Fork me on GitHub

Teleport Cloud FAQ


Can I use Teleport Cloud in production?


What is the cloud SLA

Teleport Cloud commits to SLA of 99.5%% of monthly uptime percentage, a maximum of 3 hours 40 minutes of downtime per month.

How does Cloud Billing work?

Reach out to sales to discuss pricing.

Are you using AWS-managed encryption keys, or CMKs via KMS?

We use AWS-managed keys. Currently there is no option to provide your own key.

Is this Teleport's S3 bucket, or my bucket based on my AWS credentials?

It's a Teleport-managed S3 bucket with AWS-managed keys. Currently there is no way to provide your own bucket.

How do I add nodes to Teleport Cloud?

You can connect servers, kubernetes clusters, databases and applications using reverse tunnels.

There is no need to open any ports on your infrastructure for inbound traffic.

How can I access the tctl admin tool?

We have made changes to allow you to log into your cluster using tsh, then use tctl remotely:

tsh login
tctl status

You must use the enterprise version of tctl.

Why am I getting permission denied errors when using tctl?

If you have a local file /etc/teleport.yaml on your machine tctl will attempt to use the local cluster. Set the environment variable TELEPORT_CONFIG_FILE to "" so it will not attempt to use that Teleport configuration file.

tctl tokens add --type=node

Are dynamic node tokens available?

After connecting tctl to Teleport Cloud, users can generate dynamic tokens:

tctl nodes add --ttl=5m --roles=node,proxy --token=$(uuid)

When will a security audit be available?

Security audit has been completed and is available here.

What does Teleport Cloud run in?

Teleport Cloud is deployed using a Gravity cluster on AWS.

Will Teleport be automatically upgraded with each release?

We will be upgrading the preview version of Teleport Cloud automatically.

Does your SOCII report include Teleport Cloud?

We completed our most current SOC2 type 2 audit on April 12th, 2021.

The report covers:

  • Teleport Open Source
  • Teleport Enterprise, self-hosted
  • Teleport Enterprise, cloud-hosted

Reach out to for report details.

Can a customer deploy multiple clusters in Teleport Cloud?

Not at this time.

Is FIPS mode an option?

FIPS is not currently an option for Teleport Cloud clusters.

How do you store passwords?

Password hashes are generated using Golang's bcrypt.

How does Teleport manage web certificates? Can I upload my own?

Teleport uses to issue certificates for every customer. It is not possible to upload a custom certificate or use a custom domain name.

Do you encrypt data at rest?

Each deployment is using at-rest encryption using AWS DynamoDB and S3 at-rest encryption for customer data including session recordings and user records.

Have a suggestion or can’t find something?