AWS Client VPN - AWS GovCloud (US)

AWS Client VPN

AWS Client VPN is a managed client-based AWS VPN service that enables you to securely access AWS resources and resources in your on-premises network. With AWS Client VPN, you can access your resources from any location using an OpenVPN-based VPN client.

How Client VPN Differs for AWS GovCloud (US)

  • AWS Client VPN endpoints in AWS GovCloud (US) operate using FIPS 140-2 validated cryptographic modules. AWS VPN connections created in AWS GovCloud (US) require a different set of algorithms to establish a tunnel. For more information about FIPS 140-2, see "Cryptographic Module Validation Program" on the NIST Computer Security Resource Center website.

  • Use SSL (HTTPS) when you make calls to the service in the AWS GovCloud (US) Region. In other AWS Regions, you can use HTTP or HTTPS.

Documentation for AWS Client VPN

AWS Client VPN documentation.

Export-Controlled Content

For AWS Services architected within the AWS GovCloud (US) Regions, the table below explains how certain components of data may leave the Regions in the normal course of the Service Offerings. The table can be used as a guide to help meet applicable customer compliance obligations.

Data in the following service attributes will not leave the AWS GovCloud (US ) Regions in the normal course of the Service Offerings Data in the following service attributes may leave the AWS GovCloud (US ) Regions in the normal course of the Service Offerings
  • You can transmit export-controlled data in clear text across AWS Client VPN tunnels, assuming the destination endpoint is export compliant.

  • AWS Client VPN metadata is not permitted to contain export-controlled data. This metadata includes all of the configuration data that you enter when setting up and maintaining your Client VPN Endpoints.

    For example, do not enter export-controlled data into user input fields such as the following:

    • Display Name

    • Topic Policy

    • Topic Delivery Policy

    • Topic ARN

    • Endpoint