diff --git a/src/reference/config/vaults/aws-acm.md b/src/reference/config/vaults/aws-acm.md
new file mode 100644
index 00000000..c695dcfe
--- /dev/null
+++ b/src/reference/config/vaults/aws-acm.md
@@ -0,0 +1,23 @@
+---
+redirectFrom: /reference/config/vaults/vault-aws.html
+shortTitle: aws-acm
+icon: aky-zilla-plus
+category:
+  - Vault
+---
+
+# aws-acm Vault
+
+A Zilla runtime aws-acm vault that enables remote access of AWS services from an EC2 instance.
+
+This is typically combined with a [tls](../bindings/tls/README.md) binding `vault` property, referencing resources such as `certificates` by Amazon Resource Names (ARNs).
+
+Note: this requires AWS Nitro Enclaves for ACM to be enabled on the instance where Zilla Plus is running.
+
+[Available in <ZillaPlus/>](https://www.aklivity.io/products/zilla-plus)
+{.zilla-plus-badge .hint-container .info}
+
+```yaml {2}
+server:
+  type: aws-acm
+```
diff --git a/src/reference/config/vaults/aws-secrets.md b/src/reference/config/vaults/aws-secrets.md
new file mode 100644
index 00000000..beb81a48
--- /dev/null
+++ b/src/reference/config/vaults/aws-secrets.md
@@ -0,0 +1,20 @@
+---
+shortTitle: aws-secrets
+icon: aky-zilla-plus
+category:
+  - Vault
+---
+
+# aws-secrets Vault
+
+A Zilla runtime aws-secrets vault that enables remote access of AWS services from an EC2 instance.
+
+This is typically combined with a [tls](../bindings/tls/README.md) binding `vault` property, referencing resources such as `secrets` by Amazon Resource Names (ARNs).
+
+[Available in <ZillaPlus/>](https://www.aklivity.io/products/zilla-plus)
+{.zilla-plus-badge .hint-container .info}
+
+```yaml {2}
+server:
+  type: aws-secrets
+```
diff --git a/src/reference/config/vaults/aws.md b/src/reference/config/vaults/aws.md
deleted file mode 100644
index 4bbe79ef..00000000
--- a/src/reference/config/vaults/aws.md
+++ /dev/null
@@ -1,74 +0,0 @@
----
-redirectFrom: /reference/config/vaults/vault-aws.html
-shortTitle: aws
-icon: aky-zilla-plus
-category:
-  - Vault
----
-
-# aws Vault
-
-Defines a vault remotely accessing AWS services from an EC2 instance.
-
-This is typically combined with `tls` binding `vault` property, referencing resources such as `secrets` by Amazon Resource Names (ARNs).
-
-[Available in <ZillaPlus/>](https://www.aklivity.io/products/zilla-plus)
-{.zilla-plus-badge .hint-container .info}
-
-```yaml {2}
-server:
-  type: aws
-  options:
-    overrides:
-      acm: http://localhost:8080/acm
-      acmpca: http://localhost:8080/acmpca
-      secretsmanager: http://localhost:8000/secretsmanager
-      resourcegroupstaggingapi: http://localhost:8000/resourcegroupstaggingapi
-```
-
-## Configuration (\* required)
-
-### options
-
-> `object`
-
-The `aws` specific options.
-
-```yaml
-options:
-  overrides:
-    acm: http://localhost:8080/acm
-    acmpca: http://localhost:8080/acmpca
-    secretsmanager: http://localhost:8000/secretsmanager
-    resourcegroupstaggingapi: http://localhost:8000/resourcegroupstaggingapi
-```
-
-#### options.overrides
-
-> `object`
-
-Endpoint URL overrides for AWS service APIs.
-
-#### overrides.acm
-
-> `string`
-
-Endpoint URL override for AWS Certificate Manager API.
-
-#### overrides.acmpca
-
-> `string`
-
-Endpoint URL override for AWS Certificate Manager Private Certificate Authority API.
-
-#### overrides.secretsmanager
-
-> `string`
-
-Endpoint URL override for AWS Secrets Manager API.
-
-#### overrides.resourcegroupstaggingapi
-
-> `string`
-
-Endpoint URL override for AWS Resource Groups Tagging API.