{"id":2417,"date":"2025-03-24T08:47:28","date_gmt":"2025-03-23T23:47:28","guid":{"rendered":"https:\/\/dexall.co.jp\/articles\/?p=2417"},"modified":"2025-03-24T08:47:51","modified_gmt":"2025-03-23T23:47:51","slug":"aws-client-vpn%e3%81%ae%e5%b0%8e%e5%85%a5%e5%ae%8c%e5%85%a8%e3%82%ac%e3%82%a4%e3%83%89%ef%bc%9a3%e6%99%82%e9%96%93%e3%81%a7%e4%bd%9c%e3%82%8b%e3%82%bb%e3%82%ad%e3%83%a5%e3%82%a2%e3%81%aa%e3%83%aa","status":"publish","type":"post","link":"https:\/\/dexall.co.jp\/articles\/?p=2417","title":{"rendered":"AWS Client VPN\u306e\u5c0e\u5165\u5b8c\u5168\u30ac\u30a4\u30c9\uff1a3\u6642\u9593\u3067\u4f5c\u308b\u30bb\u30ad\u30e5\u30a2\u306a\u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u74b0\u5883"},"content":{"rendered":"\n<div class=\"toc\"><br \/>\n<b>Warning<\/b>:  Undefined array key \"is_admin\" in <b>\/home\/xs392991\/dexall.co.jp\/public_html\/articles\/wp-content\/themes\/sango-theme\/library\/gutenberg\/dist\/classes\/Toc.php<\/b> on line <b>116<\/b><br \/>\n<br \/>\n<b>Warning<\/b>:  Undefined array key \"is_category_top\" in <b>\/home\/xs392991\/dexall.co.jp\/public_html\/articles\/wp-content\/themes\/sango-theme\/library\/gutenberg\/dist\/classes\/Toc.php<\/b> on line <b>121<\/b><br \/>\n<br \/>\n<b>Warning<\/b>:  Undefined array key \"is_top\" in <b>\/home\/xs392991\/dexall.co.jp\/public_html\/articles\/wp-content\/themes\/sango-theme\/library\/gutenberg\/dist\/classes\/Toc.php<\/b> on line <b>128<\/b><br \/>\n    <div id=\"toc_container\" class=\"sgb-toc--bullets js-smooth-scroll\" data-dialog-title=\"\u76ee\u6b21\">\n      <p class=\"toc_title\">\u76ee\u6b21 <\/p>\n      <ul class=\"toc_list\">  <li class=\"first\">    <a href=\"#i-0\">AWS Client VPN\u3068\u306f\uff1a\u7279\u5fb4\u3068\u9078\u3076\u3079\u304d\u7406\u7531<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-1\">AWS\u304c\u63d0\u4f9b\u3059\u308b\u30de\u30cd\u30fc\u30b8\u30c9\u578bVPN\u30b5\u30fc\u30d3\u30b9\u306e\u5f37\u307f<\/a>      <\/li>      <li>        <a href=\"#i-2\">\u5f93\u6765\u578bVPN\u3068\u6bd4\u8f03\u3057\u305f\u969b\u306e\u30e1\u30ea\u30c3\u30c8\u30fb\u30c7\u30e1\u30ea\u30c3\u30c8<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-5\">\u30b3\u30b9\u30c8\u69cb\u9020\u3068\u6708\u984d\u6599\u91d1\u306e\u8a08\u7b97\u65b9\u6cd5<\/a>      <\/li>    <\/ul>  <\/li>  <li>    <a href=\"#i-7\">AWS Client VPN\u306e\u69cb\u7bc9\u624b\u9806\uff1a\u30b9\u30c6\u30c3\u30d7\u30d0\u30a4\u30b9\u30c6\u30c3\u30d7\u30ac\u30a4\u30c9<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-8\">VPC\u3068\u30b5\u30d6\u30cd\u30c3\u30c8\u306e\u6e96\u5099\uff1a\u57fa\u790e\u3068\u306a\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8a2d\u8a08<\/a>      <\/li>      <li>        <a href=\"#i-9\">\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u3068\u30a4\u30f3\u30dd\u30fc\u30c8\uff1a\u8a8d\u8a3c\u57fa\u76e4\u306e\u69cb\u7bc9<\/a>      <\/li>      <li>        <a href=\"#i-10\">\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u8a2d\u5b9a\uff1a\u63a5\u7d9a\u30dd\u30a4\u30f3\u30c8\u306e\u78ba\u7acb<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-11\">\u30eb\u30fc\u30c8\u30c6\u30fc\u30d6\u30eb\u306e\u8a2d\u5b9a\uff1a\u9069\u5207\u306a\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u306e\u5b9f\u88c5<\/a>      <\/li>    <\/ul>  <\/li>  <li>    <a href=\"#i-12\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\uff1a\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u3068\u30ed\u30b0\u7ba1\u7406<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-13\">\u8a8d\u8a3c\u65b9\u5f0f\u306e\u9078\u629e\u3068\u5b9f\u88c5\uff1aMFA\u306b\u3088\u308b\u5f37\u56fa\u306a\u8a8d\u8a3c<\/a>      <\/li>      <li>        <a href=\"#i-14\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u306e\u8a2d\u5b9a\uff1a\u9069\u5207\u306a\u30a2\u30af\u30bb\u30b9\u5236\u5fa1<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-15\">\u76e3\u67fb\u30ed\u30b0\u306e\u6709\u52b9\u5316\uff1a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u76e3\u8996\u306e\u5b9f\u88c5<\/a>      <\/li>    <\/ul>  <\/li>  <li>    <a href=\"#i-16\">\u904b\u7528\u7ba1\u7406\uff1a\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u3068\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-17\">\u4e00\u822c\u7684\u306a\u30c8\u30e9\u30d6\u30eb\u3068\u89e3\u6c7a\u65b9\u6cd5\uff1a\u63a5\u7d9a\u554f\u984c\u306e\u5bfe\u51e6\u6cd5<\/a>      <\/li>      <li>        <a href=\"#i-20\">\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u30c1\u30e5\u30fc\u30cb\u30f3\u30b0\uff1a\u5feb\u9069\u306a\u63a5\u7d9a\u74b0\u5883\u306e\u5b9f\u73fe<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-21\">\u30b3\u30b9\u30c8\u6700\u9069\u5316\uff1a\u6599\u91d1\u3092\u6291\u3048\u308b\u305f\u3081\u306eTips<\/a>      <\/li>    <\/ul>  <\/li>  <li class=\"last\">    <a href=\"#i-22\">\u767a\u5c55\u7684\u306a\u69cb\u6210\uff1a\u30b9\u30b1\u30fc\u30e9\u30d3\u30ea\u30c6\u30a3\u3068HA\u5bfe\u5fdc<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-23\">\u30de\u30eb\u30c1AZ\u69cb\u6210\uff1a\u53ef\u7528\u6027\u306e\u5411\u4e0a<\/a>      <\/li>      <li>        <a href=\"#i-24\">\u8907\u6570\u30ea\u30fc\u30b8\u30e7\u30f3\u5bfe\u5fdc\uff1a\u30b0\u30ed\u30fc\u30d0\u30eb\u5c55\u958b\u306e\u30dd\u30a4\u30f3\u30c8<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-25\">\u5927\u898f\u6a21\u74b0\u5883\u3067\u306e\u6ce8\u610f\u70b9\uff1a\u6570\u767e\u4eba\u898f\u6a21\u306e\u904b\u7528\u30ce\u30a6\u30cf\u30a6<\/a>      <\/li>    <\/ul>  <\/li><\/ul>\n      <a href=\"#\" class=\"sgb-toc-button js-toc-button\" rel=\"nofollow\" data-open-dialog=\"true\"><i class=\"fa fa-list\"><\/i><span class=\"sgb-toc-button__text\">\u76ee\u6b21\u3078<\/span><\/a>\n    <\/div><\/div><h2 class=\"wp-block-heading\" id=\"i-0\">AWS Client