At what point Site-to-Site VPN encryption ends on the AWS side

amazon-web-services vpn

Solution 1:

You always have the Virtual Private Gateway when using AWS VPN. It's actually the termination point on the AWS side regardless of whether you attach it to a Transit Gateway or directly to a VPC.

The transit gateway is already secured and there's virtually no chance (because I still believe nothing is 100% secure) that someone will snoop in at that level.

The VPC gets attached to the TGW as a different leg, and it's up to the routing table(s) to direct your traffic.

So it's at the VPGW that you terminate the VPN, and from then on the traffic is as-is.

If you're concerned you can always encrypt it up to whatever destination you have in the VPC and add additional levels of authentication and other security measures as needed.

https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-create-target-gateway

Related

Powershell self-signed certifcate private key not exportable
"fatal: unknown service: smtp/tcp" from postfix in docker using `start-fg`
How to choose upstream based on request header
Accessing virtual machines through a web browser
Opening files in the same folder as the current file, in vim
Reading a registry key in C#
Visual Studio 2013. You do not have sufficient privilege to access IIS web sites on your machine
Leaving Github, how to change the origin of a Git repo?
Mongoose - validate email syntax
Nose unable to find tests in ubuntu
How can I generate a 6 digit unique number?
How to convert empty spaces into null values, using SQL Server?