Logo

dev-resources.site

for different kinds of informations.

Enhance DigitalOcean with AWS-Level SSM and SSO Features

Published at
8/21/2024
Categories
dohackathon
digitalocean
devops
security
Author
atoonk
Author
6 person written this
atoonk
open
Enhance DigitalOcean with AWS-Level SSM and SSO Features

If you’re anything like me, you appreciate DigitalOcean for its simplicity, cost-effectiveness, and ease of use. It’s an ideal platform for personal projects and smaller work-related tasks. However, as great as DigitalOcean is, it doesn’t offer some of the advanced features that larger cloud environments provide, like granular access control and integrated security with Single Sign-On (SSO) systems. These are the IAM and SSM capabilities that AWS users have come to rely on. But what if you could bring these powerful features to DigitalOcean without the added complexity or cost? That’s where Border0 comes in.

The Challenge: Bridging the Gap Between Simplicity and Security

DigitalOcean excels in user-friendliness and affordability, but when it comes to robust Identity and Access Management (IAM) and security controls, it falls short compared to giants like AWS and Google Cloud. Without built-in IAM, managing access to your Droplets (SSH), databases, or Kubernetes clusters using SSO credentials can be a bit of a headache. This often forces users to keep services more exposed than they’d like — especially in production environments where security is key.

The Solution: Bringing AWS-Like IAM and SSO Magic to DigitalOcean

That’s where Border0 steps in. With Border0, you can elevate your DigitalOcean workloads to meet the same security and access management standards that you’d expect from AWS or GCP — minus the headaches. Border0 provides you with the tools to control access to your DigitalOcean resources, whether it’s SSH access to Droplets, database connections, or Kubernetes clusters, all using your SSO credentials. Even better, this works seamlessly with resources in a private DigitalOcean VPC, giving you secure access without the need for a VPN.

Demo Time! 🚀

Sounds too good to be true? The best part is that it’s incredibly straightforward to set up and use. In the video below, we’ll guide you through an example that shows just how easy it is.

Setup in Minutes ⏱️

In the video, we kick things off by installing the Border0 connector from the DigitalOcean Marketplace as a 1-click Droplet. The entire setup takes about a minute — just enough time for the Droplet VM to boot and for you to click the Border0 login link. It’s fast, it’s simple, and it’s ready to go.

Once the connector is deployed, we can start securing access to a Droplet (SSH), a MySQL database, and a Kubernetes cluster. These resources are safely tucked away in a private VPC, shielded from the public internet. And yet, thanks to Border0, you can access them effortlessly using your SSO identity — no need to configure complex VPNs or jump through hoops.

SSH Access Example 🔐
In the demo, you’ll see how we access a DigitalOcean Droplet VM that’s been deployed in a private VPC. No VPN required — I’m logging in using my existing SSO account. This approach isn’t just convenient; it’s also secure, with all access tied directly to your identity, whether that’s a Gmail, GitHub, Azure, or even your corporate Okta account.

‍

Fine-Grained SSH Control 🛡️

But wait, there’s more! Border0 doesn’t just give you access; it lets you control access with precision. You can enforce detailed SSH-specific access policies, such as allowing SSH access only as the ubuntu user while disallowing SFTP and TCP port forwarding. This keeps your environment secure by limiting access to only what’s necessary, minimizing potential attack surfaces.

Database Access Example 🗄️

Next up in the demo, we’ll show you how to securely access a DigitalOcean-managed MySQL database using your SSO credentials. This database is hosted within the same private VPC, ensuring it remains isolated from the internet while still allowing seamless access. It’s like having the database right under your desk — without the risk of being wide open to the world.

And here’s a bonus: with Border0, any database becomes accessible through our web-based database client. This WebAssembly-based client runs entirely in your browser, so you can access your databases from anywhere, on any device, without needing to install extra software. All you need is your SSO account.

Identity-Based Database Policies 🎯

Just like with SSH, Border0 lets you enforce fine-grained access control for databases. You can define who has access to specific database schemas, what types of queries they can run, and even set conditions based on identity, network location, or time of day. It’s like having an SSO-based database firewall and VPN rolled into one, complete with full query recording for that extra layer of security.

