Client VPN Security Groups rule for Client CIDR



Im trying to restrict access to certain aws resources. Below is my scenario

  1. Client connects to Client VPN and gets assigned a from client CIDR
  2. Created SG to allow HTTP (port 80) from source CIDR
  3. Assign SG to ec2 instance and VPN Client endpoint

*To add, I have authorization rule in my VPN client to allow access to which is my VPC CIDR.

Result: Client cannot access resource even when connected to Client VPN

But when my SG is set to allow HTTP (port 80) from source CIDR then access is properly granted.

I was under the assumption that when I connect to the client VPN, I will be assigned an ip from the Client CIDR which is and when I try to access protected AWS resources, the SG will grant/deny based on this.

Did I mis-configure anything?


1 Answer


Please take a look at this Knowledge center article.

profile picture
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions