Deep dive into managing and securing Apple environments with AWS and Jamf

In this JNUC session, AWS’s Dave Siederer, Sr. Specialist Solutions Architect, EC2 Mac, and Mayak Gupta, Technical Account Manager discuss how to use a EC2 Mac with AWS and provide a demo of AWS Verified Access.

September 21 2023 by

JNUC sponsor AWS

Creating an EC2 Mac instance

Amazon EC2 Mac instances allow customers to run cloud-based, on-demand macOS workloads. With Jamf, you can secure and manage these devices with your existing tools and MDM profiles.

Siederer shows us a demo of how to create an EC2 instance in the AWS console, providing more detail in the session. First, you must create a dedicated host:

  1. Select EC2
  2. Navigate to Dedicated Hosts
  3. Select Allocate Dedicated Hosts and fill/enable out the:
    1. Name tag
    2. Instance family
    3. Instance type
    4. Availability zone
    5. Instance Auto-placement
  4. Hit allocate

The dedicated host has been allocated. Next, you can launch the instance:

  1. In the instances tab, select Launch instances
  2. Choose the number of instances
  3. Fill in the name of the instance
  4. Select the application, OS image and image architecture
  5. Create or use a preexisting SSH key pair
  6. Configure network settings, storage and applicable advanced details
  7. Launch the instance

From here, you can SSH into the instance.

AWS Verified Access

In this part of the session, Gupta explains what AWS Verified Access is and shows us an example of how to set it up. The main components of AWS Verified Access are:

  • Fine-grained, dynamic authorization with centralized, per-app policies evaluated with every request
  • Improved observability for faster incident response, audits and compliance requirements
  • Integration with your existing security services, including popular identity and device trust providers

AWS Verified Access improves an organization’s security posture by reducing the risk of lateral movement, the end-user experience by providing access across all apps and devices, and simplifies operations with centralized, streamlined policies.

AWS Verified Access integrates with a variety of trust/network providers and SIEM providers — particularly IAM Identity Center and any OpenID Connect provider for identity management, and Jamf and Crowdstrike for on-device trust providers.

Gupta shows a demo of how you can set up AWS Verified Access. In his example, he uses AWS IAM Identity Center as the IdP and Jamf as the device trust provider, with the domain certificate in AWS Certificate Manager. To achieve appropriate role-based access, he:

  1. Integrates the trust providers
  2. Creates a Verified Access instance with a group for each application
  3. Creates an endpoint for each application within each Verified Access group
  4. Defined a group-level policy

From here, users were able to access their approved application. Watch the session for more details.

Register for JNUC to access this session as well as others on demand.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.