AWS Verified Access のアイコン

AWS Verified Access New2022年〜

A service providing zero-trust access to corporate applications without a VPN

About 2 min read

What It Does

AWS Verified Access is a zero-trust network access service that provides secure access to internal corporate applications without a VPN. It grants or denies access based on user identity (IAM Identity Center, Okta, etc.) and device security posture (CrowdStrike, Jamf, etc.).

Use Cases

Remote worker access to internal applications, VPN elimination or reduction, per-application access control, and applying access policies based on device security posture.

Everyday Analogy

Think of an office building with smart locks. Previously, a badge (VPN) gave access to every floor. Verified Access performs identity verification and device inspection at each floor (application), granting access only to authorized floors.

What Is Verified Access?

AWS Verified Access is an application access service based on zero-trust principles. Traditional VPNs grant access to the entire network, but Verified Access controls access per application. Policies define "who" from "which device" can access "which application," granting access only when conditions are met.

Trust Providers and Policies

Verified Access uses two types of trust providers. Identity providers (IAM Identity Center, Okta, Ping Identity) verify user identity, and device management providers (CrowdStrike, Jamf) verify device security posture. Access rules are written in the Cedar policy language, enabling fine-grained access control based on user attributes (department, role) and device state (OS version, patch status). For reference material on trust providers and policies, related books on Amazon are a useful resource.

Getting Started

Configure trust providers in the Verified Access console and create a Verified Access instance. Define access groups and endpoints, then write access rules in Cedar policies. Users access the endpoint URL in their browser, and after authentication and device verification, they connect to the application.

Things to Watch Out For

  • Per-application endpoint hourly charges and data processing charges apply
  • Currently supports HTTP/HTTPS applications only. Non-HTTP protocols like SSH and RDP are not supported
共有するXB!

Related Services

AWS IAM Identity Center iconAWS IAM Identity CenterA service that provides single sign-on to multiple AWS accounts and SaaS applicationsAmazon VPC iconAmazon VPCBuild a logically isolated virtual network on AWSAWS WAF iconAWS WAFA firewall service that protects web applications from malicious trafficAmazon CloudWatch iconAmazon CloudWatchA service that provides monitoring, log management, and alarms for AWS resources and applications

Related Articles

Zero Trust Access with AWS Verified Access - VPN-Free Application ConnectivityEliminate VPNs and achieve zero trust access that verifies user identity and device security posture on every request. Learn about fine-grained control with Cedar policies.Zero Trust Network Access - VPN-Free Secure Access with AWS Verified AccessLearn about VPN-less zero trust access with AWS Verified Access. Covers identity provider integration, device trust, policy-based access control, and comparison with traditional VPNs.

More in This Category

Amazon API Gateway iconAmazon API Gateway PopularA fully managed service for creating, publishing, managing, and monitoring APIsAWS App Mesh iconAWS App Mesh SpecializedA service mesh that controls and monitors communication between microservicesAWS Cloud Map iconAWS Cloud Map SpecializedA service discovery service for application resourcesAmazon CloudFront iconAmazon CloudFront EssentialA CDN service that delivers content at high speed from edge locations around the worldAWS Direct Connect iconAWS Direct Connect PopularA service that provides a dedicated network connection between on-premises and AWS for stable, low-latency connectivityElastic IP Address iconElastic IP Address SpecializedA static public IPv4 address that you associate with EC2 instancesElastic Load Balancing iconElastic Load Balancing EssentialA service that automatically distributes traffic across multiple servers for high availability and fault toleranceAWS Global Accelerator iconAWS Global Accelerator SpecializedA service that improves application availability and performance using the AWS global network

Similar Articles and Services

Zero Trust Access with AWS Verified Access - VPN-Free Application ConnectivityEliminate VPNs and achieve zero trust access that verifies user identity and device security posture on every request. Learn about fine-grained control with Cedar policies.AWS Verified AccessA service that provides zero trust access to corporate applications without a VPNZero Trust Network Access - VPN-Free Secure Access with AWS Verified AccessLearn about VPN-less zero trust access with AWS Verified Access. Covers identity provider integration, device trust, policy-based access control, and comparison with traditional VPNs.AWS Zero Trust Networking - Perimeterless Security with Verified Access and PrivateLinkLearn how AWS Verified Access, PrivateLink, and VPC Lattice implement zero trust networking, with a comparison of design differences from Azure Private Link.Amazon Verified PermissionsA service that externalizes application authorization logic using the Cedar policy language