Introducing VPC encryption controls: Enforce encryption in transit within and across VPCs in a Region
AWS News Blog
This article introduces VPC encryption controls, a new Amazon VPC capability that audits and enforces encryption in transit for all traffic within and across VPCs in a Region.
- Two operational modes: monitor mode for auditing encryption status, enforce mode for blocking unencrypted traffic
- Adds encryption-status field to VPC flow logs showing Nitro hardware encryption, TLS, or both
- AWS services like NLB, ALB, and Fargate automatically migrate to Nitro hardware transparently
- Legacy EC2 instances require upgrade to modern Nitro-based instance types or TLS configuration
- Can exclude resources like internet gateways and NAT gateways that don't support encryption
- Free until March 1, 2026; available in 20+ AWS Regions globally
- Transit Gateway with CloudFormation requires additional IAM permissions for encryption configuration
VPC encryption controls simplify compliance with HIPAA, PCI DSS, and FedRAMP by providing centralized visibility and enforcement of encryption across VPC infrastructure without performance trade-offs.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
2025
2024
2025
2024
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.