What is remote.it for AWS?
remote.it lets you reimagine AWS access with a new kind of zero-trust solution. Control VPC access by a user email address (OAuth); restrict access down to the resource/instance with Service (ssh, https, etc.) Isolation; eliminate attack surfaces by closing all inbound ports; eliminate the need to manage IP whitelists for access.
remote.it for AWS is an all-in-one secure connectivity solution that lets you reinvent how you manage remote access to your AWS VPC:
- Eliminate open ports and eliminate a primary attack surface.
- No more managing IP whitelists
- Grant and revoke access by user ID not IP address
- Restrict access to specific user IDs and services like HTTPS or SSH
- Provide an auto maintained access log for auditing
remote.it is offered as a 30-day free trial AWS Marketplace BYOL application that automatically provisions a t2.micro EC2 instance at install-time to provide jump host connections to any application/ip address:port in your VPC. Marketplace SaaS subscriptions are available after the initial 30-day trial.
Why would I want to use remote.it for AWS?
remote.it allows you to completely eliminate the attack surface of your VPC and simplify user access to your cloud infrastructure. With remote.it, your AWS cloud infrastructure is completely invisible to the public internet. remote.it adds an extra level of protection by closing all open ports at your AWS global IP address - even the port(s) used to host a VPN server - while still maintaining full control and reachability for your development team.
In addition, remote.it eliminates the need to manually maintain an IP address restriction whitelist in your AWS Security Groups. Instead of relying on IP address whitelists, access to your VPC can be granted using email account authentication from Google sign-in (OAuth).
How does remote.it work?
remote.it launches a new EC2 instance in your VPC whose sole purpose is to provide connectivity to authenticated users into VPC resources, without presenting an open port to the public internet. It does this by maintaining a persistent, low-data rate, UDP connection between the remote.it AMI installation on your VPC, and the remote.it cloud service. These UDP connections originate from inside your VPC, so there is no need to leave an open port at the public IP where your VPC Gateway resides.
When an authenticated user (authenticated via Gmail login) using the remote.it client application wants to connect to a VPC resource like Redis, the remote.it cloud service brokers a connection between the two endpoints (remote.it client and remote.it jump host inside the VPC) creating a peer-to-peer connection routed over the public internet using industry-standard end-to-end encryption. Like a traditional VPN, there is no intermediary proxy server in the connection data path. But unlike a traditional VPN, there is no need to create a potential attack surface at your VPC by leaving an open port for a VPN server listening for inbound connections.
Does remote.it see my VPC instances and cloud resources?
The remote.it cloud service does not route or relay any network traffic. Our service maintains a database of IP addresses/ports used by your account in order to set-up peer-to-peer connections on your behalf. But all connections brokered by our service for AWS are peer-to-peer and do not traverse any remote.it servers or infrastructure. Your traffic is routed over the internet like any other connection between a browser and a web server.
Does remote.it see my network traffic?
No. All connections brokered by our service into AWS VPCs are peer-to-peer and do not traverse any remote.it servers or infrastructure.
Why is it better than using a VPN?
remote.it can coexist with any VPN. Popular VPN applications like OpenVPN or WireGuard can run over remote.it connections. The main advantage of running a VPN over a remote.it connection is that there is no open port at the VPN server side of the connection, thereby eliminating an attack surface. Any open port on a public IP at AWS is an attack surface that can be exploited. remote.it eliminates the need to open any port at your VPC because the connections into the VPC are actually originating from within the VPC.
Is my connection encrypted end-to-end?
Yes, remote.it connections are encrypted end-to-end and use the same encryption required by the connection type. For example, HTTPS connections over remote.it are peer-to-peer and use SSL/TLS like any browser/web server on the internet.
How do I share access to my AWS VPC among a group of people?
Access to any application (IP:port) in the VPC is always under your full control. Users are granted access to individual applications (IP:port) inside the VPC by using the remote.it Share Device and Share Device List features. The remote.it AMI jump box owner can simply enter the email addresses (gmail) of the intended recipients and they will receive an email inviting them to sign in and connect. Individual Team members do not need to create a remote.it account. One will be created automatically. However, they will need to download the remote.it client application to connect to the VPC using remote.it.
What are the licensing terms and monthly cost of remote.it for AWS?
remote.it is available in the AWS Marketplace under a 30-day free trial license. The free 30-day trial is offered under the AWS BYOL (Bring Your Own License) model. To activate your 30-day license go to https://remote.it to receive your license key. The key may be used to install additional remote.it instances to service other AWS regions, availability zones, and VPCs as needed depending on your AWS cloud network topology. You may install as many hosted connections (services) as needed on each remote.it instance (e.g. remote.it jump box). remote.it recommends a maximum of 100 services per jump box simply to maintain an easy-to-navigate service list on each instance. After the free trial, there is no cost associated with having more jump box instances. Pricing is based on the number of services (UDP/TCP ports) enabled.