Implementing Zero Trust Access for AWS Access Portal
Oskar Ablimit
Cloudflare Enterprise Account Executive | Engineering in Cloud Computing |@ex-AWS| @ex-Alicloud | @ex-Tencent Cloud
Learn by Doing - Implementing Zero Trust Access for AWS Access Portal( https://docs.aws.amazon.com/signin/latest/userguide/iam-id-center-sign-in-tutorial.html)
As a tech salesperson with an engineering mindset, every time before?presenting any product or solution, I often make a simple experiments to ensure I fully understand the solution.. Recently, a customer expressed interest in implementing a Zero Trust Access solution, particularly for adding an AWS access portal behind the Zero Trust Access layer. The? aim is to enhance the visibility into AWS Cloud and application access.
As I am familiar with both AWS and Cloudflare,? I made? a simple hands-on experiment to? better understand the capabilities of Zero Trust Access in this case. Here's how I did it:
Step 1: Creating an AWS Application in Cloudflare's Zero Trust Console. You can find the details of , Entity ID, Assertion Consumer Service URL in the AWS IAM Center in Step 2. These settings establish the connection between Cloudflare Access and AWS IAM environment.
Step 2: Configure the Identity Provider (IdP) in AWS IAM. Specifically,? log into AWS account -> enable IAM under your organization -> configure the external Identity provider using these specific actions.
For the IdP configuration in AWS, you'll need information from the Cloudflare Access Console from step 1.
Sign-in URL: endpoint from the Cloudflare console. Issuer URL: ID from the Cloudflare console. IdP certificate: Generate a .crt file using the public key from the Cloudflare console. Ensure the format. Use this information in the AWS Access Portal to complete the Cloudflare Access setup from Step 1.
Step 3: Configuring Access Policies in Cloudflare Zero Trust Console.
领英推荐
Step 4: Customising the Access Portal, for my case, I personalised it as, https://mycodeforever.awsapps.com/start.? Users who access this URL will be redirected to the Cloudflare Access portal for authentication. Users will be prompted to enter a one-time PIN sent to his team email to verify.?
Step 5: After enter the right PIN, user can access to AWS User Portal.
With this, now I can:?
1. Have visibility into user logins, enhancing security and monitoring capabilities.
2.? Manage user access effectively, ensuring only authorized users can access AWS resources.
3. Implement zero trust into external SaaS application
Is not it cool??
Looking to Enhance Your LinkedIn Engagement? Heet.ai Has You Covered (Get a Free Trial)
1 年Oskar Ablimit, I appreciate your proactive approach in conducting hands-on experiments to fully understand the solution before presenting it to customers, and I'm curious to know how your experiment with Zero Trust Access for AWS access portal using AWS and Cloudflare turned out.
Principal Product Manager at Cloudflare
1 年Great write up!!!