AWS vpn documentation change
Summary
Added note explaining Elastic IP requirements and billing implications for Client VPN endpoints
Security assessment
The note clarifies security-related network configuration (EIP usage for internet access) but does not address a vulnerability or introduce new security features.
Diff
diff --git a/vpn/latest/clientvpn-admin/what-is.md b/vpn/latest/clientvpn-admin/what-is.md index 3a737042d..695e20253 100644 --- a//vpn/latest/clientvpn-admin/what-is.md +++ b//vpn/latest/clientvpn-admin/what-is.md @@ -138,0 +139,4 @@ Client VPN endpoints are associated with a target network, which is a subnet in +###### Note + +Client VPN endpoints require Elastic IP addresses when associated with a VPC subnet that has an Internet Gateway because these EIPs enable direct internet connectivity for VPN clients. When connecting through a Client VPN endpoint, they need a public IP address to communicate with internet resources. Elastic IPs serve this purpose by providing a consistent, public-facing endpoint. These EIPs are attached to the Client VPN elastic network interfaces (ENIs) and are essential for maintaining stable, secure internet access for VPN clients while ensuring proper routing of traffic. Since these Elastic IP addresses are allocated and actively used for the Client VPN service, AWS charges them as in-use public IPv4 addresses, following their standard pricing model for allocated and associated EIPs. +