AWS Security ChangesHomeSearch

AWS outposts documentation change

Service: outposts · 2026-03-04 · Documentation low

File: outposts/latest/network-userguide/private-connectivity.md

Summary

Enhanced explanation of subnet overlap risks in private connectivity configurations

Security assessment

Provides clearer operational guidance to prevent BGP conflicts, but no evidence this addresses an existing security vulnerability. Focuses on network stability rather than security.

Diff

diff --git a/outposts/latest/network-userguide/private-connectivity.md b/outposts/latest/network-userguide/private-connectivity.md
index 688279aee..c63b47acf 100644
--- a//outposts/latest/network-userguide/private-connectivity.md
+++ b//outposts/latest/network-userguide/private-connectivity.md
@@ -25 +25 @@ Second-generation Outposts racks require a larger subnet size (/24 or larger) an
-When configuring private connectivity for the Outposts service link, plan your IP addressing carefully to avoid future conflicts. Service Link VIFs are immutable. You should avoid creating CoIP pools or DVR subnet ranges assigned to the Local Gateway (LGW) that overlap with existing Service Link address ranges or VPC CIDR ranges used for the dedicated private connectivity VPC, as they may cause BGP routing conflicts and disrupt Service Link functionality.
+When configuring private connectivity for the Outposts service link, plan your IP addressing carefully to avoid future conflicts. Service Link VIFs are immutable. You should avoid creating CoIP pools or DVR subnet ranges assigned to the Local Gateway (LGW) that overlap with existing Service Link address ranges or VPC CIDR ranges used for the dedicated private connectivity VPC. Overlapping prefixes across the Service Link and LGW networks may result in BGP routing conflicts on the upstream network and disrupt Service Link functionality.