AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-11-22 · Documentation low

File: wellarchitected/latest/hybrid-networking-lens/security-pillar.md

Summary

Replaced 'AWS VPN' with 'Site-to-Site VPN' in ransomware isolation guidance and a FAQ link, maintaining technical accuracy while using updated product terminology.

Security assessment

While the context involves security measures against ransomware, the changes only update product names without introducing new security concepts or addressing specific vulnerabilities. The security guidance remains functionally identical.

Diff

diff --git a/wellarchitected/latest/hybrid-networking-lens/security-pillar.md b/wellarchitected/latest/hybrid-networking-lens/security-pillar.md
index fa7021e8c..474cb5456 100644
--- a//wellarchitected/latest/hybrid-networking-lens/security-pillar.md
+++ b//wellarchitected/latest/hybrid-networking-lens/security-pillar.md
@@ -155 +155 @@ Some ransomware incidents are designed to use a company account to perform the a
-If ransomware is spreading, quickly isolate your AWS hybrid network environment by preventing any inbound traffic from your on-premises environment to your AWS accounts. To block all incoming and outgoing traffic into your subnets and significantly diminish attackers from moving laterally within your AWS network, implement Network Access Control Lists. Additionally, you can also use an Intrusion Prevention System (IPS) and Intrusion Detection system (IDS) such as the AWS Network Firewall to block communication with known malware hosts and secure AWS Direct Connect and AWS VPN traffic running through the AWS Transit Gateway from client devices and your on-prem environment. For additional ways to prevent traffic across your hybrid network environment, refer to the Infrastructure Protection section in this whitepaper. 
+If ransomware is spreading, quickly isolate your AWS hybrid network environment by preventing any inbound traffic from your on-premises environment to your AWS accounts. To block all incoming and outgoing traffic into your subnets and significantly diminish attackers from moving laterally within your AWS network, implement Network Access Control Lists. Additionally, you can also use an Intrusion Prevention System (IPS) and Intrusion Detection system (IDS) such as the AWS Network Firewall to block communication with known malware hosts and secure AWS Direct Connect and Site-to-Site VPN traffic running through the AWS Transit Gateway from client devices and your on-prem environment. For additional ways to prevent traffic across your hybrid network environment, refer to the Infrastructure Protection section in this whitepaper. 
@@ -190 +190 @@ Refer to the following resources to learn more about our best practices for secu
-  * [How do I establish an AWS VPN over an AWS Direct Connect connection?](https://aws.amazon.com/premiumsupport/knowledge-center/create-vpn-direct-connect/)
+  * [How do I establish an Site-to-Site VPN over an AWS Direct Connect connection?](https://aws.amazon.com/premiumsupport/knowledge-center/create-vpn-direct-connect/)