Twingate Architecture:
Benefits:
1.) Unlike OpenVPN, which requires exposing your VPN EC2 asset to a public subnet, Twingate connectors do not require an inbound security group.
2. Another benefit is that the network is controlled by groups, so you don’t need separate logins for each account. Log in once, and if you have the correct resource permissions set up, you can access everything you need.
Deployment:
There are several options for deploying a connector. The documentation is really good. You can deploy via Kubernetes, CloudFormation, or Terraform.
We rolled our own CDK stack that deploys the AMI, AWS Secret, and maintenance schedule with an SSM document to perform the updates. This allowed us to deploy it once and basically forget about it as it updates itself. Since we deploy it in two AZs, it rarely ever has an outage.
For more information, I highly recommend their documentation ->
Comments are closed