AWS Security ChangesHomeSearch

AWS outposts documentation change

Service: outposts · 2025-05-10 · Documentation low

File: outposts/latest/userguide/local-rack.md

Summary

Multiple technical clarifications about network configuration (LACP usage, BGP peering details, CoIP references)

Security assessment

Changes improve technical accuracy of network configuration descriptions but don't address security vulnerabilities or introduce new security features. Modifications relate to BGP configuration details and documentation links rather than security controls.

Diff

diff --git a/outposts/latest/userguide/local-rack.md b/outposts/latest/userguide/local-rack.md
index f9c8a8f47..6baaef7e4 100644
--- a//outposts/latest/userguide/local-rack.md
+++ b//outposts/latest/userguide/local-rack.md
@@ -71 +71 @@ In the following diagram, the physical demarcation is the fiber patch panel in e
-AWS Outposts uses the Link Aggregation Control Protocol (LACP) to establish two link aggregation group (LAG) connections, one from each Outpost network device to each local network device. The links from each Outpost network device are aggregated into an Ethernet LAG to represent a single network connection. These LAGs use LACP with standard fast timers. You can't configure LAGs to use slow timers.
+AWS Outposts uses the Link Aggregation Control Protocol (LACP) to establish link aggregation group (LAG) connections between your Outpost network devices and your local network devices. The links from each Outpost network device are aggregated into an Ethernet LAG to represent a single network connection. These LAGs use LACP with standard fast timers. You can't configure LAGs to use slow timers.
@@ -179 +179 @@ _The following image shows the four ACE networking devices of the ACE rack conne
-The Outpost establishes an external BGP peering session between each Outpost network device and the customer local network device for service link connectivity over the service link VLAN. The BGP peering session is established between the /30 or /31 IP addresses provided for the point-to-point VLAN. Each BGP peering session uses a private Autonomous System Number (ASN) on the Outpost network device and an ASN that you choose for your customer local network devices. AWS configures the attributes as part of the installation process.
+The Outpost establishes an external BGP peering session between each Outpost network device and the customer local network device for service link connectivity over the service link VLAN. The BGP peering session is established between the /30 or /31 IP addresses provided for the point-to-point VLAN. Each BGP peering session uses a private Autonomous System Number (ASN) on the Outpost network device and an ASN that you choose for your customer local network devices. As part of the installation process, AWS configures the attributes that you provided..
@@ -227 +227 @@ If you have a multiple rack deployment, you must have one /26 subnet per rack.
-The Outpost establishes an external BGP peering from each Outpost network device to a local network device for connectivity to the local gateway. It uses a private Autonomous System Number (ASN) that you assign in order to establish the external BGP sessions. Each Outpost network device has a single external BGP peering to a local network device using its local gateway VLAN.
+The Outpost uses a private Autonomous System Number (ASN) that you assign in order to establish the external BGP sessions. Each Outpost network device has a single external BGP peering to a local network device using its local gateway VLAN.
@@ -258 +258 @@ The customer network should advertise equal BGP prefixes with the same attribute
-By default, the local gateway uses the private IP addresses of instances in your VPC to facilitate communication with your on-premise network. However, you can provide a customer-owned IP address pool (CoIP). 
+By default, the local gateway uses the private IP addresses of instances in your VPC (see [Direct VPC routing](https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#direct-vpc-routing)) to facilitate communication with your on-premise network. However, you can provide a customer-owned IP address pool (CoIP). 
@@ -260 +260 @@ By default, the local gateway uses the private IP addresses of instances in your
-If you choose CoIP, AWS creates the pool from information you provide during the installation process. You can create Elastic IP addresses from this pool, and then assign the addresses to resources on your Outpost, such as EC2 instances. 
+You can create Elastic IP addresses from this pool, and then assign the addresses to resources on your Outpost, such as EC2 instances.