Secure resource access via non-HTTP(S) protocols is now possible with AWS Verified Access (in preview).
AWS Verified Access offers safe access to business resources and apps without a VPN.
Advantages
A stronger security stance
Enhance your security posture by establishing granular access controls for your business applications, including web-based apps accessed through browsers and infrastructure resources like databases and EC2 instances, based on user identity and device security status.
Simplified user interface
Provide a more efficient user experience by providing safe online access to company resources and apps without the need for a virtual private network (VPN).
Streamlined security procedures
By classifying various application or resource types with comparable security requirements and establishing policies at the group level, you may streamline policy management. From a single interface, administrators can effectively create, track, and update policies for company resources and apps.
Improved observability
To promptly detect and address security and connection issues, obtain thorough logging and visibility into access attempts.
AWS Verified Access: Why Use It?
Without a VPN, AWS Verified Access offers safe access to business resources and apps. By enabling you to establish fine-grained access controls according to a user’s identity and device security status, as well as by enforcing policies on each access request, it improves your security posture. By enabling administrators to design, organize, and oversee access controls for resources and apps with comparable security needs from a single interface, it streamlines security operations. Every access attempt is recorded by AWS Verified Access, allowing you to react to security and connection issues quickly.
Use cases
Secure remote workers in large quantities
Administrators can readily grant scattered and diverse end users, including remote workers and outside contractors or employees, fine-grained, least-privilege access to particular apps. When projects are finished, administrators may effectively monitor and revoke access from a single interface, lowering security concerns.
Access controls with zero trust for your business apps
By continuously comparing every access request to specific, conditional access policies, application owners can implement zero trust access controls for their corporate apps. This guarantees that particular security requirements, such as user identity and device security posture, are met and maintained before access is allowed per application.
Regular access to business resources and applications
For corporate web-based and non-web-based apps, as well as for infrastructure resources like databases and EC2 instances accessed via protocols like SSH, TCP, and RDP, IT administrators can apply the same access controls.
Without a virtual private network (VPN), AWS Verified Access offers safe access to your company’s resources and apps.
In order to provide zero trust access to corporate resources via protocols like Secure Shell (SSH) and Remote Desktop Protocol (RDP), AWS Verified Access is releasing a preview of its secure, VPN-less access capabilities to non-HTTP(S) applications and resources.
Databases, remote desktops, and Amazon Elastic Compute Cloud (Amazon EC2) instances are among the internal resources that organizations need to be able to access securely and remotely. Even while they perform well for network access, traditional VPN solutions frequently provide broad privileges and lack granular access controls, which might expose sensitive data-containing infrastructure. Even though some businesses mediate access using bastion hosts, this strategy can lead to complexity and inconsistent policies for both HTTP(S) and non-HTTP(S) apps. These gaps underscore the necessity for a secure access solution that extends uniform access policies across all apps and resources, especially in light of the growing popularity of zero trust architectures.
By offering zero trust access restrictions for your company’s resources and apps, AWS Verified Access meets these demands. Verified Access streamlines your security operations by supporting protocols including SSH, RDP, Java Database Connectivity (JDBC), and Open Database Connectivity (ODBC). You can now create consistent, context-sensitive access controls for all of your company’s resources and apps. AWS Verified Access assesses every access request in real time to ensure that only users who satisfy particular identification and device security requirements are given access. It also makes operations more efficient and lowers the possibility of over-privileged access by doing away with the necessity for separate VPNs or bastion hosts.
For every active resource inside the designated CIDR range, AWS Verified Access automatically generates DNS entries. Users can now instantaneously connect to new resources since manual DNS setting is no longer necessary.
For non-HTTPS access, use Verified Access
AWS Verified Access configuration for non-HTTPS access is not all that different from current practices.
Two new endpoint target categories are suggested by Verified Access: one-resource targets and multi-resource targets.
You can grant access to a specific resource, like an Amazon Relational Database Service (Amazon RDS) instance, an arbitrary TCP application fronted by a network load balancer, or an elastic network interface, using the network interface, load balancer, or RDS endpoint target. A target type (such a load balancer or network interface) and a range of TCP ports work together to establish this kind of target endpoint. Every endpoint created by Verified Access will have a DNS name assigned to it. Every target is given a Verified Access DNS name. End users will use this name to safely access the resource.
An IP CIDR and port range are used to specify the resources with a network CIDR endpoint target. This kind of endpoint target makes it simple to grant safe access to transient resources, such as EC2 instances, via SSH and RDP protocols. This eliminates the need to take any steps, such as adding or removing endpoint targets whenever a resource is added or removed. AWS Verified Access offers a distinct public DNS record for every active IP found in the specified CIDR, provided these resources are given an IP address from the specified CIDR.
Pricing and availability
18 AWS Regions offer a public preview of Verified Access: Central Canada, Europe (Frankfurt, Ireland, London, Milan, Stockholm), South America (São Paulo), Asia Pacific (Jakarta, Mumbai, Seoul, Singapore, Sydney, Tokyo), US East (Ohio, N. Virginia), US West (N. California, Oregon), and South America (São Paulo).
You are billed per connection and for each hour that your non-HTTP(S) Verified Access endpoint is in use. Each Verified Access endpoint offers free connectivity for the first 100 connections per month. See AWS Verified Access Pricing for further details.
You can apply zero trust policies consistently to all applications, SSH, RDP, and HTTP(S) resources, and you can unify access restrictions to your private applications and systems using Verified Access for HTTP(S) and non-HTTP(S) applications. It assists you in implementing zero-trust access to your resources and applications and simplifies your network infrastructure. Lastly, it grows with your infrastructure by supporting large-scale deployments without resource-specific registration and automating DNS setup.