Skip to main content

Apache Guacamole for AWS

Guacamole is a browser based remote access tool that provides easy access to hosts in all your VPCs, across accounts and regions. Access to Windows desktops (RDP), Linux terminals (SSH) and Kubernetes Pods is supported. No client software needed, a modern browser is all you need. This also enables administrators in corporate environments behind restrictive proxies to access remote servers on AWS.

info

Now with support for SAML 2.0 and Amazon Cognito for a seamless single sign-on experience. With Amazon Cognito, your users can sign in through self-registration, social identity providers such as Apple, Google and Facebook or through enterprise identity providers such as Microsoft Active Directory via SAML or OpenID. Learn more

For direct integration with a SAML 2.0 compliant identity provider such as Azure Active Directory, follow the instructions in our dedicated SAML 2.0 guide.

Connections RDP

This product ships with version 1.4.0 of the popular open-source HTML5 RDP and SSH client Apache Guacamole (http://guacamole.apache.org/) and GuAWS, an agent that queries your AWS environment to automatically discover running instances. GuAWS is continuously scanning your VPC for new instances using the AWS API. It also scans across VPC, account and regional boundaries where VPC Transit Gateways or VPC Peering Connections are used. Your servers are organized by VPC and security group which makes it easy to find the right instance and manage access. Additionally, connections opened by users are logged to CloudWatch Logs.

A user management system provides fine grained access control to individual groups or instances. More details can be found at http://guacamole.apache.org/doc/gug/administration.html#user-management. Single sign-on authentication can easily be added through SAML 2.0, Amazon Cognito or other OpenID Connect compliant providers such as Auth0, Okta or Duo. Multi-Factor authentication is provided by the built-in TOTP plugin that works with Google Authenticator or similar apps. Detailed instructions can be found in the Authentication section.