Kubernetes Access Example 📦

Finally, we take a look at Kubernetes access. The video demo shows how to connect to your DigitalOcean Kubernetes cluster using kubectl. Even though the Kubernetes API is isolated from the internet, Border0 makes it feel like it’s right there at your fingertips, securely accessible with your SSO credentials.

As with the other examples, you can create policies specifying who has access to which Kubernetes namespaces and what actions they can perform. For instance, you can control who has permission to use kubectl exec. And with full session logs, you can see exactly what actions were performed on which resources, and for kubectl exec, you even get session recordings—perfect for keeping tabs on what’s happening in your clusters.

Wrap Up 🎯

With Border0, you get the best of both worlds: the simplicity and user-friendliness of DigitalOcean combined with the enterprise-grade security and access management features you expect from AWS or GCP. And the best part? You can set it all up in just a few minutes, thanks to the ease of a 1-click Droplet deployment. No complex VPNs or advanced configurations — just secure, streamlined access to your Droplets, databases, and Kubernetes clusters.

Whether you’re managing Droplets, databases, or Kubernetes clusters, Border0 makes it effortless to use your SSO credentials for secure access. You retain the simplicity and ease of use that makes DigitalOcean so popular, while gaining the advanced security controls typically found in more complex cloud environments.

You don’t need to be a security expert — Border0 and DigitalOcean together make it easy and pleasant to secure and manage your cloud infrastructure. Ready to enhance your DigitalOcean experience with Border0? Get started today for free and enjoy the best of both worlds: simplicity and security.

digitalocean Article's
30 articles in total
Favicon
Does anyone have experience deploying a #MERN application in production on a #DigitalOcean droplet, using a domain name from #GoDaddy, and setting up an email server with #Hostinger? I would appreciate any guidance or best practices for handling this setup
Favicon
Does anyone have experience deploying a MERN application in production on a DigitalOcean droplet, using a domain name from GoDaddy, and setting up an email server with Hostinger? I would appreciate any guidance or best practices for handling this setup
Favicon
CĂłmo Implementar una AplicaciĂłn Node.js en un Droplet de DigitalOcean y otra VM
Favicon
How to Deploy a Node.js App to DigitalOcean Droplet or Other Linux VM
Favicon
Seamless Nuxt 2 Deployment: A Step-by-Step Guide with GitLab CI/CD and DigitalOcean
Favicon
How to Set Up n8n on DigitalOcean with Docker and Caddy
Favicon
Como Implantar um Aplicativo Node.js em um Droplet do DigitalOcean e outra VM
Favicon
How to Change Local Storage Path in Laravel
Favicon
Enhance DigitalOcean with AWS-Level SSM and SSO Features
Favicon
Using Terraform to deploy a web site to a DigitalOcean droplet with Cloudflare
Favicon
[17/52] CloudInit, DigitalOcean and Terraform (a minecraft adventure)
Favicon
How to accessible multiple services via different domain or subdomain in DO droplet by Nginx
Favicon
Setting Up Cloudflare with DigitalOcean: A Step-by-Step Guide (2024)
Favicon
Setting up DigitalOcean Spaces for Django Media
Favicon
Deploy MERN Stack in Digitalocean (2024 version)
Favicon
How to Install Coolify with Docker Fix on Ubuntu 24.04
Favicon
The FastAPI Deployment Cookbook: Recipe for deploying FastAPI app with Docker and DigitalOcean"
Favicon
[07/52] Automated Deployment with Terraform and DigitalOcean
Favicon
Embarking on the Digital Ocean Journey: Unleashing the Power of CLI with doctl
Favicon
[06/52] Accessible Kubernetes with Terraform and DigitalOcean
Favicon
Deploying a Next.js Static Site on DigitalOcean's App Platform
Favicon
What Happened to DreamHost?
Favicon
Automate Your Database Changes with a CI/CD Pipeline
Favicon
Desplegando una aplicaciĂłn de ejemplo en App Platform de DigitalOcean con Terraform
Favicon
How to Build a CI/CD Pipeline for Your Database
Favicon
How to migrate a Mongo Database with Ansible Playbook
Favicon
Migrating PostgreSQL From Fly.io to Digital Ocean
Favicon
Hacktoberfest 2023
Favicon
Create and delete Digital Ocean droplet with curl
Favicon
Creating Your First Droplet - DigitalOcean Tutorials

Featured ones: