AWS Site-to-Site VPN is extending three new capabilities, including AWS Secrets Manager integration, for enhanced security and ease of configuration in AWS GovCloud (US) Regions and AWS Europe (Milan) Region.
- AWS Secrets Manager Integration: With the AWS Secrets Manager integration, when customers store their pre-shared keys (PSKs) in Secrets Manager, VPN connection API responses will redact the PSK and instead display the Secrets Manager ARN (Amazon Resource Name), providing enhanced security.
- New API to track VPN algorithms: You can now easily track the currently negotiated internet key exchange (IKE) version, Diffie-Hellman (DH) groups, encryption algorithms, and integrity algorithms using the “GetActiveVpnTunnelStatus” API. This new API eliminates the need for you to enable Site-to-Site VPN logs to get this information, saving time and reducing operational overhead.
- Recommended Configuration: “GetVpnConnectionDeviceSampleConfiguration” API now includes “recommended” parameter to help you use the best-practices security configuration – IKE version 2, DH group 20, SHA-384 integrity algorithm, and AES-GCM-256 encryption algorithm – on your customer gateway devices, reducing configuration time and potential errors.
There is no additional charge for using these capabilities. To learn more and get started, visit the AWS Site-to-Site VPN documentation.
Categories: general:products/aws-site-to-site,marketing:marchitecture/networking
Source: Amazon Web Services
Latest Posts
- GCP Release Notes: March 06, 2026
- (Updated) Microsoft 365: Modern Access Request and Access Denied web page [MC1188599]
- (Updated) Introducing Surveys Agent and Copilot Chat in Microsoft Forms [MC1229954]
- (Updated) Upcoming change: disabling Teams meeting recording expiration notification emails [MC1245635]
