by Emrul Islam -

Announcing Twingate's AWS Marketplace listing and integration

Announcing Twingate's AWS Marketplace listing and integration

Twingate is now also available in the AWS Marketplace so organizations can obtain Twingate directly through AWS and benefit from simplified procurement and billing. Along with this update we’re also pleased to announce that our AWS customers have even more choice to manage their Zero Trust access controls. Administrators can use our AWS CloudWatch Lambda integration to both define resources and manage access directly from the AWS Management Console with AWS Resource Tags.

Twingate is a Zero Trust Remote Access solution that makes it easy for network administrators to provide secure fine-grained access to internal or private resources. With Twingate, resources become available only once administrators have deployed our solution within their networks and have defined accessible resources.

Twingate Administrators are able to manage access to resources using several approaches to suit their needs:

  • Managing group memberships through our Identity Provider integrations (using SCIM)
  • Assigning resources via our web-based Admin Console
  • Using our Terraform or Pulumi providers
  • Using tg, our Open Source Command Line Interface
  • The new AWS CloudWatch Lambda integration - the topic of this blog post.

The Lambda integration supports a range of AWS resources including EC2 instances, RDS databases and ECS services.

Demo video

A video walkthrough is available here: How to manage Twingate within AWS

Use cases

This approach can be useful where there’s a need to allow AWS administrators to not only define the resources in AWS but manage remote access. This tooling can help delegate access control management especially in situations where AWS administrators may face internal friction or operational constraints in amending Terraform or Pulumi scripts or updating groups within an Identity Provider. For example:

  • Allowing teams to self-administer remote access to certain environments
  • Enabling more decentralised access controls for some or all environments
  • Using AWS as the Source of Truth for remote access.

Technical architecture

The technical approach is based on a serverless workflow that involves a Lambda function to listen to CloudWatch Events within AWS. When a Resource Tag is modified the Lambda will call the Twingate API to make a corresponding change to reflect the tag value.

Deploying Twingate AWS Tag Sync

If you’d like to create a sandboxed AWS environment to test out this feature, check out our AWS Terraform guide.

The AWS Tag Sync functionality is currently in beta and available in the Twingate AWS Tag Sync repository along with deployment instructions. Users need appropriate permissions in their AWS account to deploy the CloudFormation stack.

You can follow the instructions in the repository or also use the Twingate CLI tool to deploy the Lambda with the command: tg deploy aws tag-sync - this command will automate uploading the Lambda code to S3 and deploying the CloudFormation stack.

Get started with Twingate today

Twingate makes Zero Trust remote access easy for organisations to adopt. Our device posture checks, integrations into best-of-breed solutions such as CrowdStrike Falcon, and Secure DNS are just a few of the unrivalled set of integrated components that help organisations solve their Remote Access problems. Sign up for free or request a demo today!

If you’re already leveraging AWS, you can also sign up directly through our Marketplace listing.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Featured Articles