The company I work for is small (6 employees) and we had a single office with a single static outward facing IP address. I would then whitelist that single IP address for things like AWS and client databases that we needed to connect to. With the whole office now working from home, if anyone needed to connect to something, they would VPN into the office network then be good to go.
Now the company owner has decided we all work well enough from home, that we are going to get rid of the office. But we still need to connect to several outside websites (some of which we don’t directly control).
While I could get everyone’s home IP address whitelisted in the short term, it would be a huge pain to deal with in the long term.
What I ideally need is some kind of virtual office network to VPN into and then use the IP address of that virtual network as the one being whitelisted. However I have no idea how to go about finding such a thing.
My ideas are either renting server space at a company like www.tierpoint.com, getting a static IP for just us and then setting up a VPN system to that server. Or finding a VPN company that can do the same for us (ideally this as it would be easier to let someone else handle setting everything up).
Someting like Palo Alto Prisma Access would be a great solution, but probably overkill for the size of your business.
Some options that come to mind:
You can run a virtual firewall (fortinet, palo alto, cisco, etc) on AW and host VPN service from there. This essentially be creating a dedicated Virtual Private Cloud to not only provide VPN service for your users but protect your cloud resources with a NGFW. Also, if done with split-tunneling instead of full-tunnel, I think you may be able to reduce your egress costs since the users will be landing inside AWS and connecting to your other resources on AWS. I’m not 100% certain that’s how it works though, so I would need a fact-check on this.
If you don’t care about creating a VPC and using a NGFW, you spin up something like openvpn on there. At the same token, you could also see if you save costs by not going Cloud to Cloud but using the same cloud provider where most of your clour resources are.