My Saved Presets
You must be logged in to view saved presets
Security Controls
Service Control PoliciesConfig RulesCloudWatch Alarms and Event RulesCloudFormation Guard RulesLogging & Monitoring ConfigurationsBackups & DRAuto Remediation RulesConformance PacksBilling and Cost ManagementS3 Bucket PoliciesSecurity Groups & NACLsIAM PoliciesVPC Endpoint Policies
AWS Services
VPC Security ControlsEC2 Security ControlsIAM Security ControlsS3 Security ControlsRDS Security ControlsOpenSearch/Elasticsearch Security ControlsEFS Security ControlsRoute53 Security ControlsAmazon DynamoDB & DAXECR Security ControlsEMR SecurityLambda SecurityCloudFormation SecurityCodeX Security ControlsCloudFront SecurityAWS Certificate Manager (ACM) SecurityAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieAWS WAF & ShieldAWS Secrets ManagerAWS Systems ManagerAWS KMSAWS SSOLoad Balancers & Auto ScalingRDS Event SubscriptionsAWS Resource Access Manager (RAM)Amazon ECSAmazon EKSAmazon API GatewayAWS AppConfigAmazon AppFlowAWS App MeshAWS App RunnerAWS AppSyncApplication Auto ScalingAmazon AthenaAWS BatchAWS Billing ConductorAWS Clean RoomsAWS SNSAWS SQSAWS Service DiscoveryAWS Step FunctionsAWS CloudTrailAWS ConfigAmazon EventBridgeAWS CloudWatchAWS CognitoAmazon ConnectAWS GlueAWS Data Pipeline & Data SyncAmazon DetectiveAWS DevOps GuruAmazon DocumentDBAmazon ElastiCacheAWS Elastic BeanstalkAmazon FSxAmazon MQAmazon PrometheusAmazon CassandraAmazon FinSpaceAWS Fault Injection SimulatorAmazon GameLiftAWS Global AcceleratorAmazon GrafanaAWS IoT GreenGrassAWS IoT ServicesAWS Ground StationAmazon IVS (Interactive Live Streams)Amazon KinesisAWS LakeFormationAmazon LookoutAmazon Managed BlockchainAWS Media ServicesAWS Managed Apache AirflowAWS OpsWorksAWS OrganizationsAmazon PersonalizeAmazon QLDBAmazon RedshiftAmazon RekognitionAWS Resource ExplorerAWS Resource GroupsAmazon Lex & AlexaAWS RoboMakerAmazon SageMakerAWS Service CatalogAmazon SESAWS SimSpace WeaverAWS Support AppAWS TransferAWS X-RayAWS AmplifyAWS AppstreamAWS Audit ManagerAmazon BedrockAWS Cloud9AWS CloudHSMAmazon NeptuneAmazon Quicksight
Reference Guides
AWS Account Setup GuideEC2 Security StrategyS3 Security StrategyLogging & Monitoring Strategy Guide
Configuration Packages
Guided Walkthroughs

Client VPN Endpoint

Configuration template to set up an AWS Client VPN including the Client VPN Endpoint, VPN Authorization Rules and VPN Routes. The template includes the option to configure authentication, VPC and network settings, and more. 

This template includes the following options:

  • VPN Port and Transport Protocol
  • Client CIDR Block: The IPv4 address range, in CIDR notation, from which to assign client IP addresses
  • VPC Id, Subnet Ids, and Security Groups to specify the location of the VPN endpoints and associated security group rules
  • Server Certificate Arn: The ACM certificate ARN that will be used for the server 
  • Authentication Types (You can select one authentication method or a combination of mutual authentication with a user-based method):
    • Mutual (Certificate) Authentication
    • Directory Service Authentication
    • Federated Authentication
  • DNS Servers if you want to configure DNS servers for the clients to use (otherwise the local DNS servers on the client machines are used)
  • Split Tunneling to control which client traffic is forwarded to the VPN tunnel
  • Self-Service Portal to enable a portal that allows users to download the latest version of the AWS provided client and the latest version of the Client VPN endpoint configuration file

myClientVpnEndpoint

AWS::EC2::ClientVpnEndpoint
AuthenticationOptions
ActiveDirectory

FederatedAuthentication

MutualAuthentication

ClientConnectOptions

ClientLoginBannerOptions

ConnectionLogOptions

DnsServers

SecurityGroupIds

TagSpecifications

Tags

myAuthRule

AWS::EC2::ClientVpnAuthorizationRule

myNetworkAssociation

AWS::EC2::ClientVpnTargetNetworkAssociation

myRoute

AWS::EC2::ClientVpnRoute

CloudFormation Template

© 2024 asecurecloud. All rights reserved.