// Replace the content in <>
// Briefly describe the software. Use consistent and clear branding. 
// Include the benefits of using the software on AWS, and provide details on usage scenarios.

After you deploy this Quick Start, access to EC2 instances is authenticated and authorized through an Okta single-sign-on workflow. This workflow, which can provide contextual multi-factor authentication, mitigates the risk of credential theft and misuse. It also reduces the need to wrap additional controls and management layers around secrets.

Specifically, the {partner-product-short-name} Quick Start provides a mechanism for managing the lifecycle of local EC2-instance user and group accounts and their machine-level permissions. These things are sourced directly from the https://www.okta.com/products/[Okta Identity Cloud^]. When you use {partner-product-short-name} as your authentication mechanism to EC2 instances, you don't rely on static credentials to log in. Instead, Okta uses a dynamic, ephemeral, one-time access token that ties directly to the user's least-privileged access profile in the central Okta identity database.  

You can access Linux EC2 instances using Secure Shell (SSH) or Windows EC2 instances using Remote Desktop Protocol (RDP). By default, this Quick Start sets up SSH access to Linux EC2 instances. An EC2 security group is created with TCP port 22 traffic allowed from the bastion security group. If you want to use RDP and Windows, deploy an EC2 instance running Windows into one of the public subnets. Then, add the instance to the bastion security group, and update the target security group to allow port 3389 traffic from the bastion security group.