VPN\u3068\u306f\uff1a\u7279\u5fb4\u3068\u9078\u3076\u3079\u304d\u7406\u7531<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-1\">AWS\u304c\u63d0\u4f9b\u3059\u308b\u30de\u30cd\u30fc\u30b8\u30c9\u578bVPN\u30b5\u30fc\u30d3\u30b9\u306e\u5f37\u307f<\/h3>\n\n\n\n<p>AWS Client VPN\u306f\u3001AWS\u304c\u63d0\u4f9b\u3059\u308b\u30d5\u30eb\u30de\u30cd\u30fc\u30b8\u30c9\u578b\u306eVPN\u30b5\u30fc\u30d3\u30b9\u3067\u3059\u3002\u3053\u306e\u30b5\u30fc\u30d3\u30b9\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u30ea\u30e2\u30fc\u30c8\u30ef\u30fc\u30ab\u30fc\u3084\u30e2\u30d0\u30a4\u30eb\u30e6\u30fc\u30b6\u30fc\u304c\u5b89\u5168\u306bAWS\u30ea\u30bd\u30fc\u30b9\u3084\u30aa\u30f3\u30d7\u30ec\u30df\u30b9\u74b0\u5883\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u74b0\u5883\u3092\u69cb\u7bc9\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n<p>\u4e3b\u306a\u7279\u5fb4\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30d5\u30eb\u30de\u30cd\u30fc\u30b8\u30c9\u578b\u30b5\u30fc\u30d3\u30b9<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u7ba1\u7406\u304c\u4e0d\u8981<\/li>\n\n\n\n<li>\u30d1\u30c3\u30c1\u9069\u7528\u3084\u66f4\u65b0\u306fAWS\u304c\u81ea\u52d5\u3067\u5b9f\u65bd<\/li>\n\n\n\n<li>24\u6642\u9593365\u65e5\u306e\u53ef\u7528\u6027\u76e3\u8996<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u67d4\u8edf\u306a\u30b9\u30b1\u30fc\u30ea\u30f3\u30b0<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u6570\u4eba\u304b\u3089\u6570\u5343\u4eba\u898f\u6a21\u307e\u3067\u5bfe\u5fdc\u53ef\u80fd<\/li>\n\n\n\n<li>\u4f7f\u7528\u91cf\u306b\u5fdc\u3058\u305f\u81ea\u52d5\u30b9\u30b1\u30fc\u30ea\u30f3\u30b0<\/li>\n\n\n\n<li>\u5fc5\u8981\u306b\u5fdc\u3058\u305f\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u8ffd\u52a0\u30fb\u524a\u9664<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u9ad8\u5ea6\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>TLS 1.2\u306b\u3088\u308b\u6697\u53f7\u5316<\/li>\n\n\n\n<li>\u8a3c\u660e\u66f8\u30d9\u30fc\u30b9\u306e\u8a8d\u8a3c<\/li>\n\n\n\n<li>Active Directory\u7d71\u5408<\/li>\n\n\n\n<li>\u30de\u30eb\u30c1\u30d5\u30a1\u30af\u30bf\u30fc\u8a8d\u8a3c\uff08MFA\uff09\u5bfe\u5fdc<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-2\">\u5f93\u6765\u578bVPN\u3068\u6bd4\u8f03\u3057\u305f\u969b\u306e\u30e1\u30ea\u30c3\u30c8\u30fb\u30c7\u30e1\u30ea\u30c3\u30c8<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"i-3\">\u30e1\u30ea\u30c3\u30c8<\/h4>\n\n\n<div id=\"id-430beee1-71bc-4cb9-9d9d-8ee834e8200c\">\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>\u9805\u76ee<\/th><th>AWS Client VPN<\/th><th>\u5f93\u6765\u578bVPN<\/th><\/tr><\/thead><tbody><tr><td>\u521d\u671f\u69cb\u7bc9<\/td><td>\u6570\u6642\u9593\u3067\u5b8c\u4e86<\/td><td>\u6570\u9031\u9593\u301c\u6570\u30f6\u6708<\/td><\/tr><tr><td>\u904b\u7528\u7ba1\u7406<\/td><td>AWS\u306b\u3088\u308b\u81ea\u52d5\u7ba1\u7406<\/td><td>\u624b\u52d5\u7ba1\u7406\u304c\u5fc5\u8981<\/td><\/tr><tr><td>\u30b9\u30b1\u30fc\u30ea\u30f3\u30b0<\/td><td>\u81ea\u52d5\u30fb\u67d4\u8edf<\/td><td>\u624b\u52d5\u30fb\u8981\u8a08\u753b<\/td><\/tr><tr><td>\u53ef\u7528\u6027<\/td><td>99.9%\u306eSLA<\/td><td>\u69cb\u6210\u306b\u3088\u308b<\/td><\/tr><tr><td>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0<\/td><td>\u81ea\u52d5\u9069\u7528<\/td><td>\u624b\u52d5\u9069\u7528<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\" id=\"i-4\">\u30c7\u30e1\u30ea\u30c3\u30c8<\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30b3\u30b9\u30c8\u9762<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u63a5\u7d9a\u6642\u9593\u30d9\u30fc\u30b9\u306e\u8ab2\u91d1<\/li>\n\n\n\n<li>\u5c0f\u898f\u6a21\u5229\u7528\u6642\u306f\u30b3\u30b9\u30c8\u9ad8\u3068\u306a\u308b\u53ef\u80fd\u6027<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u6027<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u7d30\u304b\u306a\u8a2d\u5b9a\u5909\u66f4\u304c\u5236\u9650\u3055\u308c\u308b<\/li>\n\n\n\n<li>\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u5236\u9650\u3042\u308a<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u4f9d\u5b58\u6027<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS\u30b5\u30fc\u30d3\u30b9\u3078\u306e\u4f9d\u5b58<\/li>\n\n\n\n<li>\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u63a5\u7d9a\u5fc5\u9808<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-5\">\u30b3\u30b9\u30c8\u69cb\u9020\u3068\u6708\u984d\u6599\u91d1\u306e\u8a08\u7b97\u65b9\u6cd5<\/h3>\n\n\n\n<p>AWS Client VPN\u306e\u6599\u91d1\u4f53\u7cfb\u306f\u4ee5\u4e0b\u306e\u8981\u7d20\u3067\u69cb\u6210\u3055\u308c\u3066\u3044\u307e\u3059\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u95a2\u9023\u8cbb\u7528<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u7a3c\u50cd\u6642\u9593: $0.10\/\u6642\u9593<\/li>\n\n\n\n<li>\u30b5\u30d6\u30cd\u30c3\u30c8\u30a2\u30bd\u30b7\u30a8\u30fc\u30b7\u30e7\u30f3: $0.10\/\u6642\u9593\/\u30b5\u30d6\u30cd\u30c3\u30c8<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u63a5\u7d9a\u95a2\u9023\u8cbb\u7528<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u30a2\u30af\u30c6\u30a3\u30d6\u63a5\u7d9a\u6642\u9593: $0.05\/\u6642\u9593\/\u63a5\u7d9a<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"i-6\">\u6708\u984d\u8a66\u7b97\u4f8b<\/h4>\n\n\n\n<p>20\u4eba\u898f\u6a21\u306e\u7d44\u7e54\u3067\u306e\u5229\u7528\u3092\u60f3\u5b9a\u3057\u305f\u6708\u984d\u8a66\u7b97\uff1a<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\u3010\u8a08\u7b97\u4f8b\u3011\n- \u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u8cbb\u7528\uff1a\n  $0.10 \u00d7 24\u6642\u9593 \u00d7 30\u65e5 = $72\n\n- \u30b5\u30d6\u30cd\u30c3\u30c8\u8cbb\u7528\uff082\u3064\u306eAZ\uff09\uff1a\n  $0.10 \u00d7 24\u6642\u9593 \u00d7 30\u65e5 \u00d7 2 = $144\n\n- \u63a5\u7d9a\u8cbb\u7528\uff081\u4eba\u3042\u305f\u308a8\u6642\u9593\/\u65e5\u306e\u4f7f\u7528\uff09\uff1a\n  $0.05 \u00d7 8\u6642\u9593 \u00d7 20\u65e5 \u00d7 20\u4eba = $160\n\n\u5408\u8a08\uff1a$376\/\u6708<\/pre>\n\n\n\n<p>\u3053\u306e\u3088\u3046\u306b\u3001AWS Client VPN\u306f\u5f93\u6765\u578bVPN\u3068\u6bd4\u8f03\u3057\u3066\u3001\u904b\u7528\u7ba1\u7406\u306e\u624b\u9593\u3092\u5927\u5e45\u306b\u524a\u6e1b\u3067\u304d\u308b\u4e00\u65b9\u3067\u3001\u4f7f\u7528\u91cf\u306b\u5fdc\u3058\u305f\u30b3\u30b9\u30c8\u304c\u767a\u751f\u3057\u307e\u3059\u3002\u7d44\u7e54\u306e\u898f\u6a21\u3084\u5229\u7528\u30d1\u30bf\u30fc\u30f3\u306b\u5fdc\u3058\u3066\u3001\u9069\u5207\u306a\u69cb\u6210\u3092\u691c\u8a0e\u3059\u308b\u3053\u3068\u304c\u91cd\u8981\u3067\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"i-7\">AWS Client VPN\u306e\u69cb\u7bc9\u624b\u9806\uff1a\u30b9\u30c6\u30c3\u30d7\u30d0\u30a4\u30b9\u30c6\u30c3\u30d7\u30ac\u30a4\u30c9<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-8\">VPC\u3068\u30b5\u30d6\u30cd\u30c3\u30c8\u306e\u6e96\u5099\uff1a\u57fa\u790e\u3068\u306a\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8a2d\u8a08<\/h3>\n\n\n\n<p>AWS Client VPN\u3092\u69cb\u7bc9\u3059\u308b\u524d\u306b\u3001\u9069\u5207\u306aVPC\u3068\u30b5\u30d6\u30cd\u30c3\u30c8\u69cb\u6210\u3092\u6e96\u5099\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u624b\u9806\u3067\u9032\u3081\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>VPC\u8a2d\u8a08\u306e\u30dd\u30a4\u30f3\u30c8<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CIDR\u7bc4\u56f2: 10.0.0.0\/16\uff0865,536\u500b\u306eIP\u30a2\u30c9\u30ec\u30b9\u3092\u78ba\u4fdd\uff09<\/li>\n\n\n\n<li>\u30a2\u30d9\u30a4\u30e9\u30d3\u30ea\u30c6\u30a3\u30be\u30fc\u30f3: \u6700\u4f4e2\u3064\u306eAZ\u3092\u4f7f\u7528<\/li>\n\n\n\n<li>\u30d1\u30d6\u30ea\u30c3\u30af\/\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30b5\u30d6\u30cd\u30c3\u30c8\u69cb\u6210<\/li>\n<\/ul>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># VPC\u306e\u4f5c\u6210\naws ec2 create-vpc --cidr-block 10.0.0.0\/16 --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=client-vpn-vpc}]'\n\n# \u30b5\u30d6\u30cd\u30c3\u30c8\u306e\u4f5c\u6210\uff082\u3064\u306eAZ\uff09\naws ec2 create-subnet --vpc-id vpc-xxxxx --cidr-block 10.0.1.0\/24 --availability-zone ap-northeast-1a\naws ec2 create-subnet --vpc-id vpc-xxxxx --cidr-block 10.0.2.0\/24 --availability-zone ap-northeast-1c<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-9\">\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u3068\u30a4\u30f3\u30dd\u30fc\u30c8\uff1a\u8a8d\u8a3c\u57fa\u76e4\u306e\u69cb\u7bc9<\/h3>\n\n\n\n<p>AWS Client VPN\u3067\u306f\u3001\u76f8\u4e92TLS\u8a8d\u8a3c\u3092\u4f7f\u7528\u3059\u308b\u305f\u3081\u3001\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u3068\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u4e21\u65b9\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\uff08easy-rsa\u4f7f\u7528\uff09<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># easy-rsa\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3068\u521d\u671f\u5316\ngit clone https:\/\/github.com\/OpenVPN\/easy-rsa.git\ncd easy-rsa\/easyrsa3\n.\/easyrsa init-pki\n.\/easyrsa build-ca nopass\n\n# \u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\n.\/easyrsa build-server-full server nopass\n\n# \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\n.\/easyrsa build-client-full client1.domain.tld nopass<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>\u8a3c\u660e\u66f8\u306e\u30a4\u30f3\u30dd\u30fc\u30c8<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># ACM\u306b\u8a3c\u660e\u66f8\u3092\u30a4\u30f3\u30dd\u30fc\u30c8\naws acm import-certificate \\\n  --certificate fileb:\/\/pki\/issued\/server.crt \\\n  --private-key fileb:\/\/pki\/private\/server.key \\\n  --certificate-chain fileb:\/\/pki\/ca.crt<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-10\">\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u8a2d\u5b9a\uff1a\u63a5\u7d9a\u30dd\u30a4\u30f3\u30c8\u306e\u78ba\u7acb<\/h3>\n\n\n\n<p>Client VPN\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u4f5c\u6210\u306f\u3001\u4ee5\u4e0b\u306e\u624b\u9806\u3067\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u57fa\u672c\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">aws ec2 create-client-vpn-endpoint \\\n  --client-cidr-block 172.16.0.0\/22 \\\n  --server-certificate-arn arn:aws:acm:region:account:certificate\/xxxxx \\\n  --authentication-options Type=certificate-authentication,MutualAuthentication={ClientRootCertificateChainArn=arn:aws:acm:region:account:certificate\/xxxxx} \\\n  --connection-log-options Enabled=true,CloudwatchLogGroup=client-vpn-endpoint-logs \\\n  --vpc-id vpc-xxxxx \\\n  --tag-specifications 'ResourceType=client-vpn-endpoint,Tags=[{Key=Name,Value=my-client-vpn}]'<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>\u30b5\u30d6\u30cd\u30c3\u30c8\u306e\u95a2\u9023\u4ed8\u3051<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">aws ec2 associate-client-vpn-target-network \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --subnet-id subnet-xxxxx<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-11\">\u30eb\u30fc\u30c8\u30c6\u30fc\u30d6\u30eb\u306e\u8a2d\u5b9a\uff1a\u9069\u5207\u306a\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u306e\u5b9f\u88c5<\/h3>\n\n\n\n<p>VPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089\u306e\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u9069\u5207\u306b\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u57fa\u672c\u7684\u306a\u30eb\u30fc\u30c8\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># VPC\u5185\u90e8\u3078\u306e\u30eb\u30fc\u30c8\u3092\u8ffd\u52a0\naws ec2 create-client-vpn-route \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --destination-cidr-block 10.0.0.0\/16 \\\n  --target-vpc-subnet-id subnet-xxxxx\n\n# \u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u30a2\u30af\u30bb\u30b9\u7528\u306e\u30eb\u30fc\u30c8\u3092\u8ffd\u52a0\naws ec2 create-client-vpn-route \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --destination-cidr-block 0.0.0.0\/0 \\\n  --target-vpc-subnet-id subnet-xxxxx<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>\u8a8d\u53ef\u30eb\u30fc\u30eb\u306e\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># VPC\u5185\u90e8\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\naws ec2 authorize-client-vpn-ingress \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --target-network-cidr 10.0.0.0\/16 \\\n  --authorize-all-groups\n\n# \u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\naws ec2 authorize-client-vpn-ingress \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --target-network-cidr 0.0.0.0\/0 \\\n  --authorize-all-groups<\/pre>\n\n\n\n<p>\u69cb\u7bc9\u6642\u306e\u91cd\u8981\u306a\u30dd\u30a4\u30f3\u30c8\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u306e\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u5fc5\u8981\u6700\u5c0f\u9650\u306e\u30dd\u30fc\u30c8\u306e\u307f\u3092\u958b\u653e<\/li>\n\n\n\n<li>\u9001\u4fe1\u5143IP\u30a2\u30c9\u30ec\u30b9\u306e\u5236\u9650<\/li>\n\n\n\n<li>\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u8981\u4ef6\u306e\u78ba\u8a8d<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30ed\u30b0\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CloudWatch Logs\u306e\u6709\u52b9\u5316<\/li>\n\n\n\n<li>\u76e3\u67fb\u30ed\u30b0\u306e\u4fdd\u6301\u671f\u9593\u8a2d\u5b9a<\/li>\n\n\n\n<li>\u30a2\u30e9\u30fc\u30c8\u306e\u8a2d\u5b9a<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30bf\u30b0\u4ed8\u3051<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u30ea\u30bd\u30fc\u30b9\u306e\u8b58\u5225\u7528\u30bf\u30b0<\/li>\n\n\n\n<li>\u30b3\u30b9\u30c8\u914d\u5206\u7528\u30bf\u30b0<\/li>\n\n\n\n<li>\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u7ba1\u7406\u7528\u30bf\u30b0<\/li>\n<\/ul>\n\n\n\n<p>\u3053\u306e\u624b\u9806\u306b\u5f93\u3046\u3053\u3068\u3067\u3001\u57fa\u672c\u7684\u306aAWS Client VPN\u74b0\u5883\u3092\u7d043\u6642\u9593\u3067\u69cb\u7bc9\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u672c\u756a\u74b0\u5883\u3078\u306e\u5c55\u958b\u524d\u306b\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\u306e\u898b\u76f4\u3057\u3084\u30c6\u30b9\u30c8\u3092\u5341\u5206\u306b\u884c\u3046\u3053\u3068\u3092\u63a8\u5968\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"i-12\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\uff1a\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u3068\u30ed\u30b0\u7ba1\u7406<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-13\">\u8a8d\u8a3c\u65b9\u5f0f\u306e\u9078\u629e\u3068\u5b9f\u88c5\uff1aMFA\u306b\u3088\u308b\u5f37\u56fa\u306a\u8a8d\u8a3c<\/h3>\n\n\n\n<p>AWS Client VPN\u3067\u306f\u3001\u4ee5\u4e0b\u306e\u8a8d\u8a3c\u65b9\u5f0f\u3092\u9078\u629e\u30fb\u7d44\u307f\u5408\u308f\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u8a3c\u660e\u66f8\u8a8d\u8a3c\uff08\u76f8\u4e92TLS\uff09<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u5931\u52b9\u8a2d\u5b9a\naws acm import-certificate \\\n  --certificate fileb:\/\/revoked-cert.pem \\\n  --certificate-chain fileb:\/\/ca-chain.pem \\\n  --status REVOKED<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Active Directory\u8a8d\u8a3c<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># Directory Service\u3068\u306e\u7d71\u5408\u8a2d\u5b9a\naws ec2 modify-client-vpn-endpoint \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --authentication-options Type=directory-service-authentication,ActiveDirectory={DirectoryId=d-xxxxxxxxxx}<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>SAML\u8a8d\u8a3c\uff08\u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3\uff09<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Principal\": {\n        \"Federated\": \"arn:aws:iam::account-id:saml-provider\/provider-name\"\n      },\n      \"Action\": \"sts:AssumeRoleWithSAML\",\n      \"Condition\": {\n        \"StringEquals\": {\n          \"SAML:aud\": \"https:\/\/signin.aws.amazon.com\/saml\"\n        }\n      }\n    }\n  ]\n}<\/pre>\n\n\n\n<p>MFA\u306e\u5b9f\u88c5\u624b\u9806\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>AWS IAM Identity Center\u3067\u306e\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MFA\u30c7\u30d0\u30a4\u30b9\u306e\u767b\u9332<\/li>\n\n\n\n<li>\u5f37\u5236MFA\u30dd\u30ea\u30b7\u30fc\u306e\u9069\u7528<\/li>\n\n\n\n<li>\u30ea\u30ab\u30d0\u30ea\u30fc\u30b3\u30fc\u30c9\u306e\u5b89\u5168\u306a\u4fdd\u7ba1<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306e\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS\u63d0\u4f9b\u306eVPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u5c0e\u5165<\/li>\n\n\n\n<li>MFA\u30c7\u30d0\u30a4\u30b9\u306e\u521d\u671f\u8a2d\u5b9a<\/li>\n\n\n\n<li>\u63a5\u7d9a\u30c6\u30b9\u30c8\u306e\u5b9f\u65bd<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-14\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u306e\u8a2d\u5b9a\uff1a\u9069\u5207\u306a\u30a2\u30af\u30bb\u30b9\u5236\u5fa1<\/h3>\n\n\n\n<p>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u306f\u3001VPN\u3092\u901a\u3058\u305f\u30a2\u30af\u30bb\u30b9\u3092\u5236\u5fa1\u3059\u308b\u91cd\u8981\u306a\u8981\u7d20\u3067\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u57fa\u672c\u7684\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u306e\u4f5c\u6210\naws ec2 create-security-group \\\n  --group-name vpn-access-sg \\\n  --description \"Security group for VPN access\" \\\n  --vpc-id vpc-xxxxx\n\n# \u30a4\u30f3\u30d0\u30a6\u30f3\u30c9\u30eb\u30fc\u30eb\u306e\u8a2d\u5b9a\naws ec2 