AWS client VPN pricing estimation

amazon-web-services vpn amazon-vpc

My interpretation of the pricing is:

AWS Client VPN endpoint association @ $0.10hr $0.15 * 24 (hours) * 30 (days) * 8 (subnets) = $864

AWS Client VPN connection @ $0.05 per hour $0.05 * 100 users * 12 hours * 20 days per month = $1200

Total $2064 per month, which is close to what you said, maybe because I used 20 business days per month rather than 30 days. The pricing page doesn't say you're charged for bandwidth, but it wouldn't surprised me if AWS charge for that as well anyway.

It seems fairly expensive, but I don't know how it compared with standard remote access setups. I suggest integrating it with Active Directory and MFA for security, you can use a Client Certificate but that's a single factor with no password.

The calculations make it easy how to see how to reduce cost:

  • Associate with fewer subnets - maybe you can proxy / route something differently, perhaps by using a bastion, but that makes it less usable
  • Turn it off outside business hours by removing subnet associations - this is easy to automate but means no-one can log in at all outside business hours
  • Reduce user numbers or connection time - perhaps there's a way to drop idle connections?

Related

LSI MegaRaid - Image Drive from Failed RAID
Send test mail using telnet via smtps (465) port
NGINX proxy pass to separate port for route starting with /api
IPv6 is here and confuses me
Postfix rejecting mail from authenticated clients
Missed kernel messages
SAMBA shares are not working unless I enter an iptables command at every boot
Does azure VM disk contain information about the subscription?
How to troubleshoot a black screen (no video) on boot?
Missing locales on CentOS 7
UDP NAT traffic but no response on MikroTik RouterOS
Proving that there are at least $n$ primes between $n$ and $n^2$ for $n \ge 6$