Blog article

How to Secure Remote Access to AWS

This article discusses the best way to provide secure remote access to Amazon AWS environment with GoodAccess including a step-by-step guide.


Min read

Petr Pecha

An increasing amount of company traffic now travels over the Internet as organizations migrate to the cloud and adopt remote work policies. This article discusses the best way to provide secure remote access to Amazon AWS with GoodAccess including a step-by-step guide.

Table of contents

  1. Why do you need secure remote access to AWS VPC?
  2. How can you secure access to AWS VPC?
  3. What is IP whitelisting?
  4. Why GoodAccess?
  5. Why choose GoodAccess over AWS VPN?
  6. How to set up secure access to AWS cloud with a GoodAccess VPN gateway?

Why do you need secure remote access to AWS VPC?

Once stored in the cloud, your data is protected by Amazon’s security measures that extend to all its AWS infrastructure including hardware and software. However, you as the customer have the responsibility to secure the servers and devices at your end and protect your data during transit.

This means that even while observing recommended best practices, your users and parts of infrastructure are still vulnerable to network-borne attacks, and you need to put additional measures in place to ensure your data is safe.

How can you secure access to AWS VPC?

The quickest and easiest method to secure remote access is to use a cloud-based VPN, which allows all users to connect to the entire IT infrastructure via a single unifying network regardless of the physical location.

The way you actually attach your AWS VPC to the rest of your private infrastructure is by whitelisting the IP address of your VPN gateway.

What is IP whitelisting?

IP whitelisting is a security technique where access is only allowed from a trusted IP address (you need a static IP address to do this). Access from outside the pool of allowed IP addresses will be restricted.

This means that any system inside a company infrastructure can only be accessed by users with the organization’s IP address regardless of where they connect from.

For a full article on IP whitelisting, click here.

Why GoodAccess

The GoodAccess cloud VPN service conceals all company traffic with network- and application-layer encryption, preserving the privacy of communications traveling through the public Internet, and provides a unique static IP address that you can whitelist in your AWS EC2 virtual server.

In this way, you turn all your communications that pass through the VPN tunnel completely private regardless of where they originate or where they are headed.

Why choose GoodAccess over AWS VPN

AWS offers two VPN services - a site-to-site VPN to connect branches and datacenters and a client VPN for remote users. You can build a remarkably fast and stable global infrastructure with these, but you need a lot of time and skills to do that.

To build flexible multisite connections you’d need a transit gateway, which is costly, especially at higher traffic volumes, and to maintain a global high speed, you would have to spend some time configuring the AWS modify capabilities as well.

Remote user access also takes work, as you have to set up every endpoint manually, can’t use 3rd-party SSO (besides MS Active Directory), and have to manage access by manually associating clients with corresponding subnets (so you must define your systems in those subnets first, and then control access via associating client IP ranges).

To sum it up, if you are only looking to connect one site to your cloud, you may be better off with the AWS VPN.

However, if you have a multicloud and multisite infrastructure with a legion of remote workers, you should check out a dedicated VPN solution, such as GoodAccess.

How to set up secure access to AWS cloud with a GoodAccess VPN gateway

To do this, you need to have your GoodAccess VPN with a static IP address. If you don’t have one, check out the 14-day trial.

Open your AWS EC2 Management, then go to Security Groups under the Network & Security section. There, click on Create security group.

Fill out the following information:

  • Security group - type in a name of your choice.
  • VPC - select the right VPC (Note that if you are using VPC peering, you can later update the rules for your VPC security groups to reference security groups in the peered VPC)

In the Inbound rules section, fill out the following:

  • Type - choose All traffic
  • Protocol - choose All
  • Port range - choose All
  • Source - choose Custom and type in the IP address of your GoodAccess gateway

Click Create security group.

Now you need to attach resources to your new security group.

First, back on your Amazon EC2 Dashboard and select Instances under the Instances section.

There, select the instances you’d like to commit to the security group by clicking Actions, then Networking, and Change Security Groups.

Select the newly created security group and click Assign security group.