AWS Site-to-Site VPN introduces three new capabilities for enhanced security

AWS Site-to-Site VPN is a fully managed service that creates a secure connection between data centers or branch offices and AWS resources using IP Security tunnels. The service now integrates with AWS Secrets Manager, allowing customers to store pre-shared keys securely and display the Secrets Manager ARN instead of the PSK. A new API, "GetActiveVpnTunnelStatus", tracks VPN algorithms, eliminating the need for Site-to-Site VPN logs and reducing operational overhead. The "GetVpnConnectionDeviceSampleConfiguration" API now includes a "recommended" parameter, providing best-practice security configurations for customer gateway devices. This reduces configuration time and potential errors. The recommended configuration includes IKE version 2, group 20, SHA-384 integrity algorithm, and AES-GCM-256 encryption algorithm. There is no additional charge for using these features. These capabilities are available in all AWS commercial regions where AWS Site-to-Site VPN is available, except the Europe Milan region. To learn more, visit the AWS Site-to-Site VPN documentation. The new capabilities enhance security and reduce operational overhead. Overall, the updates aim to provide a more secure and efficient experience for AWS Site-to-Site VPN users.