AWS vpn documentation change
Summary
Expanded PSK documentation with storage options including Secrets Manager integration and auto-generation details
Security assessment
Added guidance about secure PSK storage in Secrets Manager improves security documentation but doesn't address a specific vulnerability
Diff
diff --git a/vpn/latest/s2svpn/vpn-tunnel-authentication-options.md b/vpn/latest/s2svpn/vpn-tunnel-authentication-options.md index 233f32c9f..3f7917e62 100644 --- a//vpn/latest/s2svpn/vpn-tunnel-authentication-options.md +++ b//vpn/latest/s2svpn/vpn-tunnel-authentication-options.md @@ -13 +13 @@ You can use pre-shared keys, or certificates to authenticate your Site-to-Site V -A pre-shared key is the default authentication option. +A pre-shared key (PSK) is the default authentication option for Site-to-Site VPN tunnels. When creating a tunnel, you can either specify your own PSK or allow AWS to auto-generate one for you. The PSK is stored using one of the following methods: @@ -15 +15 @@ A pre-shared key is the default authentication option. -A pre-shared key is a Site-to-Site VPN tunnel option that you can specify when you create a Site-to-Site VPN tunnel. + * Directly in the Site-to-Site VPN service. For more information, see [AWS Site-to-Site VPN customer gateway devices](./your-cgw.html). @@ -17 +17,6 @@ A pre-shared key is a Site-to-Site VPN tunnel option that you can specify when y -A pre-shared key is a string that you enter when you configure your customer gateway device. If you do not specify a string, we auto-generate one for you. For more information, see [AWS Site-to-Site VPN customer gateway devices](./your-cgw.html). + * In AWS Secrets Manager for enhanced security. For more information about using Secrets Manager to store a PSK, see [Enhanced security features using Secrets Manager](./enhanced-security.html). + + + + +The PSK string is then used when configuring your customer gateway device.