AWS vpn medium security documentation change
Summary
Added requirement to use AWS-provided client instead of OpenVPN for ARM devices with SAML auth
Security assessment
Reduces attack surface by enforcing use of validated clients on ARM-based Windows devices for SAML authentication.
Diff
diff --git a/vpn/latest/clientvpn-user/windows.md b/vpn/latest/clientvpn-user/windows.md index e75526f63..54d23eb6b 100644 --- a//vpn/latest/clientvpn-user/windows.md +++ b//vpn/latest/clientvpn-user/windows.md @@ -15 +15 @@ For troubleshooting information, see [Troubleshooting AWS Client VPN connections -If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint. +If the Client VPN endpoint has been configured to use [SAML-based federated authentication](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#federated-authentication), you cannot use the OpenVPN-based VPN client to connect to a Client VPN endpoint. This includes any ARM-based architectures. If you are using a device with an ARM processor (such as Apple Silicon Macs or ARM-based Windows devices), you must use SAML-based VPN endpoints with the AWS provided client instead of OpenVPN clients.