How to configure AWS CLI to use AWS role?
Install AWS CLI. Configure the AWS CLI. Leave AWS Access Key ID and AWS Secret Access Key as blank as we want to use a Role. Modify the Region and Output Format values if required.
How do I connect to AWS client VPN?
To connect to AWS Client VPN, complete the following steps: Open AWS Client VPN application. On the Filemenu, choose Manage Profiles. Choose Add Profile. Add a display name and choose the VPN configuration file that was downloaded and modified. Choose Add Profile. Choose Done.
How to configure the remote access server?
Configure the Remote Access server with the security groups that contain DirectAccess clients. Configure the Remote Access server settings. Configure the infrastructure servers that are used in the organization. Configure the application servers to require authentication and encryption.
How do I configure DirectAccess for remote management only?
To configure DirectAccess clients. In the middle pane of the Remote Access Management console, in the Step 1 Remote Clients area, click Configure. In the DirectAccess Client Setup Wizard, on the Deployment Scenario page, click Deploy DirectAccess for remote management only, and then click Next. On the Select Groups page, click Add.
Overview
The following diagram, shows the high-level architecture of an example scenario of using AWS Client VPN and connecting to an RDS instance.
Generating a certificate
For instructions on creating a server certificate using OpenVPN easy-rsa tool, see Mutual authentication.
Creating a VPC and subnets
Create a VPC to host the subnets and the subnet group for the RDS instance with the following code:
Creating a security group
Create a security group to be used by the AWS Client VPN endpoint and the RDS instance with the following code:
Creating an AWS Client VPN endpoint
Create an AWS Client VPN endpoint and attach it to the VPC with the following code. You use the client IP4 CIDR to assign IP addresses to the client connections. Use your own server certificate arn generated in the previous step.
Creating an Active directory
Because the SQL Server RDS instance also uses Windows authentication, create an Active Directory to be associated to the RDS instance:
Creating the SQL Server RDS instance
To create an RDS instance, you need to create a subnet group and a directory service AWS Identity and Access Management (IAM) role. This IAM role uses the managed IAM policy AmazonRDSDirectoryServiceAccess and allows Amazon RDS to make calls to the active directory.