I am using AWS Client VPN with mutual authentication and I would like to restrict the access to my VPN endpoint(s) by specific user IP addresses. Is this possible ?
Asked
Active
Viewed 856 times
1
-
https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-restrict.html – hephalump Mar 01 '21 at 22:50
-
The above link may assist you. – hephalump Mar 01 '21 at 22:51
-
I have tried it already. But it seems that the security group applied to the VPN endpoint can be used only as a reference for other security groups to restrict inbound traffic. It can not be used for IP whitelisting. For example I have removed all inbound rules in my VPN endpoint security group, but I am still able to connect to VPN and my private resources. So it does not matter what you will have as inbound for the VPN sg - it always allow any inbound traffic. – Momchil Vangelov Mar 02 '21 at 00:33