Create an AWS Client VPN endpoint security group rule

The default security group for the VPC applied when you associate a subnet with a Client VPN might restrict traffic from the default security group traffic that you want to allow, while simultaneously allowing traffic that you don't want. Use the following steps to create a Client VPN endpoint security group rule that either allows or restricts traffic for an endpoint security group associated with a resource or application. For more information about security group rules, and how they work, see Security groups for your VPC in the Amazon VPC User Guide.

To add a rule that allows traffic from the Client VPN endpoint security group

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Security Groups.
Choose the security group that's associated with your resource or application, and choose Actions, Edit inbound rules.
Choose Add rule.
For Type, choose All traffic. Alternatively, you can restrict access to a specific type of traffic, for example, SSH.

For Source, specify the ID of the security group that's associated with the target network (subnet) for the Client VPN endpoint.
Choose Save rules.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Client authorization

Connection authorization