By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Client VPN - Notification of new client connection to another AWS service (e.g. Lambda)?

0

Hi,

I'd like a Lambda function to be notified when a new client connects to our AWS Client VPN endpoint so that it can take some action to update our private hosted zone in Route53. Is there any way to send a notification from our AWS Client VPN endpoint to Lambda either via SNS or Eventbridge?

Many thanks in advance.

Topics
Networking & Content DeliveryServerlessComputeApplication Integration
Tags
Amazon VPCAWS LambdaAmazon EventBridgeAmazon Route 53AWS Virtual Private Network (VPN)
Language
English
cgddrd
asked 2 years ago483 views
1 Answer
0
Accepted Answer

I've been able to find my own solution that I think will work:

  1. Setup connection logging from Client VPN endpoint to Cloudwatch Log Group. (https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/connection-logging.html)
  2. Setup Lambda function that gets triggered when a new connection log event comes into the CW log group with the value for the 'connection-attempt-status' key set to 'successful' (https://aws.amazon.com/blogs/mt/get-notified-specific-lambda-function-error-patterns-using-cloudwatch/)
  3. Have the Lambda function do what it needs to do with the connection info (e.g. take the 'Client IP' key and update Route53).

So essentially, the flow is:

Client VPN Connection Log -> Cloudwatch -> Lambda (via CW log stream subscription) -> Route53.

Any better suggestions welcomed!

cgddrd
answered 2 years ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content