An increasing amount of company traffic now travels over the Internet as organizations migrate to the cloud and adopt remote work policies. This article discusses the best way to provide secure remote access to Amazon AWS with GoodAccess including a step-by-step guide.
Once stored in the cloud, your data is protected by Amazon’s security measures that extend to all its AWS infrastructure including hardware and software. However, you as the customer have the responsibility to secure the servers and devices at your end and protect your data during transit.
This means that even while observing recommended best practices, your users and parts of infrastructure are still vulnerable to network-borne attacks, and you need to put additional measures in place to ensure your data is safe.
The quickest and easiest method to secure remote access is to use a cloud-based VPN, which allows all users to connect to the entire IT infrastructure via a single unifying network regardless of the physical location.
The way you actually attach your AWS VPC to the rest of your private infrastructure is by whitelisting the IP address of your VPN gateway.
IP whitelisting is a security technique where access is only allowed from a trusted IP address (you need a static IP address to do this). Access from outside the pool of allowed IP addresses will be restricted.
This means that any system inside a company infrastructure can only be accessed by users with the organization’s IP address regardless of where they connect from.
For a full article on IP whitelisting, click here.
The GoodAccess cloud VPN service conceals all company traffic with network- and application-layer encryption, preserving the privacy of communications traveling through the public Internet, and provides a unique static IP address that you can whitelist in your AWS EC2 virtual server.
In this way, you turn all your communications that pass through the VPN tunnel completely private regardless of where they originate or where they are headed.
AWS offers two VPN services - a site-to-site VPN to connect branches and datacenters and a client VPN for remote users. You can build a remarkably fast and stable global infrastructure with these, but you need a lot of time and skills to do that.
To build flexible multisite connections you’d need a transit gateway, which is costly, especially at higher traffic volumes, and to maintain a global high speed, you would have to spend some time configuring the AWS modify capabilities as well.
Remote user access also takes work, as you have to set up every endpoint manually, can’t use 3rd-party SSO (besides MS Active Directory), and have to manage access by manually associating clients with corresponding subnets (so you must define your systems in those subnets first, and then control access via associating client IP ranges).
To sum it up, if you are only looking to connect one site to your cloud, you may be better off with the AWS VPN.
However, if you have a multicloud and multisite infrastructure with a legion of remote workers, you should check out a dedicated VPN solution, such as GoodAccess.
To do this, you need to have your GoodAccess VPN with a static IP address. If you don’t have one, check out the 14-day trial.
Open your AWS EC2 Management, then go to Security Groups under the Network & Security section. There, click on Create security group.
Fill out the following information:
In the Inbound rules section, fill out the following:
Click Create security group.
Now you need to attach resources to your new security group.
First, back on your Amazon EC2 Dashboard and select Instances under the Instances section.
There, select the instances you’d like to commit to the security group by clicking Actions, then Networking, and Change Security Groups.
Select the newly created security group and click Assign security group.