Amazon Web Services Inc. today made its AWS Verified Access cybersecurity service generally available.

The service, which made its debut at AWS re:Invent 2022 last November, was previously in preview. It’s rolling out into general availability with a number of new features that weren’t included in the original release.

Companies can use Verified Access to power the login menu of their internal applications. When employees enter their login credentials, the service checks if they’re correct and approves or rejects each access request accordingly. It can also make application access conditional on other factors, such as whether a worker is signing in from a secure device.

Companies historically used virtual private network, or VPN, tools to facilitate employee access to applications. Such tools can be difficult to manage for administrators and offer relatively limited cybersecurity features. Verified Access removes the need to use VPN software.

The service is launching into general availability with a new integration for AWS WAF, the cloud giant’s web application firewall. Verified Access uses the firewall to prevent malicious traffic from reaching a company’s workloads. AWS WAF blocks SQL injection attempts, cross-site scripting attacks that attempt to infect an application with malicious code and other common threats.

“Using AWS WAF rule statements, you can provide matching criteria and the action to take on matches, including permitting or blocking the traffic,” AWS executives Riggs Goodman and Shovan Das explained in a blog post. “AWS WAF permits or blocks the traffic before handing the traffic over to Verified Access for an endpoint policy evaluation.”

The firewall also enables organizations to monitor the user traffic sent to their applications. According to AWS, traffic logs can be sent to third-party observability platforms for analysis. Verified Access integrates with observability platforms from IBM Corp., New Relic Inc., and a number of other software makers.

The other new feature AWS has added to the service is support for signed identity context. According to AWS, the addition will enable companies to enhance their applications’ user experience while improving security.

There are cases where accessing a service requires logging in not once but twice. First, workers enter their login credentials into the cybersecurity module that protects the application from hacking attempts. Then, they have to separately sign into the application itself.

Verified Access’ newly added support for signed identity context will streamline the process. The feature allows workers to access applications by entering their login credentials only once. Moreover, it enables applications to block unauthorized login attempts even if a technical issue makes a company’s Verified Access deployment temporarily unavailable.

“Verified Access now supports passing signed identity context to your application endpoints,” Goodman and Das wrote. “The signed context allows the application to verify cryptographically that Verified Access has authenticated the request.”

Image: AWS