Enable connection logging for an existing AWS Client VPN endpoint

You can enable connection logging for an existing Client VPN endpoint by using the console or the command line.

To enable connection logging for an existing Client VPN endpoint using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Client VPN Endpoints.
Select the Client VPN endpoint, choose Actions, and then choose Modify Client VPN endpoint.
Under Connection logging, turn on Enable log details on client connections.
For CloudWatch Logs log group name, choose the name of the CloudWatch Logs log group.
(Optional) For CloudWatch Logs log stream name, choose the name of the CloudWatch Logs log stream.
Choose Modify Client VPN endpoint.

To enable connection logging for an existing Client VPN endpoint using the AWS CLI

Use the modify-client-vpn-endpoint command and specify the --connection-log-options parameter. You can specify the connection logs information in JSON format, as shown in the following example.


{
    "Enabled": true,
    "CloudwatchLogGroup": "ClientVpnConnectionLogs",
    "CloudwatchLogStream": "NewYorkOfficeVPN"
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Enable connection logging for a new endpoint

View connection logs