AWS Client VPN - Notification of new client connection to another AWS service (e.g. Lambda)?

Question

Hi,

I'd like a Lambda function to be notified when a new client connects to our AWS Client VPN endpoint so that it can take some action to update our private hosted zone in Route53. Is there any way to send a notification from our AWS Client VPN endpoint to Lambda either via SNS or Eventbridge?

Many thanks in advance.

Accepted Answer

I've been able to find my own solution that I think will work:

1. Setup connection logging from Client VPN endpoint to Cloudwatch Log Group. (https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/connection-logging.html)
2. Setup Lambda function that gets triggered when a new connection log event comes into the CW log group with the value for the 'connection-attempt-status' key set to 'successful' (https://aws.amazon.com/blogs/mt/get-notified-specific-lambda-function-error-patterns-using-cloudwatch/)
3. Have the Lambda function do what it needs to do with the connection info (e.g. take the 'Client IP' key and update Route53).

So essentially, the flow is:

Client VPN Connection Log -> Cloudwatch -> Lambda (via CW log stream subscription) -> Route53.

Any better suggestions welcomed!

AWS Client VPN - Notification of new client connection to another AWS service (e.g. Lambda)?

関連するコンテンツ