AWS VPN monitor
so far my company uses the aws client vpn, which is authenticated through the google workspace saml. the user's vpn access is authenticated by his/her google mail, is anyway I can track the user's behavior, like which aws resource he/she access or modified? is any software or service i can levelrage?
I appreciate you thoughts.
Have you already looked into CloudTrail events? https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/monitoring-cloudtrail.html
"When activity occurs in Client VPN, that activity is recorded in a CloudTrail event along with other AWS service events in Event history."
Remember that CloudTrail only supports 90 days in the dashboard by default, and if you need to retain a longer period then you should look into CloudTrail Trails (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html) or integrate CloudTrail with your SIEM solution.
I hope this helps!
AWS VPN monitorasked 7 months ago
Client VPN access to VPCasked a year ago
Access Documents hosted behind the VPN via google viewerasked 4 months ago
How to connect Workspace (Windows 10) to L2TP/IPSec VPN serverasked 22 days ago
Using client vpn with Okta, session re-authenticates multiple times throughout the dayasked 3 months ago
AWS Client VPN CertsAccepted Answerasked 3 years ago
Is possible to set up the BGP pass on a S2S VPN connectionAccepted Answerasked 2 months ago
AWS client vpn selfserviceasked 4 months ago
can I prevent Client VPN from setting the hostname on the client machine?Accepted Answerasked a year ago
What Username do AWS VPN Client need when using password-encrypted private key certificate?asked 3 months ago