Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS::EC2::ClientVpnTargetNetworkAssociation - Support SecurityGroup IDs #199

Closed
caphrim007 opened this issue Sep 29, 2019 · 2 comments
Closed
Labels
networking & content deliv

Comments

@caphrim007
Copy link

caphrim007 commented Sep 29, 2019

1. Title

AWS::EC2::ClientVpnTargetNetworkAssociation-SecurityGroupIds

2. Scope of request

The existing resource does not support the ability to apply security groups to the associated target networks.

This is supported, however, supported via the AWS CLI

3. Expected behavior

In Create, it should include SecurityGroupIds, like the console.

In Update, change the attribute SecurityGroupIds. It shouldn't require replacement, like the API.

In Delete, the security group applied should be the default SG for the VPC. This is the default SG that is applied if no SG is supplied anyway.

5. Helpful Links to speed up research and evaluation

Usage of the AWS CLI to implement this today

https://docs.aws.amazon.com/cli/latest/reference/ec2/apply-security-groups-to-client-vpn-target-network.html

6. Category - Will help with tagging and be easier to find by other users to +1

Networking & Content (VPC, Route53, API GW,...)

7. Any additional context (optional)

@nmussy
Copy link

nmussy commented Sep 30, 2019

This would also be helpful for the CDK, see aws-cdk#4233

@TheDanBlanco TheDanBlanco added the networking & content deliv label Oct 9, 2019
@cfn-github-issues-bot cfn-github-issues-bot added this to Researching in coverage-roadmap Aug 19, 2021
@cfn-github-issues-bot cfn-github-issues-bot moved this from Researching to Shipped in coverage-roadmap Aug 19, 2021
@WaelA
Copy link
Contributor

WaelA commented Sep 9, 2021

Closing this issue as security groups specified in a ClientVPNEndpoint resource are applied to all associated target networks. Additionally, the apply-security-groups-to-client-vpn-target-network CLI/API performs the same operation as adding or removing security groups via a ClientVPNEndpoint resource.

More information about how Security Groups are used to restrict access in Client VPN can be found here: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-restrict.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
networking & content deliv
Projects
coverage-roadmap
  
Shipped
Development

No branches or pull requests

5 participants