Integrating AWS Client VPN into Your IT Environment

Written by Zach DeMeyer on July 2, 2020

Share This Article

Ensuring remote workers can securely access on-premises and Amazon® Web Services (AWS®)-based infrastructure is a critical demand of today’s IT administrators. While many utilize dedicated virtual private networks (VPNs) to do the job, AWS offers its own managed VPN service to obviate the need for server hardware. Integrating AWS Client VPN into your IT environment is simple with the help of a cloud directory service.

What is AWS Client VPN?

AWS Client VPN is a free, AWS-hosted VPN service, providing encrypted remote access to AWS and on-prem infrastructure. In practice, it works much like a normal VPN would but uses pre-configured OpenVPN infrastructure so you don’t have to worry about setting up and maintaining VPN servers. 

In order to authenticate to AWS Client VPN, end users provide their AWS credentials. Admins can simplify this process by tying organizational AWS identities into the core identity provider (IdP) through a single sign-on (SSO) solution, reducing the amount of unique authentications end users deal with. AWS Client VPN also supports multi-factor authentication through these tools.

Although the “VPN-as-a-Service” that AWS Client VPN provides is ideal for organizations that want to shift their on-prem infrastructure to the cloud, it can carry a bit of irony. Often, the IdP employed by admins as the source of truth of AWS identities is Microsoft® Active Directory® (AD). AD is generally an on-premises directory service implementation, so organizations using AD will inherently have a foot cemented on-prem — regardless of AWS Client VPN.

Fully Cloud AWS Client VPN Identity Management

IT administrators can achieve fully cloud-based identity and access management for AWS Client VPN and the other work resources in play at their organization through a cloud directory service. The cloud directory service reimagines Active Directory for modern IT needs, providing a single pane of administrative glass for user management, Windows®/Mac®/Linux® system management, SSO, network authentication, and more.

A cloud directory service like JumpCloud® Directory-as-a-Service® enables IT admins to shift off on-prem infrastructure almost entirely, using SAML SSO to federate identities to AWS Client VPN and hundreds of other applications

From an end user’s perspective, they simply have to log in with their centralized JumpCloud password to their web-based User Portal, which can be safeguarded with MFA, and then they’ll have access to AWS Client VPN and all of their requisite applications and other services. This User Portal password is the same password they’ll use to access their systems and networks as well. With SAML IdP initiated logins, users click the icon for the app they need, and are logged in instantly.

With one consolidated identity backed by MFA, end users can create complex, secure passwords to keep them safe from attack. JumpCloud even provides a route for system-based password management on Windows and Mac, which helps to prevent users from falling for phishing attempts in phony emails or web pages.

Try JumpCloud for Free

Consolidate your identity and access management needs with JumpCloud Directory-as-a-Service. You can use the product free for up to 10 users and systems forever just by signing up.

Continue Learning with our Newsletter