Robust audit trail through of all activity via automated session recording and playback.Enhanced authorization with granular, protocol-level RBAC (for example, Teleport roles can provide different levels of access for an EC2 Linux instance and a Postgres RDS instance).Sophisticated security features available in open source such as per-session MFA, and support for biometric authentication methods such as Touch ID and Face ID.Out-of-the-box enhanced authentication with support for any OIDC or SAML identity provider.Teleport also supports identity-based access for other AWS managed services such as Amazon RDS, Amazon EKS, and even RDP for Windows. A robust bastion host that goes beyond supporting only SSH for Linux hosts.While Teleport provides the same advantages of using a traditional bastion host, it has a number of advantages for securing your AWS infrastructure over the bastion host instances alone. This tutorial will describe how to create a bastion host in AWS using the open-source solution Teleport. To understand why this approach is important to improve infrastructure access security, read our blog on why you still need a bastion host for more details. The bastion host or jump server provides secure access to private instances by limiting the exposure from public IPs. To access and manage Amazon EC2 instances running in a private subnet, a bastion host is deployed in the public subnet. For example, a database backend is typically provisioned within a private subnet while web servers connected to a load balancer are launched in a public subnet. One of the best practices for running secure workloads on Amazon Web Services is to isolate the instances into private and public subnets of a Virtual Private Cloud (VPC). In subsequent tutorials, we will explore topics such as IAM joining, accessing services across availability zones of the AWS cloud, managing access with multiple AWS accounts, and more. In the first part of the series, we will explore how to replace a traditional bastion host with a secure Teleport proxy and authentication server. Part 1: Protect AWS ec2 SSH access with Teleport as a bastion host. We will demonstrate these use cases using Teleport, an open-source, identity-based access solution that unifies access for AWS services such as EC2, RDS, EKS, and more. This multi-part tutorial will show how DevOps teams can secure their AWS services using a zero-trust, identity-based approach that not only increases security, but improves developer productivity. Protecting these mission-critical applications from potential attacks requires moving beyond typical security approaches such as using only a jump box or firewall to control access. More and more business-critical applications run on Amazon Web Services.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |