Create an AWS Client VPN endpoint security group rule
The default security group for the VPC applied when you associate a subnet with a Client VPN might restrict traffic from the default security group traffic that you want to allow, while simultaneously allowing traffic that you don't want. Use the following steps to create a Client VPN endpoint security group rule that either allows or restricts traffic for an endpoint security group associated with a resource or application. For more information about security group rules, and how they work, see Security groups for your VPC in the Amazon VPC User Guide.
To add a rule that allows traffic from the Client VPN endpoint security group
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. In the navigation pane, choose Security Groups.
-
Choose the security group that's associated with your resource or application, and choose Actions, Edit inbound rules.
-
Choose Add rule.
-
For Type, choose All traffic. Alternatively, you can restrict access to a specific type of traffic, for example, SSH.
For Source, specify the ID of the security group that's associated with the target network (subnet) for the Client VPN endpoint.
-
Choose Save rules.