HackerTrans
TopNewTrendsCommentsPastAskShowJobs

binoycyber

no profile record

Submissions

Ask HN: How do you manage cloud access for your team without a VPN?

1 points·by binoycyber·4 miesiące temu·4 comments

comments

binoycyber
·4 miesiące temu·discuss
We are trying to address the Backend applications that are not required to be publicly accessible for everyone except the employees/contractors. Things like internal dashboards, UAT testing environments, etc.

The target audience is the ones who have no AWS credentials but should access an application hosted in one of the CSP-hosted environments.
binoycyber
·4 miesiące temu·discuss
SSO as in Single Sign On? Yes and No, SSO allows AWS or other cloud CSP accounts to access the infrastructure, but it will not hide it from the internet. If it is exposed, then you would have an increasing attack surface compared to a hidden environment.
binoycyber
·4 miesiące temu·discuss
What good is a VDP if the infrastructure is visible to the entire internet to begin with?

Exposed keys are a symptom; the real problem is infrastructure that's reachable from the public internet in the first place. The reason this keeps happening is that the standard solutions; VPNs and static IP whitelisting, have enough friction that small teams implement them poorly or skip them entirely.

If your backend systems aren't publicly reachable, a leaked key has nowhere to go. The secret leaks — but the infrastructure doesn't. The exception is services like S3 that are inherently public-facing — those still need their own access controls regardless.

I've been building something that tackles this directly (dynamic firewall management — writes your team's live IPs to security groups on login, removes them on logout). Happy to share more if anyone's curious.