Enable connection logging for a new AWS Client VPN endpoint

You can enable connection logging when you create a new Client VPN endpoint by using the console or the command line.

To enable connection logging for a new Client VPN endpoint using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Client VPN Endpoints, and then choose Create Client VPN endpoint.
Complete the options until you reach the Connection Logging section. For more information about the options, see Create an AWS Client VPN endpoint.
Under Connection logging, turn on Enable log details on client connections.
For CloudWatch Logs log group name, choose the name of the CloudWatch Logs log group.
(Optional) For CloudWatch Logs log stream name, choose the name of the CloudWatch Logs log stream.
Choose Create Client VPN endpoint.

To enable connection logging for a new Client VPN endpoint using the AWS CLI

Use the create-client-vpn-endpoint command, and specify the --connection-log-options parameter. You can specify the connection logs information in JSON format, as shown in the following example.


{
    "Enabled": true,
    "CloudwatchLogGroup": "ClientVpnConnectionLogs",
    "CloudwatchLogStream": "NewYorkOfficeVPN"
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Connection logs

Enable connection logging for an existing endpoint