All posts
September 8, 20251 min read

AWS CLI Remote Access Proxy: Securely Connect to Private AWS Resources Without a VPN

AWS CLI remote access proxy changes how you connect. No more juggling SSH keys, bastion hosts, or writing brittle scripts. With the right setup, you run aws commands from anywhere, through a secure proxy layer, as if you were inside the VPC. The proxy takes your CLI calls, routes them through a controlled endpoint, and returns results instantly. It starts with configuring AWS Systems Manager Session Manager and enabling a port-forwarding proxy. Attach the right IAM policy to your user or role:

Free White Paper

Database Access Proxy + VPN Access Control: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

AWS CLI remote access proxy changes how you connect. No more juggling SSH keys, bastion hosts, or writing brittle scripts. With the right setup, you run aws commands from anywhere, through a secure proxy layer, as if you were inside the VPC. The proxy takes your CLI calls, routes them through a controlled endpoint, and returns results instantly.

It starts with configuring AWS Systems Manager Session Manager and enabling a port-forwarding proxy. Attach the right IAM policy to your user or role: access to ssm:StartSession, ssm:StartPortForwardingSession, and the target instances. Once that’s in place, the AWS CLI can connect directly to private EC2 instances, databases, and services without ever exposing them to the public internet.

For many teams, the biggest win with an AWS CLI remote access proxy is the collapse of complexity. Instead of maintaining ephemeral SSH tunnels, you declare your target, start the proxy, then run commands. This works for databases, APIs, internal tools—anything reachable from the instance you connect through. Add layered IAM rules and you get secure, auditable, temporary access by default.

Continue reading? Get the full guide.

Database Access Proxy + VPN Access Control: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Speed matters. So does security. The AWS CLI remote access proxy approach offers both. You can connect across accounts, regions, and environments without scattering credentials or juggling context switches. Scripts run faster because they skip network gymnastics. Security teams like it because access is logged, time-bound, and built into the AWS stack.

The technical pattern is straightforward:

  1. Enable Session Manager in your environment.
  2. Grant least-privilege IAM access to start sessions and port forwarding.
  3. Use the CLI to open a proxy session targeting an instance with the right network reach.
  4. Point your local command or script to the local port tunneled through the proxy.

You can wrap it in automation or keep it lightweight for ad-hoc troubleshooting. Either way, it scales with your infrastructure and reduces both surface area and friction.

You don’t need a massive DevOps sprint to get this running. You can see an AWS CLI remote access proxy live in minutes with hoop.dev—and start commanding private AWS resources securely, without the mess.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts