By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Advice on securing an intranet web app

0

Hello we currently run a third party intranet browser based app. The single server is in a data centre and access is a public facing IP address secured by a Netscaler enabling 2FA authentication (physical fobs) and then forwarding to the internal url for the app login.

We wish to migrate the server to AWS (seems straightforward) and then allow secure MFA access. What can we use to replace the Netscaler's role. Ideally clients will use Microsoft or Google Authenticator soft MFA. The app itself is a third party CRM system and we don't have access to the codebase. I'm a bit lost with the AWS options such as WAF, Cognito etc. Is someone able to offer advice on what to use or indeed if Cognito etc. are the right tools. I guess this must be a fairly common requirement but I can't find anything on the knowledge base.

Thank you.

Topics
Security, Identity, & ComplianceNetworking & Content DeliveryAWS Well-Architected Framework
Tags
AWS Identity and Access ManagementAmazon CognitoNetworking & Content DeliverySecurity
Language
English
Anthony
asked 3 months ago258 views
2 Answers
1
Accepted Answer

Hey Anthony, your looking then at some kind of reverse proxy to front your internal web server.

I'd say you have a a few options..

  1. Search AWS Marketplace for a 3rd Party product that you can deploy into your VPC
  2. Purhase, setup and install a 3rd Party product into your VPC like your NetScalers
  3. Use an AWS ALB with user authentication as such https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html This allows you to force users to authenticate with something like a OIDC Service or Amazon Cognito
profile picture
EXPERT
Gary Mclean
answered 3 months ago
  • Anthony
    3 months ago

    Thank you Gary... that gives me some options to look at. Much appreciated.

0

Hi,

With AWS, MFA authenticators are managed with IAM: https://aws.amazon.com/iam/features/mfa/

If you look at this page, you will see that both Google and Microsoft software authenticator for IOS and Android are supported.

To try them, please, follow this setup guidance: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html

Best.

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 3 months ago
  • Anthony
    3 months ago

    Thank you Didier. Unless I have misunderstood, your reply is more aimed at using MFA for users with access to the management console rather than users of my actual application?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content