- Newest
- Most votes
- Most comments
Hello, You can configure the WorkDocs IP Address Access to only allow WorkDocs to be accessed from a specific list or range of IP address[1]. This can be completed in the WorkDocs Admin Console. You can select the IP address ranges from which you wish to provide access to and specify the ranges for your CVPN tunnel.
There is a public documentation on "Managing site settings”[2] and see the section titled "IP Allow List" to configure this.
[1] Amazon WorkDocs Now Lets You Control IP Address Access to Your Site - https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-workdocs-control-ip-address-access/
[2] Managing site settings - https://docs.aws.amazon.com/workdocs/latest/adminguide/manage-sites.html
Regarding your CVPN configuration query The Public IP assigned to CVPN will be used to connect the user end to CVPN end-point and not to NAT the user traffic towards WorkDocs subnet. You need to allow VPC CIDR range into the WorkDocs IP address Access list.
In order to get proper resolution for your use case we require details that are non-public information. Please open a support case with AWS using the following link. https://console.aws.amazon.com/support/home#/case/create
Relevant content
- asked 7 months ago
- asked 18 days ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 2 years ago
Thank you very much. So #1 I did already do that. In this case my VPC subnet would be the private address range? Is that what you mean? So my Client VPN profile should have split tunneling enabled, correct?
And beyond that my CVPN endpoint should have a route for the VPC CIDR as a Destination CIDR in the route table? And then a route to the internet? With that in place from your description it should work because the public IP the CVPN is using won't be used to access the WorkDocs site but the VPC CIDR range will be, so with that whitelisted it should work?
I tried opening up a ticket on this, but it seemed to confused Support. I did open it under the Client VPN service, but they kept getting tangled up on the WorkDocs part of my question.