West GovCLoud: workspace and aws console site can't be reached after authenticated in AWS Client VPN

Hello, Any advice would be appreciated.

We recently set up AWS Client VPN in GovCloud west, when traffic is routed through AWS Client VPN we can't access AWS console site or workspace. The rule in VPN route table is open to 0.0.0.0/0 and the same with an authorization rule. This doesn't make any sense because the traffic is wide opened and we can access other internet site and internal VPC resource.

We also tried setting up a split tunnel and directing all traffic to AWS console and workspace via the AWS VPN only with the below IP ranges. This was working as off last week and we were able to access the workspace and AWS console site for govcloud west. Then this week it no longer works.

Thank you in advance.

cvpn-endpoint- Active 172.31.0.0/16 subnet- Nat associate Default Route cvpn-endpoint- Active 3.30.129.0/24 subnet- Nat add-route – cvpn-endpoint- Active 3.30.130.0/23 subnet- Nat add-route – cvpn-endpoint- Active 3.32.139.0/24 subnet- Nat add-route – cvpn-endpoint- Active 34.223.96.0/22 subnet- Nat add-route us-west cvpn-endpoint- Active 18.254.148.0/22 subnet- Nat add-route goveast cvpn-endpoint- Active 15.200.0.0/16 subnet-Nat add-route – cvpn-endpoint- Active 52.61.0.0/16 subnet- Nat add-route – cvpn-endpoint- Active 3.30.0.0/15 subnet- Nat add-route wsp