Okta and AWS Partner to Secure EC2 Instances with the Okta Advanced Server Access Quick Start

Millions of companies – including many Okta customers – rely on Amazon Web Services (AWS) to power their businesses. According to 2020's [email protected] Report, AWS has risen steadily from sixth place five years ago to the second most popular cloud app used by Okta customers.

As companies increasingly use AWS to power their infrastructure, they face challenges securing privileged access, maintaining, and rotating keys of their server infrastructure. Organizations face maintenance and security burden every time employees join, move, or leave the organization, when server keys are regularly rotated to meet compliance requirements, and when server keys are accidentally disclosed or stolen.

To overcome these challenges, Okta and AWS partnered to include Okta Advanced Server Access (ASA) on the AWS Quick Starts program. The ASA Quick Start allows organizations to use Okta's Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Account Lifecycle (LCM) to access Amazon EC2 servers, eliminating the need for static keys:

Privileged access to EC2 instances with Okta ASA and the AWS Quick Starts

With the Okta ASA Quick Start, you can easily:

  1. Add Okta's Single Sign-On (SSO), Adaptive Multi-Factor Authentication (MFA), and Privileged Access Control to secure access to servers, eliminating the use of static keys and credentials to access the server infrastructure.
  2. Automate account lifecycle management with granular and time-based access permissions to EC2 instances, tightening security to servers at scale.

The AWS Quick Start includes an AWS CloudFormation template that automates the deployment of EC2 instances integrated to Okta ASA, a deployment guide that outlines the architecture, and step-by-step instructions, providing a blueprint for bolstering security on your existing EC2 servers. 

The Okta ASA Quick Start helps organizations apply Okta's best-in-class security to their Amazon infrastructure, securing access to servers while reducing the burden with managing server keys,” said Dave May, Partner Solutions Architect at AWS. “Okta's Quick Start is reviewed by AWS and follows our best practices for security and high availability.

How to get started?

To get started, access the Okta ASA Quick Start on AWS's Quick Starts Portal. From there, review the information, click View deployment guide for details, and follow the deployment steps to get an Okta Advanced Server Access instance and launch the cloud formation template, as shown below.

The template provides initial values for adding Okta ASA to two new servers – a Linux Bastion and a Linux Target server – into a new VPC. However, you can change these settings to add the Bastion and Target servers to an existing VPC. To customize the settings, you can leverage the description for each field available in both the AWS Quick Start user interface and the deployment guide:

After the integration is completed, Okta users assigned to the ASA project can access the Linux Bastion and Linux Target with Okta Single Sign-On and Adaptive Multi-Factor Authentication:

Shifting Identity Left

This collaboration with Amazon is part of our goal to mitigate the use of static keys in the infrastructure, and to make identity part of your DevOps automation — not an afterthought (something we call Shift Identity Left).

 

To learn more about this initiative, check our DevOps page and our integrations with Ansible, Chef, Puppet, and Terraform. And to get started with ASA on AWS, try our Quick Start and Cloudformation template.