Posted on Sep 27 Remember the simplicity of managing your initial AWS infrastructure? A few EC2 instances and an RDS cluster were all manageable until your business and infrastructure grew. Now, you’re swamped with numerous AWS accounts, multiple VPCs, and a plethora of EC2 instances, ECS clusters, and RDS databases.With the growth of your business and infrastructure, your engineering team expanded, and the convenience of everyone having access to everything has now become a ticking time bomb and a significant liability, deviating sharply from the principle of least privilege.Sound familiar? You’re not alone! Many companies desire to reverse this trend, seeking more security, compartmentalization, control, and visibility. The ideal solution? One that integrates seamlessly with AWS, deploys in minutes, centers around Single Sign-On, and avoids complexities for engineering teams. That’s precisely what Border0 delivers!‍Curious to see what Border0 for AWS looks like? Check out this quick 5 minute video Demo!At Border0, our mission is to simplify access management for your AWS services, empowering AWS administrators and security teams to reclaim control and visibility. So today, we’re proud to share more details about our integration with AWS, providing organizations with a streamlined and secure access management journey with Single Sign-On for everything at the center.‍Border0 gives you back visibility and control over your AWS environments by offering granular access control and providing comprehensive audit trails, session logs, and session recordings, allowing you to see exactly who logged in when and even replay the session. It integrates flawlessly with many AWS services, including EC2, ECS, RDS, SSM, EC2 Instance Connect, CloudWatch, and Secrets Manager, to name a few. A modern-day PAM (privileged access management) solution for the cloud! Let’s dive in and explore!Experience seamless Single Sign-On (SSO) integration for your AWS infrastructure and leave the complications of static and shared credentials behind. Border0 enables users to utilize their SSO credentials to access AWS EC2 instances, ECS containers, and RDS databases, eliminating the challenges associated with managing long-lived SSH keys and shared credentials.‍A significant part of the challenge is the sprawl of access that engineers have. With Border0 policies, administrators can now establish dynamic access control rules to manage access to Aws Resources based on specific SSO identities, conditions, and contexts, such as time of day, date, country, IP addresses, and even Pagerduty on-call status. For those seeking more customization, integration with existing policy systems or custom data sources is available, allowing the creation of even more tailored access control rules. This provides a centralized location to manage and enforce all access efficiently!‍Collect all access events across your entire infrastructure centralized in one place, enabling real-time analysis and session replays. See who accessed what AWS resources, when, and from where. Using the session recording capability, you’ll be able to replay all sessions, allowing you to see exactly what database queries were executed by whom, or watch back a video recording of the SSH session! Use one of our integrations to notify your team in real-time by email or Slack of any new sessions, or export it all in real-time to AWS CloudWatch for further analysis.‍By moving to Border0 for access control, you also immediately move to a least privilege access model. You’re no longer providing users access to a network, like with a VPN, but only to the specific services you defined by policy. Moving away from a network-based perimeter security model limits attackers from pivoting and moving around laterally. Congratulations, you’re well on your way to implementing Zero Trust access for your infrastructure, even for resources in a private subnet!‍Border0 not only gives you back control and visibility over who’s accessing your AWS services, but your engineers will love it too!By using Border0, engineers can easily discover all the AWS resources they have access to. Accessing them can be done using their preferred tools (it turns out folks are pretty picky about what SSH or Database clients they use) or use our beautiful and easy-to-use web client, allowing users to access EC2 instances, ECS containers and even RDS databases using just their browser, any time, anywhere!Finally, engineers no longer have to worry about jumping on and off various VPNs. And because we’ve eliminated shared secrets for the users, all they need is their SSO account.‍By now, you may be wondering how to get started. Good news! We’ve worked hard to ensure that adding Border0 to your AWS infrastructure is easy. To get started, you’ll need to install the Border0 connector into your existing AWS VPC(s). To help with this, we’ve made a cloud formation template available that can be launched using a web-based wizard or the following CLI command.border0 connector install --awsThis will spin up an EC2 instance in the AWS VPC and Subnet of your choice. It will also make sure it has the correct IAM credentials, and three minutes later, you’re ready to go! The Border0 connector will register itself, after which it will appear alive in the Border0 portal.‍Border0’s close integration with AWS services and protocols ensures that turning AWS resources into Border0 Services is a low-effort task. Using the AWS discovery plugins, resources like EC2 instances, ECS clusters, and RDS databases will show up as discovered resources within seconds. You can then add them to Border0 with a single click.‍The Border0 connector supports various upstream authentication methods, ensuring the right strategy is available depending on your use case. For example, in addition to static credentials like username and password, SSH keys, or certificates. We also support AWS-specific methods such as EC2 Instance Connect, AWS Systems Manager (SSM), and for databases, we support IAM-based authentication.‍If you’re all in with AWS, then make sure also to enable the AWS CloudWatch integration and send Border0 session logs and audit events to CloudWatch. Additionally, you can use external secret vaults for upstream credentials, including AWS secrets manager or AWS SSM parameter store.‍Before Border0, organizations struggled with high operational overhead, security challenges due to a lack of consolidated privilege management, over-provisioned access, use of shared secrets, and lack of visibility. After implementing Border0, organizations experienced a revolutionary shift and can now define granular access control rules that just make sense, are intuitive, builds on your SSO system, and take real-time context into account. The additional visibility and control is a significant upgrade, and due to the close integration with AWS, deploying Border0 into existing environments takes less than 5 minutes!Best of all, your engineers will love it. With a single SSO login command, engineers can discover the AWS resources that are relevant to them. And log into EC2 instances, containers, Databases, and HTTP services using just their SSO credentials.‍Border0 provides a modern-day Access Management solution for AWS. Built by and for security-conscious cloud-native organizations. Offering a harmonious blend of security, control, visibility, and simplicity. It addresses the challenges of growing infrastructures and provides a seamless, secure, and efficient environment for organizations to thrive in the cloud-native era.But don’t just take my word for it; give it a try today and start your transformation journey with Border0. Sign up for our fully-featured free community edition or schedule a custom demo to explore a world where security and simplicity coexist and elevate your organization’s AWS access management with Border0.Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well Confirm For further actions, you may consider blocking this person and/or reporting abuse Ricardo Sueiras - Sep 11 Sasha Bonner Wodtke - Aug 30 Chris White - Sep 11 Kostas Kalafatis - Sep 9 Would you like to become an AWS Community Builder? Learn more about the program and apply to join when applications are open next. Once suspended, aws-builders will not be able to comment or publish posts until their suspension is removed. Once unsuspended, aws-builders will be able to comment and publish posts again. Once unpublished, all posts by aws-builders will become hidden and only accessible to themselves. If aws-builders is not suspended, they can still re-publish their posts from their dashboard. Note: Once unpublished, this post will become invisible to the public and only accessible to Andree Toonk. They can still re-publish the post if they are not suspended. Thanks for keeping DEV Community safe. Here is what you can do to flag aws-builders: aws-builders consistently posts content that violates DEV Community's code of conduct because it is harassing, offensive or spammy. Unflagging aws-builders will restore default visibility to their posts. DEV Community — A constructive and inclusive social network for software developers. With you every step of your journey. Built on Forem — the open source software that powers DEV and other inclusive communities.Made with love and Ruby on Rails. DEV Community © 2016 - 2023. We're a place where coders share, stay up-to-date and grow their careers.