AWS vpn medium security documentation change
Summary
Added requirement to use AWS-provided client instead of OpenVPN for ARM devices with SAML auth
Security assessment
Enforces secure configuration by preventing use of potentially incompatible OpenVPN clients on ARM architectures for SAML authentication, reducing risk of misconfiguration.
Diff
diff --git a/vpn/latest/clientvpn-user/android.md b/vpn/latest/clientvpn-user/android.md index ad7feed6a..65c8b8dd1 100644 --- a//vpn/latest/clientvpn-user/android.md +++ b//vpn/latest/clientvpn-user/android.md @@ -9 +9 @@ -If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint. +If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint. This includes any ARM-based architectures. If you are using a device with an ARM processor (such as Apple Silicon Macs or ARM-based Windows devices), you must use SAML-based VPN endpoints with the AWS provided client instead of OpenVPN clients.