AWS Site-to-Site Virtual Private Network (AWS Site-to-Site VPN) now supports digital certificates for Internet Key Exchange (IKE) authentication, so for AWS Site-to-Site VPN connections, you can now use private certificates from AWS Certificate Manager instead of pre-shared keys. This enables you to take advantage of the added security and flexibility that digital certificates offer.

from Recent Announcements