AWS Client VPN quotas - AWS Client VPN

AWS Client VPN quotas

Your AWS account has the following quotas related to Client VPN endpoints. You can request an increase for some of these quotas.

  • Number of Client VPN endpoints per Region: 5

  • Number of authorization rules per Client VPN endpoint: 50

  • Number of routes per Client VPN endpoint: 10

  • Number of concurrent client connections per Client VPN endpoint: 2000

  • Number of concurrent operations per Client VPN endpoint: 10

    Operations include:

    • Associating or disassociating subnets

    • Creating or deleting routes

    • Creating or deleting inbound and outbound rules

    • Creating or deleting security groups

For quotas and rules related to configuring users and groups in an identity provider (IdP) for SAML-based federated authentication, see Requirements and considerations for SAML-based federated authentication.

General considerations

Take the following into consideration when you use Client VPN endpoints:

  • If you use Active Directory to authenticate the user, the Client VPN endpoint must belong to the same account as the AWS Directory Service resource used for Active Directory authentication.

  • If you use SAML-based federated authentication to authenticate a user, the Client VPN endpoint must belong to the same account as the IAM SAML identity provider that you create to define the IdP-to-AWS trust relationship. The IAM SAML identity provider can be shared across multiple Client VPN endpoints in the same AWS account.