Skip to content

Commit

Permalink
improve documentation for federated auth
Browse files Browse the repository at this point in the history
  • Loading branch information
@Guslington
Guslington committed Feb 15, 2021
1 parent 2eb6cac commit 6046326
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions docs/getting-started.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,12 @@ The following command and required option will launch a new federated based Clie
cfn-vpn init [name] --server-cn [server certificate name] --subnet-ids [list of subets to associate with the vpn] --saml-arn [identity providor arn]
```

The default authorization rule for the associated subets allows all. You can optionally change this by using the `--default-groups` flag to set groups on the default authorization rule.

```sh
cfn-vpn init [name] --server-cn [server certificate name] --subnet-ids [list of subets to associate with the vpn] --saml-arn [identity providor arn] --default-groups [list of group ids]
```

## Subnet Associations and Authorisation

AWS ClientVPN requires one or more subnets to be associated with the vpn. These subnets setup the default routes and by default cfn-vpn creates a allow all auth for the default routes.
Expand Down

0 comments on commit 6046326

Please sign in to comment.