The correct approach to manage VMs in a dynamic scaling facility (e.g. Azure VMSS / Google Instance-Group)

I am new to teleport, would like to understand whats the recommended way to use teleport to manage a dynamic scaling group of machines? Do I need to use a static token or there are better ways to do so?

A static token with sufficient entropy (make it a random 64-character string for example) is one option. It should be rotated fairly often (at least once a week) to avoid having the data sitting around on lots of machines.

The other option (and what we’d recommend) is to have a cron job or some kind of automated process on your auth server which runs tctl tokens add --type=node --ttl=4h every 3 hours and 59 minutes (so there’s a small overlap) and then writes that token to some kind of secret storage, like Vault, AWS SSM parameter store or a Azure/Google equivalent. When your nodes join, they make a query to get the latest join token from the vault and use this token. This way you avoid having a static token defined, which is more secure.