AWS Site-to-Site VPN is extending three new capabilities, including AWS Secrets Manager integration, for enhanced security and ease of configuration in AWS GovCloud (US) Regions and AWS Europe (Milan) Region.
- AWS Secrets Manager Integration: With the AWS Secrets Manager integration, when customers store their pre-shared keys (PSKs) in Secrets Manager, VPN connection API responses will redact the PSK and instead display the Secrets Manager ARN (Amazon Resource Name), providing enhanced security.
- New API to track VPN algorithms: You can now easily track the currently negotiated internet key exchange (IKE) version, Diffie-Hellman (DH) groups, encryption algorithms, and integrity algorithms using the “GetActiveVpnTunnelStatus” API. This new API eliminates the need for you to enable Site-to-Site VPN logs to get this information, saving time and reducing operational overhead.
- Recommended Configuration: “GetVpnConnectionDeviceSampleConfiguration” API now includes “recommended” parameter to help you use the best-practices security configuration – IKE version 2, DH group 20, SHA-384 integrity algorithm, and AES-GCM-256 encryption algorithm – on your customer gateway devices, reducing configuration time and potential errors.
There is no additional charge for using these capabilities. To learn more and get started, visit the AWS Site-to-Site VPN documentation.
Categories: general:products/aws-site-to-site,marketing:marchitecture/networking
Source: Amazon Web Services
Latest Posts
- Amazon CloudWatch Synthetics now supports multilocation canaries
- Amazon WorkSpaces Personal Supports Ubuntu 24.04
- (Updated) Microsoft Loop – Departed User Content Workflows for User-Owned Loop workspaces [MC929014]
- (Updated) Microsoft Authenticator app: Upcoming changes to jailbreak and root detection [MC1179154]
