AWS Security ChangesHomeSearch

AWS vpn medium security documentation change

Service: vpn · 2025-06-22 · Security-related medium

File: vpn/latest/clientvpn-user/connect.md

Summary

Added requirement to use AWS-provided client instead of OpenVPN for ARM devices with SAML auth

Security assessment

Prevents insecure configurations by enforcing use of supported clients on ARM architectures for SAML authentication.

Diff

diff --git a/vpn/latest/clientvpn-user/connect.md b/vpn/latest/clientvpn-user/connect.md
index ea77ffef0..86f3dfcca 100644
--- a//vpn/latest/clientvpn-user/connect.md
+++ b//vpn/latest/clientvpn-user/connect.md
@@ -30 +30 @@ Establish a VPN connection on Linux using either the**OpenVPN - Network Manager*
-If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint.
+If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint. This includes any ARM-based architectures. If you are using a device with an ARM processor (such as Apple Silicon Macs or ARM-based Windows devices), you must use SAML-based VPN endpoints with the AWS provided client instead of OpenVPN clients.