Link to home
Start Free TrialLog in
Avatar of Tessando
TessandoFlag for United States of America

asked on

Disconnecting AWS VPN Client Endpoints after 8 Hours

I need some assistance architecting a solution that is an automated way to remove Users from an AWS Client VPN Endpoint.

Because AWS charges for connections, I would like to create something that would automatically kick off a User and require them to log back in after 8 hours.

I've been told by AWS Support that this is attainable by using Lambda to check the state of the VPN connection and CloudWatch to execute a check during a given amount of time (say, every 5 minutes).

I am fairly competent with CloudWatch, so really I'm seeking some cose assistance.

The Lambda function would work something like this:

DescribeClientVpnConnections [1] could be used
 IF condition to verify that if the parameter "connectionEstablishedTime" has exceeded 8 hours duration.
 If it has exceeded 8 hours duration then to make another API call "TerminateClientVpnConnections " for that connection.

Does anyone have a good recipe for something like this? It doesn't have to be Lambda, that was just suggested by AWS Support.

Thanks for your help.


[1] https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-client-vpn-connections.html
ASKER CERTIFIED SOLUTION
Avatar of Tessando
Tessando
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial