All posts
September 5, 20251 min read

Break-Glass Access in a VPC Private Subnet

The alert came at 2:13 a.m. A critical system deep inside a VPC private subnet had gone dark. No jump host. No public route. No direct SSH. Someone needed break-glass access, now. Break-glass access in a VPC private subnet is not just a convenience—it’s survival during an outage. The challenge is simple to describe yet hard to solve: how to grant temporary, secure, auditable access to private resources without exposing them to the public internet. A proxy deployment becomes the tool of choice,

Free White Paper

Break-Glass Access Procedures + Just-in-Time Access: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

The alert came at 2:13 a.m.

A critical system deep inside a VPC private subnet had gone dark. No jump host. No public route. No direct SSH. Someone needed break-glass access, now.

Break-glass access in a VPC private subnet is not just a convenience—it’s survival during an outage. The challenge is simple to describe yet hard to solve: how to grant temporary, secure, auditable access to private resources without exposing them to the public internet. A proxy deployment becomes the tool of choice, but only if it’s built for speed, isolation, and zero lingering threat.

The first step is to anchor the proxy inside the same private subnet as the target resources. No public IPs. Attach only to internal routing. Layer a secure tunnel on top, authenticated with short-lived credentials. Then ensure that all ingress is shut once the session ends. This is break-glass: everything is ephemeral, everything is logged, nothing stays open.

Continue reading? Get the full guide.

Break-Glass Access Procedures + Just-in-Time Access: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Deployment should be automated. Consider infrastructure templates for spinning up the break-glass proxy in seconds. Use IAM policies to lock its scope to the minimum set of actions and resources. Enforce multi-factor authentication at the entry point. Route all traffic through the proxy so there is a single path to monitor, record, and tear down.

Audit trails matter. Log every command, every packet, every credential use. Store these logs outside the VPC for post-incident review. This closes the loop between security and operations. Permanent access leads to drift and risk; break-glass mandates zero persistence.

A VPC private subnet proxy deployment for emergency access has to be repeatable and disposable. The blueprint is straightforward:

  • Launch inside the private subnet.
  • Use controlled ingress via a trusted bastion or secure tunnel.
  • Apply least privilege IAM with timed sessions.
  • Monitor and log all activity in real time.
  • Destroy the proxy the moment the work is done.

This isn’t theory—it’s a build pattern you can put in place before the next incident. Break-glass access in a VPC private subnet is not optional in high-stakes systems. When you get the call in the early morning hours, you need more than a plan. You need a button to press.

You can see this live in minutes with hoop.dev.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts