Problem Statement

Recently, our enterprise customers have brought up a new demand for tighter access control on workspaces. Whenever we provision workspaces, the agent opens a suite of connection options introducing unmonitored infrastructure access. This prevents Coder from managing compute with sensitive data or in a production context.

Customers want to continue using Coder for workspace lifecycle management, without the added side-door of features like coder ssh and port forwarding.

They would connect to these production workspaces via Teleport (or a similar interface), but nothing else (IDEs, web terminal, coder ssh, apps, ports). Teleport provides greater security and thorough logging than our connections.

Solution Ideas

A simple solution would be a template option to disable any user connections over ssh, ports, or coder_apps.

An alternative would be a suite of workspace access control governance, including:

• Full logging for coder ssh
• Option to disable coder ssh
• Option to disable port forwarding
• Option to limit which ports can be exposed/forwarded from the workspace
• Enforcing 2FA for access