AWS vpn medium security documentation change
Summary
Added requirement to use AWS-provided client instead of OpenVPN for ARM devices with SAML auth
Security assessment
Prevents insecure configurations by enforcing use of supported clients on ARM architectures for SAML authentication.
Diff
diff --git a/vpn/latest/clientvpn-user/connect.md b/vpn/latest/clientvpn-user/connect.md index ea77ffef0..86f3dfcca 100644 --- a//vpn/latest/clientvpn-user/connect.md +++ b//vpn/latest/clientvpn-user/connect.md @@ -30 +30 @@ Establish a VPN connection on Linux using either the**OpenVPN - Network Manager* -If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint. +If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint. This includes any ARM-based architectures. If you are using a device with an ARM processor (such as Apple Silicon Macs or ARM-based Windows devices), you must use SAML-based VPN endpoints with the AWS provided client instead of OpenVPN clients.