Using VPC endpoints to keep sensitive data in known networks

Secrets should never be accessible over the internet. AWS offers options for maintaining privacy when routing traffic through known and private network routes.

When you're configuring traffic between AWS Secrets Manager and on-premises clients and applications, you can use either of the following approaches:

An AWS Site-to-Site VPN VPN connection
An AWS Direct Connect connection

If you want to secure traffic between Secrets Manager and API clients with the same AWS Region, use AWS PrivateLink to create interface VPC endpoints. By using this option, you keep all traffic for the secret within your private network. For more information, see Using an AWS Secrets Manager VPC endpoint.

Using Amazon VPC service endpoints to connect to AWS Secrets Manager.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Managing secrets for Amazon EKS

Resources