AWS Client VPN

Securely connect your remote workforce to AWS or on-premises resources

AWS Client VPN is a fully-managed remote access VPN solution used by your remote workforce to securely access resources within both AWS and your on-premises network. Fully elastic, it automatically scales up, or down, based on demand. When migrating applications to AWS, your users access them the same way before, during, and after the move. AWS Client VPN, including the software client, supports the OpenVPN protocol.

Remote Access with AWS Client VPN (14:44)


Advanced authentication

Many organizations require multi-factor authentication (MFA) and federated authentication from their VPN solution. AWS Client VPN supports these and other authentication methods.


Traditional on-premises VPN services are limited by the capacity of the hardware that runs them. AWS Client VPN is a pay-as-you-go cloud VPN service that elastically scales up or down based on user demand.

Remote access

Unlike on-premises VPN services, AWS Client VPN allows users to connect to AWS and on-premises networks using a single VPN connection.

Fully managed

AWS Client VPN automatically takes care of deployment, capacity provisioning, and service updates — while you monitor all connections from a single console.

Client VPN use cases

Quickly scale remote access

Unexpected events can require many of your employees to work remotely. This creates a spike in VPN connections and traffic that can reduce performance or availability for your users. AWS Client VPN is elastic, and automatically scales up to handle peak demand. When the spike has passed, it scales down so you are not paying for unused capacity.

Access applications during migration

AWS Client VPN provides users with secure access to applications both on premises and in AWS. This is helpful during a cloud migration when applications move from on-premises locations to the cloud. With AWS Client VPN, users don’t have to change the way they access their applications during or after migration.

Integrate with your authentication and MDM systems

AWS Client VPN supports authentication with Microsoft Active Directory using AWS Directory Services, Certificate-based authentication, and Federated Authentication using SAML-2.0 to facilitate these scenarios when using the AWS provided OpenVPN Client software. AWS Client VPN works with Mobile Device Management (MDM) solutions to reject devices that do not comply with the your policies.

Securely connecting IoT devices

Create encrypted connections between IoT devices and Amazon Virtual Private Cloud (VPC) resources using certificate-based authentication.

Customer stories

"Columbia University Medical Center is a clinical, research, and educational enterprise located on a campus in northern Manhattan. We have an emergency situation where due to the COVID 19 our hospital is limiting access to the campus. We needed to supplement our current physical VPN solution in order to support up to an additional 150 concurrent users with access to our datacenter and campus, so we have set up a Client VPN endpoint. With AWS Client VPN, our staff and researchers are quickly able to access the campus and continue to do research on the virus."

- Robert De Boer, Deputy CIO, Columbia University Medical Center

“Shionogi is a pharmaceutical company headquartered in Osaka, Japan, with research and distribution extended worldwide. We needed to dramatically and quickly change our VPN environment to support mandated Work From Home (WFH). This applied to all employees which was practically impossible with our current system. With AWS Client VPN, we were able to turn up the VPN environment for approximately 3,000 employees in just 3 days. As a result, end-users thanked us saying that the User Experience for the remote work has been greatly improved, which proved that our IT department can make a difference to the organization. The whole experience reminded us the power of the Cloud – for its speed, flexibility, and scalability.”

– Kazuhiro Shirahase, Director of IT Promotion Division I, Shionogi Digital Science Co., Ltd.

"KOKUYO is a manufacturing company headquartered in Osaka, Japan, creating more value in places where people ‘work’, ‘learn’, and ‘live.’ With products and services that go beyond KOKUYO's office and school supplies, the business is expanding both in Japan and also across Asia Pacific countries. In February 2020, when the COVID-19 pandemic was starting to expand, we identified the need to make changes to our existing VPN environment. Thanks to AWS Client VPN, we were able to support the rapid capacity expansion by replacing the original 550 users on our on-premises environment with 1,000 users on AWS Client VPN in the matter of 10 days. And, we were able to let it scale seamlessly from 1,000 to 4,000 users when needed, which gave us a unique experience with the elastic, scalable nature of the cloud. “
- Takashi Yamamura, General Manager, Information Systems, KOKUYO Co., Ltd.

Learn more about product pricing

Simple pricing so it's easy to know what is right for you.

Learn more 
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building in the console

Get started building with AWS VPN in the AWS Console.

Get started