Change the Secrets Manager pre-shared key in AWS Site-to-Site VPN

If your tunnel is inaccessible in Secrets Manager, you can change the pre-shared key for that tunnel.

When changing the pre-shared key, ensure you have the necessary IAM permissions for both the Secrets Manager service.
After changing the pre-shared key for a VPN tunnel, connectivity is interrupted for up to several minutes. Ensure that you plan for expected downtime.

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Site-to-Site VPN connections.
Select the Site-to-Site VPN connection, and choose Actions, Modify VPN tunnel options.
For VPN tunnel outside IP address, choose the tunnel endpoint IP of the VPN tunnel.
In the New pre-shared key, choose a new pre-shared key.

Note
This option is only available for keys stored in Secrets Manager.
Choose Save changes.
Repeat these steps for any other tunnel.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Enhanced security features using Secrets Manager

Change the pre-shared key storage mode