AWS Site-to-Site VPN - AWS GovCloud (US)

AWS Site-to-Site VPN

AWS Site-to-Site VPN enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC).

How Site-to-Site VPN Differs for AWS GovCloud (US)

  • AWS Site-to-Site VPN integration with Global Accelerator (Accelerated VPN Connections) is not available in the AWS GovCloud (US) Region.

  • The AWS Site-to-Site VPN endpoints in AWS GovCloud (US) operate using FIPS 140-2 validated cryptographic modules. Correspondingly, VPN connections created in GovCloud require a different set of algorithms to establish a tunnel. For more information about FIPS 140-2, see "Cryptographic Module Validation Program" on the NIST Computer Security Resource Center website.

  • Customer gateways in the AWS GovCloud (US-West) Region do not support the device-name field.

  • Use SSL (HTTPS) when you make calls to the service in the AWS GovCloud (US) Region. In other AWS Regions, you can use HTTP or HTTPS..

Documentation for AWS Site-to-Site VPN

AWS VPN documentation.

ITAR Boundary

AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in AWS GovCloud (US) Regions. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in AWS GovCloud (US) Regions, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • You can transmit ITAR-regulated data in clear text across AWS Site-to-Site VPN tunnels, assuming the destination endpoint is ITAR compliant.

  • AWS Site-to-Site VPN metadata is not permitted to contain ITAR-regulated data. This metadata includes all of the configuration data that you enter when setting up and maintaining your Site-to-Site VPNs.

    For example, do not enter ITAR-regulated data into user input fields such as the following:

    • Display Name

    • Topic Policy

    • Topic Delivery Policy

    • Topic ARN

    • Endpoint