AWS Client VPN maximum VPN session duration - AWS Client VPN

AWS Client VPN maximum VPN session duration

AWS Client VPN provides several options for the maximum VPN session duration, which is the maximum time allowed for a client connection to the Client VPN endpoint. You can configure a shorter maximum VPN session duration to help meet security and compliance requirements. By default, the maximum VPN session duration is 24 hours. After session timeout expiry, a new session is automatically established in the case of cached user credentials (Active Directory) or certificate-based authentication (Mutual Authentication). To fully disconnect and not automatically reconnect, these users should manually disconnect. A new session is not automatically established in the case of federated authentication (SAML), so these users must authenticate again after session timeout expiry to establish the VPN connection.

Note

When the maximum VPN session duration value is decreased from its current value, any active VPN sessions that are connected to the endpoint for a time frame longer than the newly set duration are disconnected.

See Release notes for the AWS provided client in the AWS Client VPN User Guide for details on session duration for client desktop applications.

Configure the maximum VPN session during creation of an AWS Client VPN endpoint

The duration of a VPN session is configured during the creation of a Client VPN endpoint. See Create an AWS Client VPN endpoint for the steps to create a Client VPN endpoint and set the maximum session duration.