Posted On: Apr 28, 2023
Today, AWS announces the general availability of AWS Verified Access, a service that helps you provide secure access to your corporate applications without using a VPN. Built based on AWS Zero Trust principles, you can use Verified Access to implement a work-from-anywhere model with added security and scalability.
Verified Access evaluates each access request in real time based on the user’s identity and device posture using fine-grained policies. For instance, you can create policies that permit only certain user groups to access specific applications, and only if they are using compliant devices. Verified Access now includes support for AWS WAF to further increase application security. Using AWS WAF, you can filter out broad internet-based threats, including SQL injection and cross-site scripting. Additionally, Verified Access now passes signed identity context, such as a user’s login alias, to your applications. If your application receives a request without the signed context, it can reject the request, increasing its security. The signed context also includes user attributes such as role and department, which can be used to streamline application personalization. For example, you can display custom content in your application based on employee roles.
Verified Access is available in 10 AWS Regions: US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Sydney), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), and South America (São Paulo).
To get started, see the following list of resources: