Integrating AWS Client VPN into Your IT Environment - Security Boulevard

SBN Integrating AWS Client VPN into Your IT Environment

Ensuring remote workers can securely access on-premises and Amazon® Web Services (AWS®)-based infrastructure is a critical demand of today’s IT administrators. While many utilize dedicated virtual private networks (VPNs) to do the job, AWS offers its own managed VPN service to obviate the need for server hardware. Integrating AWS Client VPN into your IT environment is simple with the help of a cloud directory service.

What is AWS Client VPN?

AWS Client VPN is a free, AWS-hosted VPN service, providing encrypted remote access to AWS and on-prem infrastructure. In practice, it works much like a normal VPN would but uses pre-configured OpenVPN infrastructure so you don’t have to worry about setting up and maintaining VPN servers. 

In order to authenticate to AWS Client VPN, end users provide their AWS credentials. Admins can simplify this process by tying organizational AWS identities into the core identity provider (IdP) through a single sign-on (SSO) solution, reducing the amount of unique authentications end users deal with. AWS Client VPN also supports multi-factor authentication through these tools.

Although the “VPN-as-a-Service” that AWS Client VPN provides is ideal for organizations that want to shift their on-prem infrastructure to the cloud, it can carry a bit of irony. Often, the IdP employed by admins as the source of truth of AWS identities is Microsoft® Active Directory® (AD). AD is generally an on-premises directory service implementation, so organizations using AD will inherently have a foot cemented on-prem — regardless of AWS Client VPN.

Fully Cloud AWS Client VPN Identity Management

IT administrators can achieve fully cloud-based identity and access management for AWS Client VPN and the other work resources in play at their organization through a cloud directory service. The cloud directory service reimagines Active Directory for modern IT needs, providing a single pane of administrative glass for user management, Windows®/Mac®/Linux® system management, SSO, network authentication, and more.

A cloud directory service like JumpCloud® Directory-as-a-Service® enables IT admins to shift off on-prem infrastructure almost entirely, using SAML SSO to federate identities to AWS Client VPN and (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at:

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 492 posts and counting.See all posts by zach-demeyer