User Tools
Sidebar
aws:client-vpn
Table of Contents
AWS Client VPN
Description
Diagram
Run Down
- Add SAML application to SSO Provider
- Add SAML IdP to AWS Account
- Add mutual authentications server certificate to ACM
- Create AWS Client VPN endpoint and associate to VPC subnets
SSO Providers
Okta
- Sign on settings memberOf *
- Advanced sign on settings set port of 35001
Azure AD
- urn:amazon:webservices:clientvpn
- Add https://127.0.0.1:35001 (edit manifest to change to http)
- Edit SAML signing to response and assertion
- Edit user attributes and claims
- Assign user / group
AWS SSO
- Manually enter info
- urn:amazon:webservices:clientvpn
- Edit user attributes and claims
- Assign user / group
| Attribute | Map | Format |
|---|---|---|
| Subject | ${user:email} | emailAddress |
| FirstName | ${user:givenName} | unspecified |
| LastName | ${user:familyName} | unspecified |
| memberOf | ${user:groups} | unspecified |
AWS Account
IdP
- Add SAML identity provider
- upload meta data from SSO provider
ACM
- Add certificate and paste in cert, key, and ca cert
git clone https://github.com/OpenVPN/easy-rsa.git cd easy-rsa/easyrsa3 ./easyrsa init-pki ./easyrsa build-ca nopass ./easyrsa build-server-full SERVERNAME nopass ./easyrsa build-client-full CLIENT.DOMAIN.TLD nopass
VPN Endpoint
- Select server cert
- Select user based authentication, federated authentication, SAML IdP
aws/client-vpn.txt · Last modified: by 127.0.0.1
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
