AWS Security ChangesHomeSearch

AWS vpn medium security documentation change

Service: vpn · 2025-06-22 · Security-related medium

File: vpn/latest/clientvpn-user/macos.md

Summary

Added requirement to use AWS-provided client instead of OpenVPN for ARM devices with SAML auth

Security assessment

Addresses security risks associated with using unsupported OpenVPN clients on Apple Silicon devices for SAML authentication.

Diff

diff --git a/vpn/latest/clientvpn-user/macos.md b/vpn/latest/clientvpn-user/macos.md
index 4aa55f3f4..439daaea9 100644
--- a//vpn/latest/clientvpn-user/macos.md
+++ b//vpn/latest/clientvpn-user/macos.md
@@ -15 +15 @@ For troubleshooting information, see [Troubleshooting AWS Client VPN connections
-If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint.
+If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint. This includes any ARM-based architectures. If you are using a device with an ARM processor (such as Apple Silicon Macs or ARM-based Windows devices), you must use SAML-based VPN endpoints with the AWS provided client instead of OpenVPN clients.