AWS IoT Secure Tunneling allows customers to access devices that are deployed behind restricted firewalls at remote sites. When a tunnel is created, a pair of client access tokens (CAT) will be generated and used by the source and destination devices to connect to the Secure Tunneling service. Prior to today, a token can be stored and reused, making it susceptible to malicious use. Now single-use tokens will be revoked after a successful connection. When the connection drops, instead of saving CATs to a local device and establishing a token re-delivery method, customers can call the RotateTunnelAccessToken API to deliver a new pair of CATs to the source and destination devices to resume connection with the original device in the predefined tunnel period. Once reconnected, customers can securely access and continue troubleshooting remote devices using Secure Tunneling.
Source:: Amazon AWS