Posted On: Aug 19, 2022

Today, AWS Site-to-Site VPN enables publishing VPN connection logs to CloudWatch, providing you with deeper visibility into your VPN setup to help you quickly troubleshoot and resolve VPN connectivity issues.

With this feature, you can gain easy access to Site-to-Site VPN tunnel activity logs that provides details on IP Security (IPsec) tunnel establishment activity, including Internet Key Exchange (IKE) negotiations and Dead Peer Detection (DPD) protocol messages. Using these VPN connection logs, you can pinpoint any configuration mismatches between AWS VPN endpoint and your VPN gateway device to help you rapidly address connectivity issues.

You can enable the CloudWatch logging for your VPN connections using the AWS Management Console, Command Line Interface (CLI), or SDK through the tunnel options when creating or modifying your VPN connection. This feature is now available across all AWS commercial and AWS GovCloud Regions. For more information, please see the AWS Site-to-Site VPN frequently asked questions and documentation.