How can I allow AWS Client VPN users access to the internet with a static public IP address?
Follow these instructions to create a NAT gateway and allow a Client VPN user to access the internet.
Note: Creating a NAT gateway results in additional AWS charges. For more information, see NAT gateway pricing.
1. Make sure the Amazon Virtual Private Cloud (Amazon VPC) has private and public subnets. To create an Amazon VPC and subnet, see working with VPCs and subnets.
2. Follow the instructions to create a NAT gateway with the public subnet. The NAT gateway is assigned an Elastic IP address. Note this example route table:
Route table for the public subnet associated with the NAT gateway:
0.0.0.0/0 Target destination Internet Gateway (IGW)
3. Associate the Client VPN endpoint with the private subnet. The private subnet has a route to the internet through the NAT gateway. Note this example route table:
Route table for the private subnet associated with the Client VPN endpoint:
0.0.0.0/0 Target destination nat-abcdbac(NAT Gateway)
4. Add a Client VPN endpoint destination route 0.0.0.0/0 or the destination's public IP address range on the Client VPN route table. For the target VPC subnet ID, select the private subnet from step 3. For more information, see create an endpoint route.
5. Add an authorization rule to enable access to the internet (0.0.0.0/0), or the specified public network IP address. For more information, see create a Client VPN authorization rule.
Using AWS Client VPN to scale your work from home capacity