AWS Site-to-Site VPN is extending three new capabilities, including AWS Secrets Manager integration, for enhanced security and ease of configuration in AWS GovCloud (US) Regions and AWS Europe (Milan) Region.
AWS Secrets Manager Integration: With the AWS Secrets Manager integration, when customers store their pre-shared keys (PSKs) in Secrets Manager, VPN connection API responses will redact the PSK and instead display the Secrets Manager ARN (Amazon Resource Name), providing enhanced security.
New API to track VPN algorithms: You can now easily track the currently negotiated internet key exchange (IKE) version, Diffie-Hellman (DH) groups, encryption algorithms, and integrity algorithms using the “GetActiveVpnTunnelStatus” API. This new API eliminates the need for you to enable Site-to-Site VPN logs to get this information, saving time and reducing operational overhead.
Recommended Configuration: “GetVpnConnectionDeviceSampleConfiguration” API now includes “recommended” parameter to help you use the best-practices security configuration – IKE version 2, DH group 20, SHA-384 integrity algorithm, and AES-GCM-256 encryption algorithm – on your customer gateway devices, reducing configuration time and potential errors.
There is no additional charge for using these capabilities. To learn more and get started, visit the AWS Site-to-Site VPN documentation.
Source:: Amazon AWS