You can use our Host Groups feature to restrict user or group SSH access to subsets of your hosts. Host Groups can filter hosts by hostname, AWS Connection Name, AWS VPC ID, AWS Subnet ID, or AWS Tag. In order to use the AWS based matching features, you must connect your AWS account by adding your connection info here.
Each Host Group entry should represent a particular subset of your servers. As an example, you could create host groups for each environment -- one for your Production machines and another for your QA machines. You can also create host groups for machines by role -- one for your DB machines and another for your web machines. Each host group entry will use matching rules to grant user access to hosts as necessary. When a user is trying to access a host via SSH, Foxpass will check the Host Groups to see which Host Groups contain the host and then see if the user permitted to access machines in that Host Group. A host is considered a part of a Host Group if it matches any or all of the rules in the Host Group, depending on how you configure your rules. Regular expressions used for matching should be in Perl format.
Get started with Host Groups here:
In order for this feature to work, you must disable password authentication on your hosts and use only SSH key-based authentication.