AWS directconnect documentation change
Summary
Updated IP address configuration guidance for Direct Connect virtual interfaces, emphasizing proper use of point-to-point connections and recommending loopback/LAN interfaces for VPC traffic.
Security assessment
The changes improve technical documentation but do not specifically address security vulnerabilities or introduce security features.
Diff
diff --git a/directconnect/latest/UserGuide/create-private-vif-for-gateway.md index 228ec5ae1..9f469af16 100644 --- a/directconnect/latest/UserGuide/create-private-vif-for-gateway.md +++ b/directconnect/latest/UserGuide/create-private-vif-for-gateway.md @@ -51 +51 @@ The valid values are 1 to 2147483647. -If you let AWS auto-assign IPv4 addresses, a /29 CIDR will be allocated from 169.254.0.0/16 IPv4 Link-Local according to RFC 3927 for point-to-point connectivity. AWS does not recommend this option if you intend to use the customer router peer IP address as the source and/or destination for VPC traffic. Instead you should use RFC 1918 or other addressing (non-RFC 1918), and specify the address yourself. +When configuring AWS Direct Connect virtual interfaces, you can specify your own IP addresses using RFC 1918, use other addressing schemes, or opt for AWS assigned IPv4 /29 CIDR addresses allocated from the RFC 3927 169.254.0.0/16 IPv4 Link-Local range for point-to-point connectivity. These point-to-point connections should be used exclusively for eBGP peering between your customer gateway router and the Direct Connect endpoint. For VPC traffic or tunnelling purposes, such as AWS Site-to-Site Private IP VPN, or Transit Gateway Connect, AWS recommends using a loopback or LAN interface on your customer gateway router as the source or destination address instead of the point-to-point connections.