Title

AWS re:Invent 2023 - Secure Remote Connectivity to AWS (NET202)

Summary

• Speakers: Tom Adamski (Principal Solution Architect), Shovan Das (Principal Product Manager), and Juan Suarez (Avalon Healthcare Solutions).
• Topics Covered:
  • Differentiation between corporate and remote connectivity.
  • Remote access considerations: resources, user trust/validation, and auditing access.
  • Use cases for network access and application layer access.
  • AWS services for remote connectivity: AWS Client VPN, Amazon EC2 Instance Connect, Session Manager, and AWS Verified Access (AVA).
  • Detailed explanation of AWS Client VPN, including architecture, authentication, authorization, and logging.
  • Discussion on EC2 Instance Connect and Session Manager for SSH and RDP access.
  • Introduction to AWS Verified Access for HTTP application access, built on zero trust principles.
  • Customer story from Avalon Healthcare Solutions on implementing AVA for secure, simplified access to resources.

Insights

• AWS Client VPN:

  • Managed remote access solution that scales automatically.
  • Provides network-level access with granular controls based on IP addresses.
  • Supports full and split tunneling, and client-to-client flow.
  • Offers mutual TLS, Active Directory, SAML authentication, and Lambda connection handler for additional security checks.

• Amazon EC2 Instance Connect and Session Manager:

  • Provide secure SSH and RDP access to EC2 instances without managing SSH keys.
  • Instance Connect generates temporary keys and can work without an Internet gateway using VPC endpoints.
  • Session Manager allows for outbound-only connections from EC2 instances, requiring no inbound rules for SSH, enhancing security.

• AWS Verified Access (AVA):

  • Enables secure access to HTTP applications from anywhere, based on zero trust principles.
  • Integrates with third-party identity and device posture providers.
  • Offers fine-grained access control and comprehensive logging for auditing.
  • Simplifies policy management and supports an open ecosystem for easy integration with existing services.
  • Avalon Healthcare Solutions' use case demonstrates AVA's ability to simplify user experience while maintaining strict security controls.

• General Observations:

  • AWS provides a suite of services catering to different remote access needs, emphasizing security, scalability, and ease of management.
  • The focus on zero trust security models is evident, with continuous verification and use of multiple signals for access decisions.
  • AWS is committed to enhancing these services, as shown by the continuous release of new features and integrations.
  • Customer stories like Avalon's highlight the practical benefits of AWS's remote connectivity solutions in real-world scenarios.