AWS Site-to-Site VPN is extending three new capabilities, including AWS Secrets Manager integration, for enhanced security and ease of configuration in AWS GovCloud (US) Regions and AWS Europe (Milan) Region.
- AWS Secrets Manager Integration: With the AWS Secrets Manager integration, when customers store their pre-shared keys (PSKs) in Secrets Manager, VPN connection API responses will redact the PSK and instead display the Secrets Manager ARN (Amazon Resource Name), providing enhanced security.
- New API to track VPN algorithms: You can now easily track the currently negotiated internet key exchange (IKE) version, Diffie-Hellman (DH) groups, encryption algorithms, and integrity algorithms using the “GetActiveVpnTunnelStatus” API. This new API eliminates the need for you to enable Site-to-Site VPN logs to get this information, saving time and reducing operational overhead.
- Recommended Configuration: “GetVpnConnectionDeviceSampleConfiguration” API now includes “recommended” parameter to help you use the best-practices security configuration – IKE version 2, DH group 20, SHA-384 integrity algorithm, and AES-GCM-256 encryption algorithm – on your customer gateway devices, reducing configuration time and potential errors.
There is no additional charge for using these capabilities. To learn more and get started, visit the AWS Site-to-Site VPN documentation.
Categories: general:products/aws-site-to-site,marketing:marchitecture/networking
Source: Amazon Web Services
Latest Posts
- Grok 4.3 from xAI now available in Amazon Bedrock
- Amazon FSx for OpenZFS now supports on-demand data replication across AWS opt-in Regions
- AWS Management Console Private Access now works without internet connectivity
- (Updated) Viva Engage: Email updates for frontline users without an active Exchange mailbox [MC1309743]
