Restrict AWS Client VPN Access

Question

We already have a AWS Client VPN Setup, which is working as expected.

My On Prem team is able to connect with AWS Client VPN and access Cloud Resources.

Now my management wants to restrict AWS Client VPN access from our corporate office only.

I tried it by making changes to Security Group associated with my AWS Client VPN endpoint by allowing only access from our corporate office CIDR. But when I tested, it is not working as expected, my other team members was able to access the EC2 over VPN from outside our on-premises network.

Even I tried keeping the entire in-bound rule as blank, but still I was able to SSH into my EC2 instance.

Is there a way, to restrict access for AWS Client VPN, so that it is accessible only from my corporate office, or a way to restrict that the traffic going from VPN should only be from my on-premises network.

Riku_Kobayashi · Accepted Answer

Hello.

By enabling the client connect handler and creating a Lambda that rejects connections other than a specific public IPv4 address, you can limit connections to only those from the office.  
https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/connection-authorization.html

Restrict AWS Client VPN Access

添加回答

相关内容