What is AWS Verified Access?
AWS Verified Access implements a zero-trust approach for accessing corporate applications in AWS. Instead of a VPN that grants users access to the entire network, Verified Access checks the user’s identity and the device’s security posture with each access attempt.
The service sits between the user and the application. It authenticates the user via an identity provider, optionally checks the device posture (e.g., current patches, endpoint protection), and grants access only when all defined policies are met. The application itself does not need to be modified.
Core Features
- Identity-Based Access: Access control based on user identity from OIDC providers
- Device Posture: Verification of device security state via CrowdStrike, Jamf, and other providers
- Policy Engine: Cedar-based policies for granular access decisions
- No VPN Required: Direct, secure access to applications over the internet
- Logging: Detailed access logs in CloudWatch, S3, or Kinesis Data Firehose
Typical Use Cases
Remote Access Without VPN: Enable employees to securely access internal applications without installing a VPN client. Access is through the browser, authenticated via the corporate IdP.
Contractor Access: Grant external contractors access to specific applications without giving them VPN access to the entire network. Policies define exactly which applications are accessible for which user groups.
Compliance-Compliant Access Control: Ensure that only devices with current security updates and active endpoint protection can access sensitive applications.
Benefits
- Higher security than network-based VPN access
- No VPN infrastructure to operate
- Granular access control per application
- Improved user experience without VPN client
Integration with innFactory
As an AWS Reseller, innFactory supports you with AWS Verified Access: designing a zero-trust architecture, integrating with your identity provider, and migrating from VPN-based access to identity-based access control.
Typical Use Cases
Frequently Asked Questions
What is AWS Verified Access?
AWS Verified Access is a service that enables secure access to your corporate applications without requiring a VPN. Access is verified based on user identity and device security posture before granting access.
How does Verified Access differ from a VPN?
A VPN grants access to the entire network. Verified Access grants access to individual applications based on identity and device security posture. It follows the zero-trust principle: no automatic trust, every access is individually verified.
Which identity providers are supported?
Verified Access supports AWS IAM Identity Center, Okta, JumpCloud, and other OIDC-compatible identity providers. For device posture checks, CrowdStrike and Jamf can be integrated.