A Unified Architecture for both Humans and Workloads to Access Private/Internal VPC AWS Resources behind NAT Scattered Across Multiple Regions as well as Protected Public Resources such as Protected S3 and Lambada Functions

A Unified Architecture to Provide Access to Private/Internal Resources of Any Type via Client-based Zero-Config Clients over WireGuard/QUIC Tunnels as well as via the Clientless BeyondCorp Mode for both Humans and Workloads

Provide Dynamic Secretless, Clientless Access to all your S3 Buckets, Lambda Functions and other AWS APIs without Managing, Distributing and Rotating AWS IAM identities.

Identity-based ABAC Access Control at the Application-layer (L7) (e.g. HTTP paths, methods and JSON body content using Identity-aware Proxies (IAPs) via Context-aware Policy-as-Code via CEL and Open Policy Agent (OPA)

Provide Passwordless Access to all PostgreSQL and MySQL-based RDS Databases to your Users without Managing and Sharing Passwords. Dynamically Force Database Users, Credentials and Route to different Databases based on User Identity as well as the Access Context using Policy-as-Code

Provide Unified Access to all your AWS Resources for your Workloads written in any Programming Language via Standard OAuth2 Client-Credentials Flow and Bearer Authentication without having to Use Special SDKs, Clients or Manage Different AWS IAM Identities and Credentials

A Scalable Platform Built on top of Kubernetes for Automatic Horizontal Scalability and Availability

Seamlessly integrate any OpenID Connect or SAML 2.0 SSO Provider (IdP) as well as GitHub OAuth2 and Provide Secure Access to all your Resources for your Teams at Scale. Force Strong MFA via FIDO2 Phishing Resistant Authenticators into Access Control to Sensitive AWS Resources.

Designed to be Administered like Kubernetes via DevOps/GitOps-friendly Centralized and Declarative Way. The Cluster is furthermore fully Programmable over gRPC.

OpenTelemetry-ready Layer-7 Aware, Real-Time Visibility and Auditing to Your Log Management and SIEM Providers