Guided Walkthroughs

Configuration Packages

AI CloudAdvisor (Beta)

By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSAWS SSOIAM PoliciesVPC Endpoint PoliciesCloudFormation Guard RulesLoad BalancersRDS Event SubscriptionsAWS Resource Access Manager (RAM)

By Service Protected

Reference Guides


VPC Security Controls

Client VPN Endpoint

Configuration template to set up an AWS Client VPN including the Client VPN Endpoint, VPN Authorization Rules and VPN Routes. The template includes the option to configure authentication, VPC and network settings, and more. 

This template includes the following options:

  • VPN Port and Transport Protocol
  • Client CIDR Block: The IPv4 address range, in CIDR notation, from which to assign client IP addresses
  • VPC Id, Subnet Ids, and Security Groups to specify the location of the VPN endpoints and associated security group rules
  • Server Certificate Arn: The ACM certificate ARN that will be used for the server 
  • Authentication Types (You can select one authentication method or a combination of mutual authentication with a user-based method):
    • Mutual (Certificate) Authentication
    • Directory Service Authentication
    • Federated Authentication
  • DNS Servers if you want to configure DNS servers for the clients to use (otherwise the local DNS servers on the client machines are used)
  • Split Tunneling to control which client traffic is forwarded to the VPN tunnel
  • Self-Service Portal to enable a portal that allows users to download the latest version of the AWS provided client and the latest version of the Client VPN endpoint configuration file
Try out CloudAdvisor: Your AI-Powered Assistant for AWS Cloud

0.5 KB
Missing Parameters
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
    Type: "AWS::EC2::ClientVpnEndpoint"
      ClientCidrBlock: ""
      ServerCertificateArn: ""
        Enabled: false
        Enabled: false
      TransportProtocol: "udp"
      SplitTunnel: false
      VpnPort: 443
      SelfServicePortal: "enabled"
      SessionTimeoutHours: 24
        Enabled: false
Parameters: {}
Metadata: {}
Conditions: {}


Customize Template

VPN Network Settings

Client VPN Settings

* Required field

Upgrade to Premium for More Features
Sign up

Guided Walkthroughs
Step-by-step configuration wizards for your environment
Dedicated Security Account
AWS Backup Strategy
VPC Connectivity Setup
Automated Patching
All Guides
Configuration Packages
Pre-built packages for common configuration
Common SCPs
CloudFormation Guard Rules
Auto Remediation Rules
IAM Monitoring & Compliance
All Packages
Automated Assessments
  • 350+ security checks
  • Well-architected reviews
  • Detailed compliance reports
  • Remediation templates
  • Email summaries
  • Learn more