VPN
Last updated: Mar 2, 2026
Rationale
VPN (Virtual Private Network) is the cloud-based solution for virtual private networks we use. The main reasons why we chose it over other alternatives are the following:
- It allows us to connect to our client private networks in a decentralized manner.
- It directly connects to our AWS VPC, allowing other AWS services like AWS Batch to reach our client private networks.
- Resources can be written as code using Terraform.
- It supports AWS Client VPN, which allows our hackers to reach both our AWS VPC and client private networks from their local machines.
- It supports SAML authentication using Okta.
- It supports DNS resolving using AWS Route53.
Alternatives
- On-premise router: Before using VPN, we used to connect all our client virtual networks to our Medellín office router. Such approach had several disadvantages, being lack of accessibility, scalability and reproducibility some of the biggest.
- OpenVPN Cloud: It is a SaaS VPN solution. It didn't have a Terraform module, which impacted reproducibility and traceability. Overall complexity was also higher as it required to integrate our AWS VPC using stateful EC2 runners, plus also connecting all our client endpoints to it.
Usage
We use VPN for
- using AWS Batch to connect to our clients' private networks in order to access their source code repositories;
- allowing hackers to connect to our clients' private environments for executing DAST;
- allowing developers to connect to our AWS VPC for debugging and development purposes.
Guidelines
Accessing the VPN
You can connect to the VPN and gain access to our AWS VPC and clients' private networks. In order to do so, you need to:
- Go to the VPN Self-Service portal:
- Log in with your Okta credentials.
- If you do not have enough permissions, please contact help@fluidattacks.com.
- From the portal:
- Download the VPN client configuration.
- Download and install the AWS Client VPN for your operating system.
- Open the AWS Client VPN and import the downloaded configuration.
- Connect to the VPN.
Free trial: Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.