We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”
Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms.
Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes.
Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly.
Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising.
Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by selecting Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice.
We display ads relevant to your interests on AWS sites and on other properties, including cross-context behavioral advertising. Cross-context behavioral advertising uses data from one site or app to advertise to you on a different company’s site or app.
To not allow AWS cross-context behavioral advertising based on cookies or similar technologies, select “Don't allow” and “Save privacy choices” below, or visit an AWS site with a legally-recognized decline signal enabled, such as the Global Privacy Control. If you delete your cookies or visit this site from a different browser or device, you will need to make your selection again. For more information about cookies and how we use them, please read our AWS Cookie Notice.
To not allow all other AWS cross-context behavioral advertising, complete this form by email.
For more information about how AWS handles your information, please read the AWS Privacy Notice.
We will only store essential cookies at this time, because we were unable to save your cookie preferences.
If you want to change your cookie preferences, try again later using the link in the AWS console footer, or contact support if the problem persists.
AWS Verified Access provides secure access to corporate applications and resources without a VPN. It enhances your security posture by allowing you to define fine-grained access policies based on a user's identity and device security state, and enforcing policies on every access request. It simplifies security operations by allowing administrators to create, group, and manage access policies for applications and resources with similar security requirements from a single interface. Verified Access logs each access attempt, so you can efficiently respond to security and connectivity incidents.
Using Verified Access, you can configure fine-grained access policies for your corporate applications and resources such as databases and EC2 instances. Verified Access constantly validates each access request against granular, contextual access policies and dynamically adjusts access permissions. It ensures that access is granted and maintained only when users meet specified security requirements, such as user identity and device security posture.
Verified Access is seamlessly integrated with AWS IAM Identity Center, which allows end users to authenticate with SAML-based third-party identity providers (IdPs). If you already have a custom IdP solution that is OpenID Connect compatible, Verified Access can also authenticate users by directly connecting with your IdP.
Verified Access is integrated with third-party device management services to provide additional security context. Therefore, you can additionally assess access attempts using the security and compliance state of the user’s device.
Verified Access passes signed identity context, such as user alias, to your applications. This helps you personalize your applications using this context, removing the need to reauthenticate the user at your application. The signed context also protects your applications in case Verified Access is accidentally disabled, as the application can reject the request if it doesn’t receive the context.
With Verified Access, you can group applications with similar security needs and create and manage access policies from a single interface. Each application within a group shares a global policy, establishing a baseline security level. This removes the need to manage individual policies for each application. For example, you can group all “dev” applications and set a group-wide access policy.
Verified Access offers continuous monitoring and detailed logging of access attempts so you can quickly respond to security and connectivity incidents. Verified Access supports delivery of these logs to Amazon Simple Storage Service (Amazon S3), Amazon CloudWatch Logs, and Amazon Kinesis Data Firehose. Verified Access supports the Open Cybersecurity Schema Framework (OCSF) logging format, making it easier for you to analyze logs using one of the supported security information and event management (SIEM) and observability providers.
Provides secure access to HTTP(S) applications, such as browser-based applications, and TCP applications such as Git repositories, which can be accessed using a command-line terminal or desktop application.
Provide access to a group of AWS infrastructure resources such as EC2 instances within a VPC, by specifying their IP address and Port range.