AWS client VPN pricing estimation
My interpretation of the pricing is:
AWS Client VPN endpoint association @ $0.10hr $0.15 * 24 (hours) * 30 (days) * 8 (subnets) = $864
AWS Client VPN connection @ $0.05 per hour $0.05 * 100 users * 12 hours * 20 days per month = $1200
Total $2064 per month, which is close to what you said, maybe because I used 20 business days per month rather than 30 days. The pricing page doesn't say you're charged for bandwidth, but it wouldn't surprised me if AWS charge for that as well anyway.
It seems fairly expensive, but I don't know how it compared with standard remote access setups. I suggest integrating it with Active Directory and MFA for security, you can use a Client Certificate but that's a single factor with no password.
The calculations make it easy how to see how to reduce cost:
- Associate with fewer subnets - maybe you can proxy / route something differently, perhaps by using a bastion, but that makes it less usable
- Turn it off outside business hours by removing subnet associations - this is easy to automate but means no-one can log in at all outside business hours
- Reduce user numbers or connection time - perhaps there's a way to drop idle connections?