AWS Client VPN is a OpenVPN service from AWS. It allows anyone with the correct permissions the ability to create a network path into your VPC. While this is typically a good thing, Client VPN can also act as an end-run around the corporate VPN if your VPCs leverage DirectConnect or Site-to-Site VPN. Because it can leverage AWS Active Directory, it can be configured independent of your corporate identity system and provide back doors for third parties and departed employees.
Networking & Content Delivery
VPCs are a fundamental building block in AWS. VPCs allow you to specify your own IP range. Many AWS Resources must be deployed into a VPC, and VPCs control the network security for those resources. VPCs can be connected to your corporate networks via the use of Direct Connect or VPN, and thus can be a back door path into your enterprise.