Posted On: Jun 19, 2023

AWS Verified Access now provides improved logging functionality, making it easier to author and troubleshoot application access policies. Verified Access enables you to provide secure access to your corporate application using zero-trust principles. You can use end-user context, such as user groups and device risk score, from your existing third-party identity and device security services to define access policies. Starting today, you can log all the end-user context received from third-party services, simplifying policy authoring and troubleshooting.

Verified Access logs all application access attempts and their policy evaluation outcomes, whether approved or denied. Prior to this feature, logs covered limited end-user context such as user’s name, email address and device OS. You can use the contexts from the logs to write and debug policies. For instance, if you create an access policy to permit users with *@example.com email, and Verified Access denies a user’s request, you can check the logs to validate the email address shared by your identity service. However, to troubleshoot policies that have more end user context, beyond the limited set, you had to gather information from your third-party services, as Verified Access didn’t log this information. With this new functionality, you can log all the end-user context received from third-party identity and device security services, eliminating the need to get this information from a different source. You can utilize the detailed context from the logs to validate, troubleshoot, and speed up your policy authoring process.

Learn more by visiting the Verified Access product page and documentation.