Enable connection logging for an existing AWS Client VPN endpoint - AWS Client VPN
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

Enable connection logging for an existing AWS Client VPN endpoint

You can enable connection logging for an existing Client VPN endpoint by using the console or the command line.

To enable connection logging for an existing Client VPN endpoint using the console

  1. Open the Amazon VPC console at https://eusc-de-east-1.console.amazonaws-eusc.eu/vpc/.

  2. In the navigation pane, choose Client VPN Endpoints.

  3. Select the Client VPN endpoint, choose Actions, and then choose Modify Client VPN endpoint.

  4. Under Connection logging, turn on Enable log details on client connections.

  5. For CloudWatch Logs log group name, choose the name of the CloudWatch Logs log group.

  6. (Optional) For CloudWatch Logs log stream name, choose the name of the CloudWatch Logs log stream.

  7. Choose Modify Client VPN endpoint.

To enable connection logging for an existing Client VPN endpoint using the AWS CLI

Use the modify-client-vpn-endpoint command and specify the --connection-log-options parameter. You can specify the connection logs information in JSON format, as shown in the following example.

{
    "Enabled": true,
    "CloudwatchLogGroup": "ClientVpnConnectionLogs",
    "CloudwatchLogStream": "NewYorkOfficeVPN"
}