AWS Security ChangesHomeSearch

AWS whitepapers documentation change

Service: whitepapers · 2025-11-22 · Documentation low

File: whitepapers/latest/using-power-bi-with-aws-cloud/connecting-to-data-sources-via-aws-vpn.md

Summary

Updated terminology from 'AWS VPN' to 'Site-to-Site VPN' throughout the document, including section headers and technical details. Clarified VPN types and maintained security context.

Security assessment

The changes are terminology updates rather than security fixes. While security aspects like encryption and authentication are mentioned, there is no evidence of addressing a specific vulnerability. The modifications maintain existing security documentation but do not introduce new security content.

Diff

diff --git a/whitepapers/latest/using-power-bi-with-aws-cloud/connecting-to-data-sources-via-aws-vpn.md b/whitepapers/latest/using-power-bi-with-aws-cloud/connecting-to-data-sources-via-aws-vpn.md
index 9bae2d52f..734e3ebfd 100644
--- a//whitepapers/latest/using-power-bi-with-aws-cloud/connecting-to-data-sources-via-aws-vpn.md
+++ b//whitepapers/latest/using-power-bi-with-aws-cloud/connecting-to-data-sources-via-aws-vpn.md
@@ -5 +5 @@
-# Connecting to data sources via AWS VPN
+# Connecting to data sources via Site-to-Site VPN
@@ -7 +7 @@
-In this model, Power BI Desktop installations connect to data sources in the AWS network using one of two AWS VPN methods: AWS Site-to-Site VPN or AWS Client VPN. Each connection type delivers a highly available, managed, and elastic cloud VPN solution to protect your network traffic. 
+In this model, Power BI Desktop installations connect to data sources in the AWS network using one of two Site-to-Site VPN methods: AWS Site-to-Site VPN or AWS Client VPN. Each connection type delivers a highly available, managed, and elastic cloud VPN solution to protect your network traffic. 
@@ -19 +19 @@ Site-to-Site VPN can also connect to AWS Transit Gateway, facilitating access to
-Using AWS VPN provides the benefit of employing encryption when accessing data sources stored in AWS, without requiring that each data source to be explicitly configured. Once configured, VPN technology is largely seamless to end users. 
+Using Site-to-Site VPN provides the benefit of employing encryption when accessing data sources stored in AWS, without requiring that each data source to be explicitly configured. Once configured, VPN technology is largely seamless to end users. 
@@ -21 +21 @@ Using AWS VPN provides the benefit of employing encryption when accessing data s
-_Table 2 — Considerations for accessing AWS data sources using AWS VPN_
+_Table 2 — Considerations for accessing AWS data sources using Site-to-Site VPN_
@@ -23 +23 @@ _Table 2 — Considerations for accessing AWS data sources using AWS VPN_
-Criteria  |  Considerations for accessing AWS data sources using AWS VPN   
+Criteria  |  Considerations for accessing AWS data sources using Site-to-Site VPN   
@@ -26,2 +26,2 @@ Criteria  |  Considerations for accessing AWS data sources using AWS VPN
-**Security** | **IP access control** You can use a combination of routing and security groups to control access to data sources stored in the AWS Cloud. **Encryption in transit** Both types of AWS VPN use [IPsec](https://en.wikipedia.org/wiki/IPsec) encryption, meaning that data transferred is encrypted as it travels between AWS and on premises. This ensures that even if data sources are not configured to use encrypted communications, that data is protected while traversing the internet. **Authentication** Site-to-Site VPN requires a one-time configuration and, once established, is seamless to users. End users are not required to authenticate to use the Site-to-Site VPN, but they require authentication to data sources. On the other hand, Client VPN does require authentication by the end users in order to establish the connection. Client VPN authentication can take place via Active Directory (user-based), mutual authentication (certificate-based), or SAML SSO (user-based). Once authenticated, the connection is seamless to the end user. AWS data sources added to Power BI Desktop require authentication. AWS recommends that you authenticate with AWS data sources using an identity that has read-only access only to the datasets required.   
-**Performance** |  The use of AWS VPN occurs over the internet. As such, its performance envelope is similar to the first scenario presented. Some factors can impact the overall Power BI Desktop performance when accessing AWS data sources over the internet. They include: 
+**Security** | **IP access control** You can use a combination of routing and security groups to control access to data sources stored in the AWS Cloud. **Encryption in transit** Both types of Site-to-Site VPN use [IPsec](https://en.wikipedia.org/wiki/IPsec) encryption, meaning that data transferred is encrypted as it travels between AWS and on premises. This ensures that even if data sources are not configured to use encrypted communications, that data is protected while traversing the internet. **Authentication** Site-to-Site VPN requires a one-time configuration and, once established, is seamless to users. End users are not required to authenticate to use the Site-to-Site VPN, but they require authentication to data sources. On the other hand, Client VPN does require authentication by the end users in order to establish the connection. Client VPN authentication can take place via Active Directory (user-based), mutual authentication (certificate-based), or SAML SSO (user-based). Once authenticated, the connection is seamless to the end user. AWS data sources added to Power BI Desktop require authentication. AWS recommends that you authenticate with AWS data sources using an identity that has read-only access only to the datasets required.   
+**Performance** |  The use of Site-to-Site VPN occurs over the internet. As such, its performance envelope is similar to the first scenario presented. Some factors can impact the overall Power BI Desktop performance when accessing AWS data sources over the internet. They include: 
@@ -33 +33 @@ In general, AWS recommends testing the experience at different times of the day,
-**Cost** | Data sources that reside in a VPC and are queried using AWS VPN incur standard AWS VPN data transfer charges. To reduce costs, we recommend limiting queries and using filters to reduce the amount of data retrieved over the internet.   
+**Cost** | Data sources that reside in a VPC and are queried using Site-to-Site VPN incur standard Site-to-Site VPN data transfer charges. To reduce costs, we recommend limiting queries and using filters to reduce the amount of data retrieved over the internet.