AWS Security ChangesHomeSearch

AWS vpn medium security documentation change

Service: vpn · 2025-06-22 · Security-related medium

File: vpn/latest/clientvpn-user/windows.md

Summary

Added requirement to use AWS-provided client instead of OpenVPN for ARM devices with SAML auth

Security assessment

Reduces attack surface by enforcing use of validated clients on ARM-based Windows devices for SAML authentication.

Diff

diff --git a/vpn/latest/clientvpn-user/windows.md b/vpn/latest/clientvpn-user/windows.md
index e75526f63..54d23eb6b 100644
--- a//vpn/latest/clientvpn-user/windows.md
+++ b//vpn/latest/clientvpn-user/windows.md
@@ -15 +15 @@ For troubleshooting information, see [Troubleshooting AWS Client VPN connections
-If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint.
+If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint. This includes any ARM-based architectures. If you are using a device with an ARM processor (such as Apple Silicon Macs or ARM-based Windows devices), you must use SAML-based VPN endpoints with the AWS provided client instead of OpenVPN clients.