We provide an identity-aware access solution for the AWS Management Console and CLI that enables fine-grained, role-based access controls to prevent unauthorized creation of AWS resources. If an SRE needs to be able to provision new AWS resources, you can easily grant temporary elevated access that automatically expires.
aws screen with approve and deny buttons
aws screen with approve and deny buttons
Diagram of /_next/static/media/aws-management-console-icon.8a3b09f4.svg
AWS Management Console
Teleport provides connectivity, authentication, authorization and audit for AWS Management Console & CLI.
Diagram of /_next/static/media/aws-cli-icon.7b6cafec.svg
AWS CLI
Enforce the same controls for AWS Management Console at the AWS CLI level.
Diagram of /_next/static/media/aws-cloudtrail-icon.1992aecd.svg
Complete audit in AWS CloudTrail
Teleport ensures all AWS Management Console activity is logged in CloudTrail for complete visibility into access & behavior.
Deep integration for AWS products

Easily enforce granular controls for AWS resources

Teleport enables you to provide fine-grained, identity-based access to your critical AWS resources like Linux & Windows EC2 instances, RDS, Redshift and Aurora databases, EKS clusters, even CI/CD systems like Jenkins and dashboards like Grafana and Kibana running on AWS.
servers, kubernetes cluster, and linux instance
servers, kubernetes cluster, and linux instance
Diagram of /_next/static/media/aws-ec2-icon.e9f8a73f.svg
Amazon EC2
Integrate and extend your corporate identity roles with Teleport access for EC2. New EC2 instances automatically join your Teleport cluster. Supports Linux & Windows.
Diagram of /_next/static/media/aws-aurora-icon.2982f940.svg
Amazon RDS, Redshift, & Aurora
Get table-level controls for your databases running on AWS and complete visibility to the queries your team are running.
Diagram of /_next/static/media/aws-eks-icon.8c1e0771.svg
Amazon EKS
Specify separate permissions for Kubernetes pods running on EKS than the underlying EC2 instance.
Built to make the most out of AWS

Teleport uses AWS services for the most integrated experience

The Teleport Cloud runs on AWS, so whether you use our hosted control plane, or self-host on AWS, you get the same integrated experience.
teleport cloud with aws
teleport cloud with aws
Hosted on AWS
The Teleport Cloud is hosted across multiple AWS regions so you can run your AWS workloads close to your Access Plane.
Diagram of /_next/static/media/aws-marketplace-icon.08bb5d0c.svg
Buy on AWS Marketplace
Purchase Teleport directly via the AWS Marketplace or use AWS credits to pay for Teleport usage. Private offers available for enterprise customers.
Diagram of /_next/static/media/aws-cloudhsm-icon.1da6c3b1.svg
AWS CloudHSM
For added security protecting the Teleport Certificate Authority (CA) running on AWS, we support AWS CloudHSM.

Works with everything you have

Teleport is open source and it relies on open standards such as X.509 certificates, HTTPS, SAML, OpenID connect and others. Deployed as a single-binary, it seamlessly integrates with the rest of your AWS stack.
Amazon
AWS CloudTrail
AWS Marketplace
Amazon Aurora
AWS CLI
AWS CloudHSM
Amazon EC2
Amazon EKS
AWS Management Console
Amazon RDS
Active Directory
Kubernetes

Easy to get started

Teleport is easy to deploy and use. We believe that simplicity and good user experience are key to first-class security.

Teleport consists of just two binaries.
  1. The tsh client allows users to login to retrieve short-lived certificates.
  2. The teleport agent can be installed on any server or any Kubernetes cluster with a single command.
Download Teleport
Terminal
# on a client$ tsh login--proxy=example.com
# on a server$ apt install teleport
# in a Kubernetes cluster$ helm install

Try Teleport today

In the cloud, self-hosted, or open source
Get StartedView developer docs