I'm looking for guidance on architecting a more efficient development environment on AWS. Currently, I have dev machines running a web application behind a load balancer, but managing IP whitelisting has become tedious. My objectives are to integrate SSO with Authentik, use Spacelift and Terraform to provision new dev machines (ECS or EC2), and simplify access without relying heavily on static IPs. I'm exploring options like netbird, tailscales, hoop.dev, and others for networking, but I specifically need a solution that allows for dynamic provisioning of SSH/HTTPS access to user-dev boxes based on SSO provisioning. Any suggestions would be greatly appreciated as I'm feeling stuck on the best approach!
2 Answers
Have you considered using AWS Systems Manager (SSM)? It's a free service and could simplify your SSH access without exposing your machines more than necessary.
After digging into your requirements, it seems like utilizing SSM for SSH alongside a tool like ngrok could work well. With ngrok, you can create a secure tunnel for your web app while handling the dynamic configuration manually.
You might also want to check out alternatives like Cloudflare tunnels or pinggy.io for similar functionalities!
I think SSM might limit your HTTPS access to the web app though, which could be problematic if you're strict about database access and security.