Hello, I have a WorkDocs site setup for several users. I use some IP whitelisting for the users’ home IP address to limit public access. But I have one user that travels a lot and the IP constantly changes for that user. I was hoping to use Client VPN for this user but apparently it can’t use a static IP, which just blows my mind. I’ve been through the ringer with AWS Support with no results, plus having to try and bridge Client VPN and WorkDocs in one ticket just has support confused.
Supports’ idea was to use a NAT gateway but the VPN traffic still comes in via the public internet, so the user’s public IP still is a problem and would need to be whitelisted.
I really just need an easy way to have this traveling user get a static public IP that I could add to the WorkDocs IP list. Anyone have a good idea that isn’t me having to stand up a Ec2 instance to host my own VPN?
Why are you doing IP whitelisting to begin with? Most people’s homes have dynamic IPs, so they will change anyway, and you’re preventing users from leveraging any mobile client at all, do these people not have laptops that are impacted by this?
Assuming you could get Client VPN to work the way you want, would users use one password for the VPN and a different password for WorkDocs?
In any case, is AWS employing more robust security for their Client VPN product?
I live in the US. Your IP will change if the home user ever reboots their modem, if they ever lose power, or their connection to their ISP ever goes down. Some ISPs let you pay extra for a static IP but that’s getting more rare. Now, if you happen to live in an area where those things are uncommon, good for you, but, as a forewarning, you are setting yourself up for (to the user) random breakages that will need your involvement to fix since you’ll need to go update the whitelist
So your boss trusts the security on the VPN you created more than the security AWS builds into WorkDocs? Sounds like you don’t have MFA activated on WorkDocs…