AWS vpn documentation change
Summary
Clarified default network communication limitations for VPC instances and Site-to-Site VPN use case
Security assessment
The change provides clearer documentation about network isolation behavior but does not introduce or address security features/vulnerabilities. It's a descriptive improvement rather than security-related.
Diff
diff --git a/vpn/latest/s2svpn/VPC_VPN.md b/vpn/latest/s2svpn/VPC_VPN.md index 88b1db8b7..504a5a8e3 100644 --- a//vpn/latest/s2svpn/VPC_VPN.md +++ b//vpn/latest/s2svpn/VPC_VPN.md @@ -9 +9 @@ ConceptsSite-to-Site VPN featuresSite-to-Site VPN limitationsSite-to-Site VPN re -By default, an instance that you launch within an Amazon VPC can't communicate with your own (remote) network. You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection. +By default, an instance that you launch within an Amazon VPC can't communicate with a local (AWS Cloud) network and a remote device — for example, this might be a site or an on-premises device. You can enable access to your remote devices from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection.