I don't see why not, but I do not know for sure.
Yes -- you would just have to setup the VPN to connect to AWS. an alternative option would be to confirgure the AWS security group -- which is terribly insecure by default -- to only allow connections on those ports from the public ip of the client. Users could then VPN to the office of the client and then be able to connect.
You can also setup and host your own VPN server on AWS - and allow that to see the FM Cloud server.
Running FM Cloud with the default AWS security group is far from secure no matter how you look at it.
I should have added... If they only have one office - then this is very simple. you setup a vpn tunnel from AWS VPC to their office, and then users either have to be in the office, or VPN to the office to be able to see the AWS FM Server.
FM's own documents don't suggest leaving it open to all of the internet. We setup site to site vpn between offices and aws. Of course -- this does throw the whole clientname.fmi.filemaker-cloud.com dns stuff out the window. We ditch that and use the ip address of the server.
FYI for those that are using active directory and run your own DNS servers -- FM Cloud breaks if you don't use the default AWS DNS servers for a VPC.
Thanks for all this info Mattel
I think there is stuff that I can work with there. The limiting by IP is not going to work as they have to work from lots of places. I have had experience with Sonic Walls. Using both the sonic wall "boxes" at the offices and then using a Sonicwall Global VPN if out and about. This was to allow access into an onsite server at the time. I assume AWS can be set up in a similar fashion.
I will do more digging and most likely call on professional help to get this side of things going. I will continue to develop the FileMaker solution in the meantime.
Sent from my iPhone
We use a different brand of firewall for site to site vpn - we were able to run a virtual machine version of it on aws -- this allows all offices to connect to aws through the vpn. I checked the market place, I didn't see a sonic wall vm though.
You can setup vpn end points in aws vpc - and then have that connect back to the branches - they cost like $.05 per hour, not sure how many locations. We found it wasn't cost effective vs running an instance that maintained the site to site tunnels.
There are lots of ways to set it up, whether you have users VPN to Branch and Branch VPN to AWS or just have users not in an office VPN to AWS.
The AWS security groups can still block out traffic from all but the private ip's in your VPC, or similar. If you want to see what's out there crawling AWS instances - Allow what you need, turn on logging, and review the denied access logs.