I’ve been working DevOps on cloud environments for a while now, and it’s almost always a given that you need a virtual private network (VPN) when you’re working in the cloud. For a time, OpenVPN was the go-to solution (possibly because people thought it was the only one), but after gaining more experience with VPNs, you realize there are just a few viable options — each with distinct pros and cons.
So when AWS came out with a VPN solution for AWS environments, I was pretty excited and wanted to know about its features, usage, pricing and everything else. But, at the initial launch, I have to say I was a little disappointed. The main two reasons for disappointment were a lack of SAML (Security Assertion Markup Language) authentication and that this VPN only worked on Mac and Windows (I use Linux daily, but there wasn’t Linux client support). However, as is the case with many AWS services, everything changed in just a few short months. Now there’s support for SAML and an AWS VPN Linux client, which I think are both good reasons to revisit this product.
The AWS VPN is an excellent alternative to OpenVPN and offers a lot of utility and flexibility when you use it with your SSO (single sign-on). AWS made this VPN service more useful with the addition of new authentication features. Now, you can use the AWS VPN with less of the hassle of managing a VPN for many different users — avoiding creating separate client endpoints and issuing separate certificates for every VPN user.
In this overview, I’ll show you how to leverage AWS VPN’s authentication features, including federated access through SAML and when you’re using the Linux desktop client. The AWS VPN offers support for several types of authentication, offering additional flexibility with controlling access. Initially, the only two ways to authenticate were by exchanging certificates and using active directory support.
SAML support streamlines the VPN experience for users and enables you to more easily control, grant, and revoke access as needed. By setting up your SSO to work with AWS VPN, you can connect and create as many profiles as you need for users while also simplifying the process of configuring and managing the VPN and access.
This process works inside the AWS SSO console and requires some custom settings in addition to downloading a VPN client. Once you’ve set up your VPN profile, you can launch via a VPN application tile in your SSO console.
Create a custom SSO application
Creating the VPN
Using AWS Client VPN
If you have issues connecting, refresh and relaunch the application and client and try again. You will probably need to keep the client open and your AWS application active to use your VPN service.
In June 2021, AWS released support for SAML-based federated authentication on the Linux desktop AWS Client VPN. This desktop client already supported certificate-based and Active Directory authentication and now offers more authentication flexibility.
With the scalability and flexibility of the AWS Client VPN service and application, there are a variety of use cases. Securely access your on-premises environment and scale remote access. Organizations undertaking a cloud migration, supporting a remote workforce, or looking for a fully managed VPN solution could benefit from trying the AWS VPN service.
Do you need help with your AWS infrastructure? Connect with the nClouds team — we can help free up your engineers for high-value, innovative projects to achieve your technical and business goals on AWS. Contact us.