re: Invent 2021: 10 Reasons You Need To Teleport To Secure Your Apps On AWS


Teleport will be live on re: Invent from November 30 to December 30. 2. If you are there, please stop by booth 718 and speak with me and the Teleport team about how we can improve the security and compliance of applications running on AWS. If you can’t do it in person, here’s my list of the top 10 things you need to know about AWS and Teleport. See our Teleportation to AWS page for more information.

FinConDX 2021

10. Corporate and consumer brands you trust use Teleport to secure their access to the AWS infrastructure.

We are very proud to work with these customers and others who trust Teleport to improve the security and compliance of their AWS infrastructure:
Snowflake, Moody’s, VMware, Carta, Doordash, Elastic, Thrasio, Yugabyte, Shipt, Canva, Airslate, Acquia, Chargepoint, Alteryx, Cohesity and others.

Can we help you?

9. Teleport allows you to separate who can provision your AWS infrastructure from who can use it.

Often, the people who provision AWS resources are different from those who use them. The frequent provision of resources has financial implications; our customers want to limit who can do it. Customers use the AWS Management Console and the AWS CLI to provision resources. Teleport therefore provides an identity-sensitive access solution for the AWS Management Console and CLI that enables fine-grained, role-based access controls to prevent unauthorized creation of AWS resources. Imagine that an SRE that normally does not have access to the AWS Management Console needs to be able to provision new AWS resources to resolve a problem in production – with Teleport, you can easily grant temporary high access that automatically expires.

8. Teleport provides in-depth role-based access controls (RBAC) for EC2, RDS, Aurora, EKS and more

What about the people who need access to your AWS resources, not just the AWS Management Console and CLI? Teleport enables you to provide accurate, identity-based access to your critical AWS resources such as:
Linux and Windows EC2 instances
RDS Redshift
Aurora Databases
EKS clusters

For example, for EC2, get kernel level visibility. For RDS or Aurora, find out who executed which request. For EKS, give your teams separate access to their Kubernetes pods to prevent unintentional errors and least privilege access.

Are you running DevOps tools like Jenkins, GitLab, Hashicorp Vault on AWS? Then you need access to the Teleport app. Teleport gives you a trustless networking solution to access these applications, with built-in RBAC and fine-grained auditing. You don’t even need to register a domain to start providing easy access to these critical applications for your DevOps engineers.

6. Send audit logs directly to AWS CloudTrail

When you use Teleport to provide secure access to the AWS Management Console and CLI, we apply “assume role” which automatically sends usage logs to your CloudTrail service for observability. and audit.

5. Teleport Cloud runs on AWS

The Teleport Cloud itself runs on AWS and is available in multiple regions. Find out how we built it in this blog post.

Do you want to host the Teleport control plane yourself? No problem. Deploy Teleport within AWS using self-scaling EC2 nodes and a high availability (HA) persistence backend using our Terraform Teleport high availability deployment reference.

4. Send audit logs from Teleport to S3 or DynamoDB and your preferred SIEM

Teleport generates activity logs to access your AWS services. Send these logs directly to S3 or DynamoDB for analysis. Logs are easily exportable to SIEMs such as Datadog and Splunk.

3. New EC2 nodes automatically join your Teleport clusters

As your AWS usage increases, EC2 nodes can join a Teleport cluster without needing a join token. This is ideal for AMIs that you want to join automatically on startup.

2. Improve the security of your Teleport CA with AWS CloudHSM

Teleport supports Hardware Security Modules (HSMs) including AWS Cloud HSM which allows customers to bring their own Certificate Authorities (CAs). Using your own HSM allows easy backup of your CA. You can also add HSMs if you have an existing Teleport deployment.

1. Buy Teleport from AWS Marketplace.

Do you use the AWS Marketplace to buy software online? Buy Teleport directly through the AWS Marketplace or use AWS Credits to pay for using Teleport. Private offers available for corporate clients.

*** This is a Syndicated Security Bloggers Network blog from The Teleport Blog written by The Teleport Blog. Read the original post at:


About Author

Comments are closed.