AWS Security ChangesHomeSearch

AWS directconnect documentation change

Service: directconnect · 2025-03-02 · Documentation low

File: directconnect/latest/UserGuide/max-resiliency-set-up.md

Summary

Updated documentation for AWS Direct Connect virtual interface configuration, clarifying IP address assignment options and recommended practices for VPC traffic

Security assessment

The change provides more detailed guidance on IP address configuration but does not address any specific security vulnerability or weakness

Diff

diff --git a/directconnect/latest/UserGuide/max-resiliency-set-up.md
index de254d32a..4bcb5914c 100644
--- a/directconnect/latest/UserGuide/max-resiliency-set-up.md
+++ b/directconnect/latest/UserGuide/max-resiliency-set-up.md
@@ -300 +300 @@ The valid values are 1 to 2147483647.
-If you let AWS auto-assign IPv4 addresses, a /29 CIDR will be allocated from 169.254.0.0/16 IPv4 Link-Local according to RFC 3927 for point-to-point connectivity. AWS does not recommend this option if you intend to use the customer router peer IP address as the source and/or destination for VPC traffic. Instead you should use RFC 1918 or other addressing, and specify the address yourself.
+When configuring AWS Direct Connect virtual interfaces, you can specify your own IP addresses using RFC 1918, use other addressing schemes, or opt for AWS assigned IPv4 /29 CIDR addresses allocated from the RFC 3927 169.254.0.0/16 IPv4 Link-Local range for point-to-point connectivity. These point-to-point connections should be used exclusively for eBGP peering between your customer gateway router and the Direct Connect endpoint. For VPC traffic or tunnelling purposes, such as AWS Site-to-Site Private IP VPN, or Transit Gateway Connect, AWS recommends using a loopback or LAN interface on your customer gateway router as the source or destination address instead of the point-to-point connections.