Blog article

How to Secure Remote Access to AWS

This article discusses the best way to provide secure remote access to Amazon AWS environment with GoodAccess including a step-by-step guide.

6

Min read

Remote Access

Petr Pecha

Table of Contents
This is also a heading
This is a heading

An increasing amount of company traffic now travels over the Internet as organizations migrate to the cloud and adopt remote work policies. This article discusses the best way to provide secure remote access to Amazon AWS with GoodAccess including a step-by-step guide.

Table of contents

  1. Why do you need secure remote access to AWS VPC?
  2. How can you secure access to AWS VPC?
  3. What is IP whitelisting?
  4. Why GoodAccess?
  5. Why choose GoodAccess over AWS VPN?
  6. How to set up secure access to AWS cloud with a GoodAccess VPN gateway?

Why do you need secure remote access to AWS VPC?

Once stored in the cloud, your data is protected by Amazon’s security measures that extend to all its AWS infrastructure including hardware and software. However, you as the customer have the responsibility to secure the servers and devices at your end and protect your data during transit.

This means that even while observing recommended best practices, your users and parts of infrastructure are still vulnerable to network-borne attacks, and you need to put additional measures in place to ensure your data is safe.

How can you secure access to AWS VPC?

The quickest and easiest method to secure remote access is to use a cloud-based VPN, which allows all users to connect to the entire IT infrastructure via a single unifying network regardless of the physical location.

The way you actually attach your AWS VPC to the rest of your private infrastructure is by whitelisting the IP address of your VPN gateway.

What is IP whitelisting?

IP whitelisting is a security technique where access is only allowed from a trusted IP address (you need a static IP address to do this). Access from outside the pool of allowed IP addresses will be restricted.

This means that any system inside a company infrastructure can only be accessed by users with the organization’s IP address regardless of where they connect from.

For a full article on IP whitelisting, click here.

Why GoodAccess

The GoodAccess cloud VPN service conceals all company traffic with network- and application-layer encryption, preserving the privacy of communications traveling through the public Internet, and provides a unique static IP address that you can whitelist in your AWS EC2 virtual server.

In this way, you turn all your communications that pass through the VPN tunnel completely private regardless of where they originate or where they are headed.

Why choose GoodAccess over AWS VPN

AWS offers two VPN services - a site-to-site VPN to connect branches and datacenters and a client VPN for remote users. You can build a remarkably fast and stable global infrastructure with these, but you need a lot of time and skills to do that.

To build flexible multisite connections you’d need a transit gateway, which is costly, especially at higher traffic volumes, and to maintain a global high speed, you would have to spend some time configuring the AWS modify capabilities as well.

Remote user access also takes work, as you have to set up every endpoint manually, can’t use 3rd-party SSO (besides MS Active Directory), and have to manage access by manually associating clients with corresponding subnets (so you must define your systems in those subnets first, and then control access via associating client IP ranges).

To sum it up, if you are only looking to connect one site to your cloud, you may be better off with the AWS VPN.

However, if you have a multicloud and multisite infrastructure with a legion of remote workers, you should check out a dedicated VPN solution, such as GoodAccess.

How to set up secure access to AWS cloud with a GoodAccess VPN gateway

To do this, you need to have your GoodAccess VPN with a static IP address. If you don’t have one, check out the 14-day trial.

Open your AWS EC2 Management, then go to Security Groups under the Network & Security section. There, click on Create security group.

Fill out the following information:

  • Security group - type in a name of your choice.
  • VPC - select the right VPC (Note that if you are using VPC peering, you can later update the rules for your VPC security groups to reference security groups in the peered VPC)

In the Inbound rules section, fill out the following:

  • Type - choose All traffic
  • Protocol - choose All
  • Port range - choose All
  • Source - choose Custom and type in the IP address of your GoodAccess gateway

Click Create security group.

Now you need to attach resources to your new security group.

First, back on your Amazon EC2 Dashboard and select Instances under the Instances section.

There, select the instances you’d like to commit to the security group by clicking Actions, then Networking, and Change Security Groups.

Select the newly created security group and click Assign security group.

Network security

What Is SCIM? Everything You Need To Know

System for Cross-domain Identity Management (SCIM) helps businesses to automatically manage user accounts across different applications and systems.

Learn more

5

Min read

VPN

OpenVPN vs WireGuard: Top Two VPN Protocols Side By Side

OpenVPN and WireGuard are the top 2 VPN protocols out there. WireGuard excels at speed and efficiency, while OpenVPN offers more compatibility and configuration flexibility.

Learn more

11

Min read

Network security

What Is Cybersecurity Posture And Why Should It Matter To Your Business?

Cybersecurity posture reflects an organization’s ability to fend off cyberattacks. It is a composite of countermeasures against multiple attack vectors.

Learn more

20

Min read

In GoodAccess, we invest our passion into developing a cybersecurity platform that is easy to deploy, easy to manage, and easy to use.

Education
VPN with Static IP Explained
What is Business Cloud VPN
What is IP Whitelisting
DNS Filtering Explained
Zero Trust Network Access
35+ Gateways Worldwide
How secure is GoodAccess
Compliance Made Easy
Platform
Free business VPN
Business VPN
Zero trust network access
Software defined perimeter
Secure web gateway
Remote access VPN
Features
Dedicated VPN gateway
Static IP address
Central dashboard
Zero-trust access control
DNS filtering
Multi-factor authentication
Network access control
Split tunneling
Access logs
IP whitelisting
SSO
Resources
Product tour
Blog
Events & webinars
Support portal
Customers
Integrations
Company
About us
Become a partner
Become an affiliate
Careers
Newsroom
Contact us
Partner
Sign up form
Pricing
Plans
Small teams
Starter
Download App
iOS
Mac
Android
Windows
Chrome OS
Linux script

Copyright ©2023
GoodAccess

Facebook icon LinkedIn iconTwitter icon
Acceptable Usage Policy
Term & Conditions
Privacy Policy