Join Log in
Score:0
Vincent avatar Server

AWS Client VPN Security Group per groupID

tz flag
Vincent

I created a client VPN endpoint which uses Active directory as an authentication method.

This client VPN is supposed to allow access to private resources on our AWS VPC.

Now I understand that the "Target network associations" have security groups to control access to the target network which works together with the "Authorization Rules".

One thing I cannot seem to achieve is to Authorize specific ports (or maybe assign specific security groups) on a "Group ID" level.

The reason behind this is:

  1. I want business users to be able to connect to the vpn and access apps over port 80.
  2. I want developers to be able to connect to the vpn and access app over port 80 and access SSH on port 22.

Is there a way to achieve this?

I understand I can easily create 2 vpn endpoints, 1 for users and another for developers as a fallback but I ideally I want to achieve this with only a single VPN endpoint.

44
0 + 1
Tim avatar
gp flag
Tim
I haven't used Client VPN in a couple of years, but I don't think you can do that with one Client VPN. You'd have to use two, which doubles the already significant cost. I'd probably try to secure the targets - SSH should use certificate authentication, business users shouldn't have the keys so shouldn't be a problem in practice, but could be a compliance issue.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.