AWS fsx documentation change
Summary
Added ec2:DescribeNetworkInterfaces permission description and policy change note for AmazonFSxConsoleReadOnlyAccess
Security assessment
Expands documentation of IAM permissions for security group validation and network interface visibility without addressing a specific security issue.
Diff
diff --git a/fsx/latest/LustreGuide/security-iam-awsmanpol.md index affe0cf77..cd9495ec1 100644 --- a/fsx/latest/LustreGuide/security-iam-awsmanpol.md +++ b/fsx/latest/LustreGuide/security-iam-awsmanpol.md @@ -119 +119,3 @@ This policy includes the following permissions. - * To provide enhanced security group validation of all security groups that can be used with a VPC. + * Allows principals to provide enhanced security group validation of all security groups that can be used with a VPC. + + * Allows principals to view the elastic network interfaces associated with an Amazon FSx file system. @@ -140 +142 @@ This policy includes the following permissions. - * `ec2` – To provide enhanced security group validation of all security groups that can be used with a VPC. + * `ec2` – Allows principals to provide enhanced security group validation of all security groups that can be used with a VPC. @@ -152,0 +155 @@ Change | Description | Date +AmazonFSxConsoleReadOnlyAccess – Update to an existing policy | Amazon FSx added new permission, `ec2:DescribeNetworkInterfaces` that allows principals to view the elastic network interfaces associated with their file system. | February 25, 2025