Using boundary for accessing private resources in AWS

Hi there,

I am looking for information about Boundary. Can it be utilised similar to “VPN”, my case exactly is, I would need to access some services running in AWS ElasticBeanstalk that are not exposed to internet. Later I would involve that setup in accessing some kind of company internal documentation site, also living in private subnets in AWS.

Can someone let me know if Boundary is appropriate tool for that use case and if yes, can someone point me towards a proper setup for it?

Currently team is using NGROK to bridge that gap, but that service is exposed to internet and we would like to move away from that approach to something more secure and reliable. NGROK is also exposing developer lap top to internet…

Many thanks in advance,
Nikola

That’s definitely within the targeted set of use cases of Boundary. In this case as long as your Elastic Beanstalk services are accessible via layer-4 proxying, you should be fine.

What you would need to do is expose the Boundary controllers and workers to the IP addresses your clients will be coming in from (this could be the entire Internet, but doesn’t have to be, for example if all your clients are in an office in a known subnet). Then the clients will authenticate through the controllers and connect to private servers and services through the public-facing workers. The services and servers themselves can stay private from the Internet as long as the workers can access them over TCP.

Specific setups will vary but we have some general walkthroughs on providing secure access with Boundary in our Learn site’s Boundary section.

1 Like

Many thanks for your response. I will try with suggested approach and see what comes out.
Thanks once again.

Regards,
Nikola