AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-11-22 · Documentation low

File: prescriptive-guidance/latest/designing-control-tower-landing-zone/optional.md

Summary

Updated control name from 'Disallow AWS VPN' to 'Disallow Site-to-Site VPN' connections

Security assessment

Terminology update only. The security justification for restricting VPN connections (preventing unauthorized access/data exfiltration) remains identical with no new vulnerabilities addressed.

Diff

diff --git a/prescriptive-guidance/latest/designing-control-tower-landing-zone/optional.md b/prescriptive-guidance/latest/designing-control-tower-landing-zone/optional.md
index 9ad2e4616..ae750d74b 100644
--- a//prescriptive-guidance/latest/designing-control-tower-landing-zone/optional.md
+++ b//prescriptive-guidance/latest/designing-control-tower-landing-zone/optional.md
@@ -103 +103 @@ AWS Control Tower controls are continuously updated. For the most up-to-date and
-[Disallow AWS Virtual Private Network (AWS VPN) connections](https://docs.aws.amazon.com/controltower/latest/controlreference/data-residency-controls.html#prevent-vpn-connection) | Elective | Preventive | — | Restricts VPN connections to guard against unauthorized access, data exfiltration, or bypassing security controls.  
+[Disallow AWS Virtual Private Network (Site-to-Site VPN) connections](https://docs.aws.amazon.com/controltower/latest/controlreference/data-residency-controls.html#prevent-vpn-connection) | Elective | Preventive | — | Restricts VPN connections to guard against unauthorized access, data exfiltration, or bypassing security controls.