Connect Command

Astra's connect command is designed to provide an easy way for you to connect to internal services.

It's important to understand that Astra's connect command is NOT a VPN. This means that your traffic will follow normal internet routes to reach its destination. Consequently, any activity conducted without a secure protocol could potentially be intercepted by an intermediary.

Therefore, when using Astra's connect command, you should always use secure methods to interact with your target service. For example, you can access a web service via HTTPS (which is automatically configured for you through astra service) or connect to a PostgreSQL database via psql using sslmode=require.

Why would we ever use the connect command?

As an example, let's say we just brought up a new service within our staging environment. Typically our staging environment isn't meant for public consumption and may not have gone through the rigorous processes around it being exposed to the world wide web.

But we still need the ability to test and operate on staging. The long term goal here is to set up a VPN such that we can communicate with staging privately. In the short term though we can just give our IP address temporary access and communicate with staging using HTTPS so we know our traffic is secure.

Hole punching made easy

Let's access our staging environment with a simple Astra connect command:

~|⇒ astra connect permit staging
!! Removed old rule for 82.72.149.211:443
✓ Added new rule for 82.72.149.211:443
✓ Rules updated successfully! Here are some important reminders:
!!  • Your access will be revoked 8 hours after it is granted.
!!  • Astra connect is NOT a VPN. Always use secure methods for connecting to services accessed through this tool.
!!  • Ensure secure connections when accessing databases and other services.