AWS announces preview of AWS Interconnect - multicloud

AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.

Restrict AWS Client VPN Access

We already have a AWS Client VPN Setup, which is working as expected.

My On Prem team is able to connect with AWS Client VPN and access Cloud Resources.

Now my management wants to restrict AWS Client VPN access from our corporate office only.

I tried it by making changes to Security Group associated with my AWS Client VPN endpoint by allowing only access from our corporate office CIDR. But when I tested, it is not working as expected, my other team members was able to access the EC2 over VPN from outside our on-premises network.

Even I tried keeping the entire in-bound rule as blank, but still I was able to SSH into my EC2 instance.

Is there a way, to restrict access for AWS Client VPN, so that it is accessible only from my corporate office, or a way to restrict that the traffic going from VPN should only be from my on-premises network.

Sujets: Réseaux et diffusion de contenu
Balises: Client VPN AWS Amazon VPC Groupe de sécurité Réseaux et diffusion de contenu
Langue: English

Shivkumar

demandé il y a un an989 vues

1 réponse

Le plus récent
Le plus de votes
La plupart des commentaires

Réponse acceptée

Hello.

By enabling the client connect handler and creating a Lambda that rejects connections other than a specific public IPv4 address, you can limit connections to only those from the office.
https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/connection-authorization.html

EXPERT

Riku_Kobayashi

répondu il y a un an

EXPERT

Oleksii Bebych

vérifié il y a un an

EXPERT

Gary Mclean

vérifié il y a un an

Shivkumar
il y a un an
Thanks Riku for the prompt response, allow me to check this implementation and get back to you.
Shivkumar
il y a un an
Hello Riku, it is working as expected, but one small question, then what is the use of the firewall associated with the AWS Client VPN? Which traffic it is controlling?
Riku_Kobayashi EXPERT
il y a un an
It may be used to control which AWS resources a user can access as described in the following documentation: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/security-best-practices.html

Use security groups to control which resources users can access in your VPC. For more information, see Security groups.

Contenus pertinents

account is currently blocked and not recognized as a valid account
Yves Boah
demandé il y a 3 ans
My account is not recognized
juan ortega
demandé il y a 3 ans
AWS Blu Age Go live-Test application-test online
Amina
demandé il y a 9 mois
L3 Troubleshooting Workshop - Error when trying to increase the size of the Application settings VHD
Amina
demandé il y a 10 mois
Pourquoi ma connexionAWS Site-to-Site VPN a-t-elle le statut DOWN IPSEC UP alors que la passerelle client est ACTIVE ?
AWS OFFICIELA mis à jour il y a 3 ans
Comment utiliser l'AWS CLI pour configurer un VPN client ?
AWS OFFICIELA mis à jour il y a 2 ans
Comment les utilisateurs Client VPN peuvent-ils obtenir une adresse IP statique afin d'accéder à Internet ?
AWS OFFICIELA mis à jour il y a 2 ans
Comment résoudre les enregistrements de ressources dans ma zone hébergée privée à l'aide du VPN client?
AWS OFFICIELA mis à jour il y a 3 ans

Restrict AWS Client VPN Access

Ajoutez votre réponse

Contenus pertinents