AWS Site-to-Site VPN extends AWS Secrets Manager integration in additional AWS Regions

AWS Site-to-Site VPN is introducing three new features to enhance security and simplify configuration in AWS GovCloud (US) Regions and AWS Europe (Milan) Region. One of the new capabilities is the integration with AWS Secrets Manager, which allows customers to store their pre-shared keys securely. When using this integration, VPN connection API responses will display the Secrets Manager ARN instead of the pre-shared key, providing an additional layer of security. Another new feature is an API that enables tracking of VPN algorithms, including IKE version, DH groups, encryption algorithms, and integrity algorithms, without the need to enable Site-to-Site VPN logs. This eliminates the need for manual tracking and reduces operational overhead. The "GetVpnConnectionDeviceSampleConfiguration" API now includes a "recommended" parameter that provides best-practice security configuration for customer gateway devices. This recommended configuration includes IKE version 2, DH group 20, SHA-384 integrity algorithm, and AES-GCM-256 encryption algorithm. These new capabilities are available at no additional charge. To learn more about these features and get started, users can visit the AWS Site-to-Site VPN documentation. The new features aim to simplify the configuration process and reduce potential errors. Overall, the enhancements are designed to provide enhanced security and ease of use for AWS Site-to-Site VPN customers.