authorize-security-group-ingress \\\n  --group-id sg-xxxxx \\\n  --protocol tcp \\\n  --port 443 \\\n  --cidr 172.16.0.0\/22\n\n# \u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9\u30eb\u30fc\u30eb\u306e\u8a2d\u5b9a\naws ec2 authorize-security-group-egress \\\n  --group-id sg-xxxxx \\\n  --protocol -1 \\\n  --port -1 \\\n  --cidr 0.0.0.0\/0<\/pre>\n\n\n\n<p>\u63a8\u5968\u3055\u308c\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u8a2d\u5b9a\uff1a<\/p>\n\n\n<div id=\"id-ca9a1e9b-eff8-48ac-be6b-7ad66a55877c\">\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>\u30eb\u30fc\u30eb\u7a2e\u5225<\/th><th>\u30d7\u30ed\u30c8\u30b3\u30eb<\/th><th>\u30dd\u30fc\u30c8\u7bc4\u56f2<\/th><th>\u9001\u4fe1\u5143\/\u9001\u4fe1\u5148<\/th><th>\u8aac\u660e<\/th><\/tr><\/thead><tbody><tr><td>\u30a4\u30f3\u30d0\u30a6\u30f3\u30c9<\/td><td>TCP<\/td><td>443<\/td><td>VPN CIDR<\/td><td>HTTPS\u63a5\u7d9a\u7528<\/td><\/tr><tr><td>\u30a4\u30f3\u30d0\u30a6\u30f3\u30c9<\/td><td>TCP<\/td><td>1194<\/td><td>VPN CIDR<\/td><td>OpenVPN\u63a5\u7d9a\u7528<\/td><\/tr><tr><td>\u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9<\/td><td>ALL<\/td><td>ALL<\/td><td>0.0.0.0\/0<\/td><td>\u5916\u90e8\u63a5\u7d9a\u7528<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"i-15\">\u76e3\u67fb\u30ed\u30b0\u306e\u6709\u52b9\u5316\uff1a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u76e3\u8996\u306e\u5b9f\u88c5<\/h3>\n\n\n\n<p>\u52b9\u679c\u7684\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u76e3\u8996\u306e\u305f\u3081\u306b\u3001\u4ee5\u4e0b\u306e\u8981\u7d20\u3092\u5b9f\u88c5\u3057\u307e\u3059\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>CloudWatch Logs\u306e\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u306e\u4f5c\u6210\naws logs create-log-group --log-group-name \/aws\/clientvpn\/logs\n\n# VPN\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u30ed\u30b0\u8a2d\u5b9a\naws ec2 modify-client-vpn-endpoint \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --connection-log-options \"{\n    \\\"Enabled\\\": true,\n    \\\"CloudwatchLogGroup\\\": \\\"\/aws\/clientvpn\/logs\\\",\n    \\\"CloudwatchLogStream\\\": \\\"connection-log\\\"\n  }\"<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>CloudWatch\u30e1\u30c8\u30ea\u30af\u30b9\u306e\u76e3\u8996\u9805\u76ee<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u63a5\u7d9a\u6570\u30e2\u30cb\u30bf\u30ea\u30f3\u30b0<\/li>\n<\/ul>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30e1\u30c8\u30ea\u30af\u30b9\u30d5\u30a3\u30eb\u30bf\u30fc\u306e\u4f5c\u6210\naws logs put-metric-filter \\\n  --log-group-name \/aws\/clientvpn\/logs \\\n  --filter-name connection-count \\\n  --filter-pattern \"[timestamp, connectionId, status=CONNECTED]\" \\\n  --metric-transformations \\\n      metricName=ActiveConnections,metricNamespace=VPN,metricValue=1<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u8a8d\u8a3c\u5931\u6557\u306e\u691c\u77e5<\/li>\n<\/ul>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30a2\u30e9\u30fc\u30e0\u306e\u8a2d\u5b9a\naws cloudwatch put-metric-alarm \\\n  --alarm-name vpn-auth-failures \\\n  --metric-name AuthFailures \\\n  --namespace VPN \\\n  --threshold 5 \\\n  --period 300 \\\n  --evaluation-periods 1 \\\n  --comparison-operator GreaterThanThreshold \\\n  --statistic Sum<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u76e3\u8996\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u30ea\u30a2\u30eb\u30bf\u30a4\u30e0\u30e2\u30cb\u30bf\u30ea\u30f3\u30b0<\/li>\n\n\n\n<li>\u7570\u5e38\u306a\u63a5\u7d9a\u30d1\u30bf\u30fc\u30f3\u306e\u691c\u77e5<\/li>\n\n\n\n<li>\u5730\u7406\u7684\u306b\u4e0d\u81ea\u7136\u306a\u30a2\u30af\u30bb\u30b9\u306e\u76e3\u8996<\/li>\n\n\n\n<li>\u5927\u91cf\u306e\u8a8d\u8a3c\u5931\u6557\u306e\u691c\u77e5<\/li>\n\n\n\n<li>\u30ec\u30dd\u30fc\u30c6\u30a3\u30f3\u30b0<\/li>\n\n\n\n<li>\u65e5\u6b21\u30fb\u9031\u6b21\u306e\u63a5\u7d9a\u7d71\u8a08<\/li>\n\n\n\n<li>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u306e\u8a18\u9332<\/li>\n\n\n\n<li>\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u30ec\u30dd\u30fc\u30c8\u306e\u4f5c\u6210<\/li>\n\n\n\n<li>\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u5bfe\u5fdc<\/li>\n\n\n\n<li>\u30a2\u30e9\u30fc\u30c8\u767a\u751f\u6642\u306e\u5bfe\u5fdc\u624b\u9806<\/li>\n\n\n\n<li>\u30a8\u30b9\u30ab\u30ec\u30fc\u30b7\u30e7\u30f3\u30d5\u30ed\u30fc<\/li>\n\n\n\n<li>\u8a3c\u660e\u66f8\u5931\u52b9\u624b\u9806<\/li>\n<\/ul>\n\n\n\n<p>\u3053\u308c\u3089\u306e\u8a2d\u5b9a\u306b\u3088\u308a\u3001\u30bb\u30ad\u30e5\u30a2\u3067\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u306b\u6e96\u62e0\u3057\u305fVPN\u74b0\u5883\u3092\u7dad\u6301\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u5b9a\u671f\u7684\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ec\u30d3\u30e5\u30fc\u3068\u8a2d\u5b9a\u306e\u898b\u76f4\u3057\u3092\u884c\u3046\u3053\u3068\u3067\u3001\u7d99\u7d9a\u7684\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ec\u30d9\u30eb\u306e\u7dad\u6301\u304c\u53ef\u80fd\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"i-16\">\u904b\u7528\u7ba1\u7406\uff1a\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u3068\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-17\">\u4e00\u822c\u7684\u306a\u30c8\u30e9\u30d6\u30eb\u3068\u89e3\u6c7a\u65b9\u6cd5\uff1a\u63a5\u7d9a\u554f\u984c\u306e\u5bfe\u51e6\u6cd5<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"i-18\">1. \u63a5\u7d9a\u78ba\u7acb\u6642\u306e\u554f\u984c<\/h4>\n\n\n<div id=\"id-5605b81c-b9a0-4291-b1a5-c181b80adc69\">\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>\u554f\u984c<\/th><th>\u8003\u3048\u3089\u308c\u308b\u539f\u56e0<\/th><th>\u89e3\u6c7a\u65b9\u6cd5<\/th><\/tr><\/thead><tbody><tr><td>\u8a3c\u660e\u66f8\u30a8\u30e9\u30fc<\/td><td>\u2013 \u8a3c\u660e\u66f8\u306e\u6709\u52b9\u671f\u9650\u5207\u308c<br>\u2013 \u8a3c\u660e\u66f8\u306e\u5931\u52b9<br>\u2013 \u6642\u523b\u540c\u671f\u306e\u554f\u984c<\/td><td>\u2013 \u8a3c\u660e\u66f8\u306e\u66f4\u65b0<br>\u2013 \u8a3c\u660e\u66f8\u306e\u518d\u767a\u884c<br>\u2013 \u30b7\u30b9\u30c6\u30e0\u6642\u523b\u306e\u540c\u671f<\/td><\/tr><tr><td>DNS\u89e3\u6c7a\u5931\u6557<\/td><td>\u2013 DNS\u8a2d\u5b9a\u306e\u4e0d\u5099<br>\u2013 Route 53\u306e\u8a2d\u5b9a\u30df\u30b9<\/td><td>\u2013 DNS\u8a2d\u5b9a\u306e\u78ba\u8a8d<br>\u2013 Route 53\u30ec\u30b3\u30fc\u30c9\u306e\u4fee\u6b63<\/td><\/tr><tr><td>\u8a8d\u8a3c\u30a8\u30e9\u30fc<\/td><td>\u2013 AD\u8a8d\u8a3c\u306e\u5931\u6557<br>\u2013 MFA\u8a2d\u5b9a\u306e\u554f\u984c<\/td><td>\u2013 AD\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u30ea\u30bb\u30c3\u30c8<br>\u2013 MFA\u30c7\u30d0\u30a4\u30b9\u306e\u518d\u8a2d\u5b9a<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div>\n\n\n<p>\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u30b3\u30de\u30f3\u30c9\u4f8b\uff1a<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># VPN\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u72b6\u614b\u78ba\u8a8d\naws ec2 describe-client-vpn-endpoints \\\n  --client-vpn-endpoint-ids cvpn-endpoint-xxxxx\n\n# \u63a5\u7d9a\u30ed\u30b0\u306e\u78ba\u8a8d\naws logs get-log-events \\\n  --log-group-name \/aws\/clientvpn\/logs \\\n  --log-stream-name connection-log \\\n  --start-time $(date -d '1 hour ago' +%s000)<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"i-19\">2. \u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u554f\u984c<\/h4>\n\n\n\n<p>\u8a3a\u65ad\u624b\u9806\uff1a<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u30eb\u30fc\u30d7\u30c3\u30c8\u306e\u78ba\u8a8d\naws cloudwatch get-metric-statistics \\\n  --namespace AWS\/ClientVPN \\\n  --metric-name NetworkThroughput \\\n  --dimensions Name=ClientVpnEndpoint,Value=cvpn-endpoint-xxxxx \\\n  --start-time $(date -d '1 hour ago' -u +%FT%TZ) \\\n  --end-time $(date -u +%FT%TZ) \\\n  --period 300 \\\n  --statistics Average\n\n# \u30ec\u30a4\u30c6\u30f3\u30b7\u30fc\u306e\u78ba\u8a8d\naws cloudwatch get-metric-statistics \\\n  --namespace AWS\/ClientVPN \\\n  --metric-name ConnectionLatency \\\n  --dimensions Name=ClientVpnEndpoint,Value=cvpn-endpoint-xxxxx \\\n  --start-time $(date -d '1 hour ago' -u +%FT%TZ) \\\n  --end-time $(date -u +%FT%TZ) \\\n  --period 300 \\\n  --statistics Average<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-20\">\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u30c1\u30e5\u30fc\u30cb\u30f3\u30b0\uff1a\u5feb\u9069\u306a\u63a5\u7d9a\u74b0\u5883\u306e\u5b9f\u73fe<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6700\u9069\u5316<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># MTU\u8a2d\u5b9a\u306e\u6700\u9069\u5316\naws ec2 modify-client-vpn-endpoint \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --client-connect-options \"{\n    \\\"Enabled\\\": true,\n    \\\"LambdaFunctionArn\\\": \\\"arn:aws:lambda:region:account:function:vpn-connect-handler\\\",\n    \\\"Status\\\": {\n      \\\"Code\\\": \\\"mtu-optimization\\\"\n    }\n  }\"<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>\u30b9\u30d7\u30ea\u30c3\u30c8\u30c8\u30f3\u30cd\u30ea\u30f3\u30b0\u306e\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u7279\u5b9a\u306e\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u306e\u307f\u3092VPN\u7d4c\u7531\u306b\u3059\u308b\naws ec2 modify-client-vpn-endpoint \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --split-tunnel --enable<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u76e3\u8996\u306e\u81ea\u52d5\u5316<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">import boto3\nimport json\n\ndef check_vpn_performance():\n    cloudwatch = boto3.client('cloudwatch')\n\n    # \u30ec\u30a4\u30c6\u30f3\u30b7\u30fc\u306e\u30a2\u30e9\u30fc\u30e0\u8a2d\u5b9a\n    response = cloudwatch.put_metric_alarm(\n        AlarmName='VPNHighLatency',\n        MetricName='ConnectionLatency',\n        Namespace='AWS\/ClientVPN',\n        Statistic='Average',\n        Period=300,\n        EvaluationPeriods=2,\n        Threshold=100,\n        ComparisonOperator='GreaterThanThreshold',\n        AlarmActions=['arn:aws:sns:region:account:vpn-alerts']\n    )<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-21\">\u30b3\u30b9\u30c8\u6700\u9069\u5316\uff1a\u6599\u91d1\u3092\u6291\u3048\u308b\u305f\u3081\u306eTips<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u63a5\u7d9a\u6642\u9593\u306e\u6700\u9069\u5316<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u81ea\u52d5\u5207\u65ad\u30dd\u30ea\u30b7\u30fc\u306e\u5b9f\u88c5<\/li>\n<\/ul>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30a2\u30a4\u30c9\u30eb\u63a5\u7d9a\u306e\u81ea\u52d5\u5207\u65ad\u8a2d\u5b9a\naws ec2 modify-client-vpn-endpoint \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --connection-log-options \"{\n    \\\"Enabled\\\": true,\n    \\\"CloudwatchLogGroup\\\": \\\"\/aws\/clientvpn\/logs\\\",\n    \\\"IdleTimeout\\\": 600\n  }\"<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u6570\u306e\u6700\u9069\u5316<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u4f7f\u7528\u72b6\u6cc1\u306e\u5206\u6790\naws cloudwatch get-metric-statistics \\\n  --namespace AWS\/ClientVPN \\\n  --metric-name ActiveConnections \\\n  --dimensions Name=ClientVpnEndpoint,Value=cvpn-endpoint-xxxxx \\\n  --start-time $(date -d '7 days ago' -u +%FT%TZ) \\\n  --end-time $(date -u +%FT%TZ) \\\n  --period 3600 \\\n  --statistics Maximum<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>\u30b3\u30b9\u30c8\u76e3\u8996\u3068\u30a2\u30e9\u30fc\u30c8\u306e\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">{\n  \"AlarmName\": \"VPNMonthlyCost\",\n  \"AlarmDescription\": \"Alert when VPN costs exceed threshold\",\n  \"ActionsEnabled\": true,\n  \"MetricName\": \"EstimatedCharges\",\n  \"Namespace\": \"AWS\/Billing\",\n  \"Statistic\": \"Maximum\",\n  \"Period\": 21600,\n  \"EvaluationPeriods\": 1,\n  \"Threshold\": 1000,\n  \"ComparisonOperator\": \"GreaterThanThreshold\",\n  \"AlarmActions\": [\"arn:aws:sns:region:account:cost-alerts\"]\n}<\/pre>\n\n\n\n<p>\u904b\u7528\u52b9\u7387\u5316\u306e\u305f\u3081\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u81ea\u52d5\u5316\u306e\u5b9f\u88c5<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u8a3c\u660e\u66f8\u306e\u81ea\u52d5\u66f4\u65b0<\/li>\n\n\n\n<li>\u63a5\u7d9a\u76e3\u8996\u306e\u81ea\u52d5\u5316<\/li>\n\n\n\n<li>\u30b3\u30b9\u30c8\u6700\u9069\u5316\u306e\u81ea\u52d5\u5b9f\u884c<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u5b9a\u671f\u7684\u306a\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u9031\u6b21\u306e\u6027\u80fd\u30ec\u30d3\u30e5\u30fc<\/li>\n\n\n\n<li>\u6708\u6b21\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a55\u4fa1<\/li>\n\n\n\n<li>\u56db\u534a\u671f\u3054\u3068\u306e\u30b3\u30b9\u30c8\u5206\u6790<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u7ba1\u7406<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u69cb\u6210\u56f3\u306e\u66f4\u65b0<\/li>\n\n\n\n<li>\u904b\u7528\u624b\u9806\u66f8\u306e\u7dad\u6301<\/li>\n\n\n\n<li>\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u5bfe\u5fdc\u30de\u30cb\u30e5\u30a2\u30eb\u306e\u66f4\u65b0<\/li>\n<\/ul>\n\n\n\n<p>\u3053\u308c\u3089\u306e\u904b\u7528\u7ba1\u7406\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3092\u5b9f\u88c5\u3059\u308b\u3053\u3068\u3067\u3001\u5b89\u5b9a\u3057\u305f VPN \u74b0\u5883\u3092\u7dad\u6301\u3057\u306a\u304c\u3089\u3001\u904b\u7528\u30b3\u30b9\u30c8\u3092\u6700\u9069\u306a\u6c34\u6e96\u306b\u4fdd\u3064\u3053\u3068\u304c\u53ef\u80fd\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"i-22\">\u767a\u5c55\u7684\u306a\u69cb\u6210\uff1a\u30b9\u30b1\u30fc\u30e9\u30d3\u30ea\u30c6\u30a3\u3068HA\u5bfe\u5fdc<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-23\">\u30de\u30eb\u30c1AZ\u69cb\u6210\uff1a\u53ef\u7528\u6027\u306e\u5411\u4e0a<\/h3>\n\n\n\n<p>AWS Client VPN\u306e\u9ad8\u53ef\u7528\u6027\u3092\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306e\u30de\u30eb\u30c1AZ\u69cb\u6210\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30de\u30eb\u30c1AZ\u69cb\u6210\u306e\u57fa\u672c\u8a2d\u8a08<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u8907\u6570AZ\u3078\u306e\u30b5\u30d6\u30cd\u30c3\u30c8\u95a2\u9023\u4ed8\u3051\naws ec2 associate-client-vpn-target-network \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --subnet-id subnet-az1-xxxxx\n\naws ec2 associate-client-vpn-target-network \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --subnet-id subnet-az2-xxxxx<\/pre>\n\n\n\n<p>\u9ad8\u53ef\u7528\u6027\u8a2d\u8a08\u306e\u30dd\u30a4\u30f3\u30c8\uff1a<\/p>\n\n\n<div id=\"id-62ea6511-896c-4b4a-a65b-fbb8034ab715\">\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>\u8a2d\u8a08\u8981\u7d20<\/th><th>\u5b9f\u88c5\u65b9\u6cd5<\/th><th>\u671f\u5f85\u52b9\u679c<\/th><\/tr><\/thead><tbody><tr><td>\u30b5\u30d6\u30cd\u30c3\u30c8\u914d\u7f6e<\/td><td>\u7570\u306a\u308bAZ\u306b\u5206\u6563<\/td><td>\u5358\u4e00AZ\u969c\u5bb3\u3078\u306e\u8010\u6027<\/td><\/tr><tr><td>\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0<\/td><td>\u52d5\u7684\u30d5\u30a7\u30a4\u30eb\u30aa\u30fc\u30d0\u30fc<\/td><td>\u63a5\u7d9a\u306e\u81ea\u52d5\u5fa9\u65e7<\/td><\/tr><tr><td>\u30d0\u30c3\u30af\u30a2\u30c3\u30d7<\/td><td>\u4ee3\u66ff\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8<\/td><td>\u30b5\u30fc\u30d3\u30b9\u7d99\u7d9a\u6027\u306e\u78ba\u4fdd<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div>\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>\u30d5\u30a7\u30a4\u30eb\u30aa\u30fc\u30d0\u30fc\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"ec2:DescribeClientVpnEndpoints\",\n        \"ec2:ModifyClientVpnEndpoint\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-24\">\u8907\u6570\u30ea\u30fc\u30b8\u30e7\u30f3\u5bfe\u5fdc\uff1a\u30b0\u30ed\u30fc\u30d0\u30eb\u5c55\u958b\u306e\u30dd\u30a4\u30f3\u30c8<\/h3>\n\n\n\n<p>\u30b0\u30ed\u30fc\u30d0\u30eb\u5c55\u958b\u6642\u306e\u4e3b\u8981\u306a\u8003\u616e\u70b9\u3068\u5b9f\u88c5\u65b9\u6cd5\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30ea\u30fc\u30b8\u30e7\u30f3\u9593\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u8a2d\u5b9a<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># Transit Gateway\u306e\u4f5c\u6210\naws ec2 create-transit-gateway \\\n  --description \"Global VPN Transit Gateway\" \\\n  --options \"{\n    \\\"AmazonSideAsn\\\": 64512,\n    \\\"AutoAcceptSharedAttachments\\\": \\\"enable\\\",\n    \\\"DefaultRouteTableAssociation\\\": \\\"enable\\\",\n    \\\"DefaultRouteTablePropagation\\\": \\\"enable\\\",\n    \\\"VpnEcmp\\\": \\\"enable\\\"\n  }\"\n\n# VPC\u30a2\u30bf\u30c3\u30c1\u30e1\u30f3\u30c8\u306e\u4f5c\u6210\naws ec2 create-transit-gateway-vpc-attachment \\\n  --transit-gateway-id tgw-xxxxx \\\n  --vpc-id vpc-xxxxx \\\n  --subnet-ids subnet-xxxxx1 subnet-xxxxx2<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>\u30ea\u30fc\u30b8\u30e7\u30f3\u9593\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6700\u9069\u5316<\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># CloudWatch\u3067\u306e\u30ec\u30a4\u30c6\u30f3\u30b7\u30fc\u30e2\u30cb\u30bf\u30ea\u30f3\u30b0\naws cloudwatch put-metric-alarm \\\n  --alarm-name InterRegionLatency \\\n  --metric-name NetworkLatency \\\n  --namespace AWS\/TransitGateway \\\n  --statistic Average \\\n  --period 300 \\\n  --threshold 100 \\\n  --comparison-operator GreaterThanThreshold \\\n  --evaluation-periods 3<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-25\">\u5927\u898f\u6a21\u74b0\u5883\u3067\u306e\u6ce8\u610f\u70b9\uff1a\u6570\u767e\u4eba\u898f\u6a21\u306e\u904b\u7528\u30ce\u30a6\u30cf\u30a6<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u30b9\u30b1\u30fc\u30e9\u30d3\u30ea\u30c6\u30a3\u8a2d\u8a08<\/li>\n<\/ol>\n\n\n\n<p>\u5927\u898f\u6a21\u5c55\u958b\u6642\u306e\u63a8\u5968\u69cb\u6210\uff1a<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">def calculate_vpn_capacity():\n    \"\"\"VPN\u5bb9\u91cf\u306e\u8a08\u7b97\u3068\u63a8\u5968\u69cb\u6210\u306e\u6c7a\u5b9a\"\"\"\n    user_count = 500  # \u60f3\u5b9a\u30e6\u30fc\u30b6\u30fc\u6570\n    concurrent_ratio = 0.7  # \u540c\u6642\u63a5\u7d9a\u7387\n\n    required_endpoints = math.ceil(\n        (user_count * concurrent_ratio) \/ 250  # 1\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3042\u305f\u308a250\u63a5\u7d9a\u3092\u60f3\u5b9a\n    )\n\n    return {\n        'required_endpoints': required_endpoints,\n        'subnets_per_az': math.ceil(required_endpoints \/ 2),\n        'recommended_cidr_size': 20  # \/20 CIDR = 4,096 IP\u30a2\u30c9\u30ec\u30b9\n    }<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>\u5927\u898f\u6a21\u74b0\u5883\u3067\u306e\u7ba1\u7406\u30dd\u30a4\u30f3\u30c8<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u63a5\u7d9a\u7ba1\u7406<\/li>\n\n\n\n<li>\u30bb\u30c3\u30b7\u30e7\u30f3\u5236\u9650\u306e\u8a2d\u5b9a<\/li>\n\n\n\n<li>\u5e2f\u57df\u5236\u5fa1\u306e\u5b9f\u88c5<\/li>\n\n\n\n<li>\u63a5\u7d9a\u76e3\u8996\u306e\u81ea\u52d5\u5316<\/li>\n<\/ul>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u63a5\u7d9a\u5236\u9650\u306e\u8a2d\u5b9a\naws ec2 modify-client-vpn-endpoint \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --connection-log-options \"{\n    \\\"Enabled\\\": true,\n    \\\"CloudwatchLogGroup\\\": \\\"\/aws\/clientvpn\/logs\\\",\n    \\\"MaxConnections\\\": 250\n  }\"<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u30ea\u30bd\u30fc\u30b9\u7ba1\u7406<\/li>\n\n\n\n<li>\u52d5\u7684\u306a\u30b9\u30b1\u30fc\u30ea\u30f3\u30b0<\/li>\n\n\n\n<li>\u30ad\u30e3\u30d1\u30b7\u30c6\u30a3\u8a08\u753b<\/li>\n\n\n\n<li>\u30b3\u30b9\u30c8\u914d\u5206<\/li>\n<\/ul>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30bf\u30b0\u30d9\u30fc\u30b9\u306e\u30b3\u30b9\u30c8\u914d\u5206\u8a2d\u5b9a\naws ec2 create-tags \\\n  --resources cvpn-endpoint-xxxxx \\\n  --tags Key=CostCenter,Value=VPN-Production Key=Department,Value=IT<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>\u5927\u898f\u6a21\u74b0\u5883\u3067\u306e\u904b\u7528\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u30e6\u30fc\u30b6\u30fc\u7ba1\u7406<\/li>\n\n\n\n<li>\u30b0\u30eb\u30fc\u30d7\u30d9\u30fc\u30b9\u306e\u30a2\u30af\u30bb\u30b9\u5236\u5fa1<\/li>\n\n\n\n<li>\u6bb5\u968e\u7684\u306a\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8<\/li>\n\n\n\n<li>\u81ea\u52d5\u5316\u3055\u308c\u305f\u30aa\u30f3\u30dc\u30fc\u30c7\u30a3\u30f3\u30b0<\/li>\n<\/ul>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u30b0\u30eb\u30fc\u30d7\u30d9\u30fc\u30b9\u306e\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u8a2d\u5b9a\naws ec2 authorize-client-vpn-ingress \\\n  --client-vpn-endpoint-id cvpn-endpoint-xxxxx \\\n  --target-network-cidr 10.0.0.0\/16 \\\n  --authorize-all-groups \\\n  --description \"Department-based access control\"<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u30e2\u30cb\u30bf\u30ea\u30f3\u30b0\u3068\u76e3\u8996<\/li>\n\n\n\n<li>\u96c6\u4e2d\u7ba1\u7406\u30c0\u30c3\u30b7\u30e5\u30dc\u30fc\u30c9<\/li>\n\n\n\n<li>\u30a2\u30e9\u30fc\u30c8\u968e\u5c64\u5316<\/li>\n\n\n\n<li>\u6027\u80fd\u30e1\u30c8\u30ea\u30af\u30b9\u306e\u53ce\u96c6<\/li>\n<\/ul>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">{\n  \"dashboards\": [\n    {\n      \"name\": \"VPN-Operations\",\n      \"widgets\": [\n        {\n          \"type\": \"metric\",\n          \"properties\": {\n            \"metrics\": [\n              [\"AWS\/ClientVPN\", \"ActiveConnections\"],\n              [\"AWS\/ClientVPN\", \"ConnectionAttempts\"],\n              [\"AWS\/ClientVPN\", \"ConnectionSuccess\"]\n            ],\n            \"period\": 300,\n            \"stat\": \"Average\",\n            \"region\": \"region\",\n            \"title\": \"VPN Connections Overview\"\n          }\n        }\n      ]\n    }\n  ]\n}<\/pre>\n\n\n\n<p>\u3053\u308c\u3089\u306e\u767a\u5c55\u7684\u306a\u69cb\u6210\u3092\u9069\u5207\u306b\u5b9f\u88c5\u3059\u308b\u3053\u3068\u3067\u3001\u30b0\u30ed\u30fc\u30d0\u30eb\u3067\u5927\u898f\u6a21\u306aVPN\u74b0\u5883\u3092\u5b89\u5b9a\u7684\u306b\u904b\u7528\u3059\u308b\u3053\u3068\u304c\u53ef\u80fd\u3068\u306a\u308a\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u5b9f\u88c5\u524d\u306b\u306f\u5fc5\u305a\u5c0f\u898f\u6a21\u306a\u691c\u8a3c\u74b0\u5883\u3067\u30c6\u30b9\u30c8\u3092\u884c\u3044\u3001\u6bb5\u968e\u7684\u306b\u5c55\u958b\u3059\u308b\u3053\u3068\u3092\u63a8\u5968\u3057\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Warning: Undefined array key &#8220;is_admin&#8221; in \/home\/xs392991\/dexall.co.jp\/public_html\/articles\/wp-content\/themes\/ &#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":{"0":"post-2417","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-aws","7":"nothumb"},"_links":{"self":[{"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/posts\/2417","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2417"}],"version-history":[{"count":2,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/posts\/2417\/revisions"}],"predecessor-version":[{"id":2419,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/posts\/2417\/revisions\/2419"}],"wp:attachment":[{"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}