My work has given me a remote windows desktop to use, that I access using AWS.
Through this windows desktop (accessed via a chrome web-browser), I can SSH into a compute node to do work.
I dont actually need this virtual desktop, I’d rather just SSH from my local machine directly to the compute node, using the remote desktop’s network without having to spawn the desktop itself.
Ive been reading up about SSM agents[0] as a solution, but am unsure if I have the priveledges to do this myself.
Is this something I can easily do using the AWS credentials that I have?
Maybe ask your work before you get fired?
I have, but the IT dept either willfully misinterprets my request, or does not actually know. No judgement from my side, as I am also uncertain.
My plan is to find a solution that complies with their security standards (i.e. through AWS’s authentication spec), but allows me a VPN/SSH style passthrough.
Maybe ask them to provide you with a Linux cli only bastion? Then you’ve got a lot of options, it costs almost nothing, and it’s even better security wise.
I think SSO is your best bet, if you use identity center.
Most likely using workspaces and the reason for it is to stop the very thing they are trying to do to keep data from directly leaking out of their network. If they had a Linux desktop workspace if they opened the ssh port on the workspace Eni you could do that but that would send up all kinds of security alerts.
I’m not sure what you use by workspaces, I haven’t touched windows in a while.
Wouldn’t a bastion with SSO do the same thing? In both cases OP needs to pass AWS based security checks in order to ssh from the bastion instance. And both options can be locked down by enterprise standards.
Workspaces is an AWS service that creates desktops that can be used via a workspace client or through the web browser like guacamole project. It’s main feature is the data stays in AWS not on local hardware.