Posted On: Mar 30, 2023

Today, AWS Site-to-Site VPN announces Tunnel Endpoint Lifecycle Control, a new capability that provides better visibility and control of your VPN tunnel maintenance updates.

AWS Site-to-Site VPN is a fully-managed service that allows you to create a secure connection between your data center or branch office and your AWS resources using IP Security (IPSec) tunnels. This feature provides you with added flexibility when using AWS Site-to-Site VPN by allowing you to apply updates to your tunnel endpoints at a time that best suits your business ahead of the service-mandated deadline. Enabling this feature provides you with advanced notice of an upcoming maintenance updates that helps you plan and minimize service disruptions for your VPN connections. AWS Site-to-Site VPN offers two tunnels and our best practices guidance is to configure both tunnels in your VPN connection for high availability. Customers that are sensitive to VPN tunnel state changes or can only support a single up tunnel at a time can use this feature to help reduce operational pain caused by periodic maintenance related VPN tunnel endpoint replacements.

You can enable the Tunnel Endpoint Lifecycle Control feature for your VPN connections using the AWS Management Console, Command Line Interface (CLI), or SDK. This feature is available in 21 AWS commercial Regions and 2 AWS GovCloud Regions: US East (Ohio, N. Virginia), US West (N. California, Oregon), Europe (Frankfurt, Ireland, London, Paris, Stockholm), Asia Pacific (Mumbai, Seoul, Singapore, Sydney, Hong Kong, Tokyo, Jakarta, Osaka), Canada (Central), South America (São Paulo), Middle East (Bahrain), Africa (Cape Town), and AWS GovCloud (US-East, US-West). To learn more and get started, visit the AWS Site-to-Site VPN documentation