AWS vpn documentation change
Summary
Added security section detailing client security features and responsibilities
Security assessment
Explicitly documents security capabilities (SAML auth, Client Routes Enforcement) but does not address specific vulnerabilities
Diff
diff --git a/vpn/latest/clientvpn-user/connect-aws-client-vpn-connect.md b/vpn/latest/clientvpn-user/connect-aws-client-vpn-connect.md index 158542a3d..66f382a56 100644 --- a//vpn/latest/clientvpn-user/connect-aws-client-vpn-connect.md +++ b//vpn/latest/clientvpn-user/connect-aws-client-vpn-connect.md @@ -5 +5 @@ -Support for concurrent connectionsOpenVPN directives +SecuritySupport for concurrent connectionsOpenVPN directives @@ -19,0 +20,15 @@ You can connect to a Client VPN endpoint using the AWS provided client, which is +## Security + +Security is the highest priority in the AWS provided client. We regularly release patches to improve the security posture of the application. The AWS provided client includes several unique security features compared to other OpenVPN clients, including SAML authentication, Client Routes Enforcement, and device settings monitoring. + +While the AWS provided client is designed to mitigate threats originating from misconfigured or compromised network environment, it is not responsible for modifying the environment or eliminating the external threats at their source. The AWS provided client relies on the customers to maintain a secure and well-configured environment. This includes: + + * Preventing unauthorized modification or abuse by local users + + * Restricting administrative privileges to trusted users + + * Maintaining up-to-date security patches + + + + @@ -52,0 +68,2 @@ The AWS provided client supports the following OpenVPN directives. For more info + * block-outside-dns + @@ -73 +90 @@ The AWS provided client supports the following OpenVPN directives. For more info -dhcp-option + * dhcp-option