Amazon Client VPN is a managed client-based VPN service that enables secure and scalable access to AWS and on-premises resources. With Applications Manager, you can monitor the health and performance of your Client VPN endpoints by tracking key metrics such as connection status, data and packet transfer rates, active sessions, authentication failures, and more. It also provides visibility into endpoint configuration details like logging, authentication methods, certificates, and routing options, helping you ensure secure connectivity, detect anomalies, and troubleshoot issues quickly.
To learn how to create a new AWS Client VPN monitor, refer here.
Go to the Monitors Category View by clicking the Monitors tab. Click on the Client VPN instance available under Amazon in the Cloud Apps section. Displayed is the Amazon Route Health Checks bulk configuration view distributed into three tabs:
By clicking a monitor from the list, you'll be taken to the AWS Client VPN dashboard which includes the following tabs:
| Parameter | Description |
|---|---|
| STATUS INFORMATION | |
| State | Describes the state of a Client VPN endpoint. Possible values: Pending-associate | Available | Deleting | Deleted. |
| DAYA UNTIL REVOKED CERTIFICATES LIST EXPIRES | |
| Days Until Revoked Certificates List Expires | The minimum number of days until the Certificate Revocation List (CRL) configured on the Client VPN endpoint expires at the time of the poll (in days). |
| AUTHENTICATION FAILURES | |
| Authentication Failures | The total number of authentication failures for the Client VPN endpoint between the poll interval. |
| DATA RECEIVED | |
| Rate of Data Received | The total amount of data received per second by the Client VPN endpoint between the poll interval (in MB/s). |
| Data Received | The total amount of data received by the Client VPN endpoint between the poll interval (in MB). |
| DATA SENT | |
| Rate of Data Sent | The total amount of data sent per second from the Client VPN endpoint between the poll interval (in MB/s). |
| Data Sent | The total amount of data sent from the Client VPN endpoint between the poll interval (in MB). |
| PACKETS RECEIVED | |
| Rate of Packets Received | The total number of packets received per second by the Client VPN endpoint between the poll interval (in packets/s). |
| Packets Received | The total number of packets received by the Client VPN endpoint between the poll interval (in packets). |
| PACKETS SENT | |
| Rate of Packets Sent | The total number of packets sent per second from the Client VPN endpoint between the poll interval (in packets/s). |
| Packets Sent | The total number of packets sent from the Client VPN endpoint between the poll interval (in packets). |
| ACTIVE CONNECTIONS | |
| Active Connections | The average number of active connections to the Client VPN endpoint at the time of polling. |
| CONFIGURATION DOWNLOADS | |
| Configuration Downloads | The total number of downloads of the Client VPN configuration file from the self-service portal between the poll interval. |
| CONNECT HANDLER ERRORS | |
| Timeouts | The total number of timeouts when invoking the client connect handler for connections to the Client VPN endpoint between the poll interval. |
| Invalid Responses | The total number of invalid responses returned by the client connect handler for connections to the Client VPN endpoint between the poll interval. |
| Execution Errors | The total number of unexpected errors while running the client connect handler for connections to the Client VPN endpoint between the poll interval. |
| Throttling Errors | The total number of throttling errors on invoking the client connect handler for connections to the Client VPN endpoint between the poll interval. |
| Denied Connections | The total number of connections denied by the client connect handler for the Client VPN endpoint between the poll interval. |
| Service Errors | The total number of service-side errors while running the client connect handler for connections to the Client VPN endpoint between the poll interval. |
| Parameter | Description |
|---|---|
| CONFIGURATION | |
| Description | A brief description of the endpoint. |
| Creation Time | The date and time the Client VPN endpoint was created. |
| VPC ID | The identifier of the Virtual Private Cloud (VPC) to associate with this resource. |
| Security Groups | The IDs of the security groups for the target network. |
| Client Certificate ARN | The unique identifier (ARN) of a certificate used for authentication between clients and AWS services. |
| Server Certificate ARN | The Amazon Resource Name (ARN) of the SSL/TLS certificate used by the VPN server to authenticate itself to connecting clients. |
| DNS Name | The DNS name to be used by clients when connecting to the Client VPN endpoint. |
| DNS Servers | List of DNS servers to be used for DNS Resolution. |
| Authenticate Type | Specifies the authentication method for Client VPN connections. Valid values: Certificate-authentication (mutual certificate-based)| Directory-service-authentication (Active Directory)| or Federated-authentication (SAML-based identity federation). |
| VPN Protocol | The tunneling protocol used to establish secure connections between clients and the VPN endpoint. |
| Transport Protocol | The transport protocol used by the Client VPN endpoint. Possible values: TCP | UDP. |
| CLIENT & SESSION CONFIGURATION | |
| Client Login Banner Options | When enabled, displays a customizable banner message to users when they connect to the Client VPN endpoint. |
| Client Connect Options | When enabled, ClientConnectOptions allows you to run custom logic when clients connect to the VPN endpoint. |
| Split Tunnel | Indicates whether split-tunnel is enabled in the AWS Client VPN endpoint. |
| Client Route Enforcement | The current status of Client Route Enforcement. Possible Values: Enabled | Disabled. |
| Connection Log Options | Indicates whether client connection logging is enabled for the Client VPN endpoint. |
| Client CIDR Block | The IPv4 address range, in CIDR notation, from which client IP addresses are assigned. |
| VPN Port | The port number for the Client VPN endpoint. |
| Session Timeout Hours | The maximum VPN session duration time in hours. Possible values: 8 | 10 | 12 | 24. (Hours) |
| Disconnect on Session Timeout | Indicates whether the client VPN session is disconnected after the maximum sessionTimeoutHours is reached. If enabled, users are prompted to reconnect; if disabled, reconnection happens automatically. |
Thank you for your feedback!
