Get a valid token for your target aws account. For those of us using SAML + MFA for our connections:

Get a list of all AWS Client Vpn Endpoints in your region

aws ec2 --region us-west-1 describe-client-vpn-endpoints --query 'ClientVpnEndpoints[*].ClientVpnEndpointId' --output text --no-cli-pager

List all the users connected to each endpoint

aws ec2 --region us-west-1 describe-client-vpn-connections --client-vpn-endpoint-id cvpn-endpoint-yourverycoolendpointid --query 'Connections[?Status.Code==`active`].Username' --output text --no-cli-pager