for AWS FAQ

What is for AWS? lets you reimagine AWS access with a new kind of zero-trust solution. Control VPC access by a user email address (OAuth); restrict access down to the resource/instance with Service (ssh, https, etc.) Isolation; eliminate attack surfaces by closing all inbound ports; eliminate the need to manage IP whitelists for access. for AWS is an all-in-one secure connectivity solution that lets you reinvent how you manage remote access to your AWS VPC:

  • Eliminate open ports and eliminate a primary attack surface. 
  • No more managing IP whitelists
  • Grant and revoke access by user ID not IP address
  • Restrict access to specific user IDs and services like HTTPS or SSH
  • Provide an auto maintained access log for auditing is offered as a free trial AWS Marketplace BYOL application that automatically provisions a t2.micro EC2 instance at install-time to provide link connections to any application/ip address:port in your VPC.  Marketplace SaaS subscriptions are available after the initial 30-day trial.


Why would I want to use for AWS? allows you to completely eliminate the attack surface of your VPC and simplify user access to your cloud infrastructure.  With, your AWS cloud infrastructure is completely invisible to the public internet. adds an extra level of protection by closing all open ports at your AWS global IP address - even the port(s) used to host a VPN server - while still maintaining full control and reachability for your development team.


In addition, eliminates the need to manually maintain an IP address restriction whitelist in your AWS Security Groups.  Instead of relying on IP address whitelists, access to your VPC can be granted using email account authentication from Google sign-in (OAuth).


How does work? launches a new EC2  instance in your VPC whose sole purpose is to provide connectivity to authenticated users into VPC resources, without presenting an open port to the public internet.  It does this by maintaining a persistent, low-data rate, UDP connection between the AMI installation on your VPC, and the cloud service.  These UDP connections originate from inside your VPC, so there is no need to leave an open port at the public IP where your VPC Gateway resides.  


When an authenticated user (authenticated via Gmail login) using the client application wants to connect to a VPC resource like Redis, the cloud service brokers a connection between the two endpoints ( client and instance inside the VPC) creating a peer-to-peer connection routed over the internet using industry-standard end-to-end encryption.  Like a traditional VPN, there is no intermediary proxy server in the connection data path.  But unlike a traditional VPN, there is no need to create a potential attack surface at your VPC by leaving an open port for a VPN server listening for inbound connections.


Does see my VPC instances and cloud resources?

The cloud service does not route or relay any network traffic.  Our service maintains a database of IP addresses/ports used by your account in order to set-up peer-to-peer connections on your behalf.   But all connections brokered by our service for AWS are peer-to-peer and do not traverse any servers or infrastructure.  Your traffic is routed over the internet like any other connection between a browser and a web server.


Does see my network traffic?

No. All connections brokered by our service into AWS VPCs are peer-to-peer and do not traverse any servers or infrastructure.


Why is it better than using a VPN? can coexist with any VPN.  Popular VPN applications like OpenVPN or WireGuard can run over connections.  The main advantage of running a VPN using a connection is that there is no open port at the VPN server side of the connection, thereby eliminating an attack surface.  Any open port on a public IP at AWS is an attack surface that can be exploited. eliminates the need to open any port at your VPC because the connections into the VPC are actually originating from within the VPC.


Is my connection encrypted end-to-end?

Yes, connections are encrypted end-to-end and use the same encryption required by the connection type.  For example, HTTPS connections over are peer-to-peer and use SSL/TLS like any browser/web server on the internet.


How do I share access to my AWS VPC among a group of people?

Access to any application (IP:port) in the VPC is always under your full control.  Users are granted access to individual applications (IP:port) inside the VPC  by using the Share Device and Share Device List features.  The AMI owner can simply enter the email addresses (gmail) of the intended recipients and they will receive an email inviting them to sign in and connect.  Individual Team members do not need to create a account.  One will be created automatically.  However, they will need to download the client application to connect to the VPC using


What are the licensing terms and monthly cost of for AWS? is available in the AWS Marketplace under a free trial-period license.  The free trial is offered under the AWS BYOL (Bring Your Own License) model.  See our AWS Marketplace Page. To activate your trial license, go to to receive your license key. The same key may be used to install additional instances to service other AWS regions, availability zones, and VPCs as needed depending on your AWS cloud network configuration. You may install as many hosted connections (services) as needed on each instance.  After the free trial, you will need to transition to a paid monthly subscription offered under the AWS SaaS model. Find the SaaS at the appropriate AWS Marketplace Page. There is no cost associated with launching more instances (other than the cost of the EC2 instances themselves). pricing is based on the total number of services (UDP/TCP ports) enabled for connections. See AWS Marketplace for details.

Was this article helpful?
0 out of 0 found this helpful