AWS Security ChangesHomeSearch

AWS eks documentation change

Service: eks · 2025-03-19 · Documentation medium

File: eks/latest/userguide/launch-templates.md

Summary

Removed AL2023 user data example, Windows node group permissions note, and AMI ID restriction

Security assessment

Deleted sections included configuration examples and permissions guidance but no evidence of addressing a specific security vulnerability

Diff

diff --git a/eks/latest/userguide/launch-templates.md b/eks/latest/userguide/launch-templates.md
index 4975cadbb..30e714baf 100644
--- a/eks/latest/userguide/launch-templates.md
+++ b/eks/latest/userguide/launch-templates.md
@@ -178,47 +177,0 @@ In AL2, the metadata from these parameters was discovered from the Amazon EKS `D
-Here’s a complete example of AL2023 user data that combines a shell script for customizing the node (like installing packages or pre-caching container images) with the required `nodeadm` configuration. This example shows common customizations including: * Installing additional system packages * Pre-caching container images to improve Pod startup time * Setting up HTTP proxy configuration * Configuring `kubelet` flags for node labeling
-    
-    
-    MIME-Version: 1.0
-    Content-Type: multipart/mixed; boundary="BOUNDARY"
-    
-    --BOUNDARY
-    Content-Type: text/x-shellscript; charset="us-ascii"
-    
-    #!/bin/bash
-    set -o errexit
-    set -o pipefail
-    set -o nounset
-    
-    # Install additional packages
-    yum install -y htop jq iptables-services
-    
-    # Pre-cache commonly used container images
-    nohup docker pull public.ecr.aws/eks-distro/kubernetes/pause:3.2 &
-    
-    # Configure HTTP proxy if needed
-    cat > /etc/profile.d/http-proxy.sh << 'EOF'
-    export HTTP_PROXY="http://proxy.example.com:3128"
-    export HTTPS_PROXY="http://proxy.example.com:3128"
-    export NO_PROXY="localhost,127.0.0.1,169.254.169.254,.internal"
-    EOF
-    
-    --BOUNDARY
-    Content-Type: application/node.eks.aws
-    
-    apiVersion: node.eks.aws/v1alpha1
-    kind: NodeConfig
-    spec:
-      cluster:
-        name: my-cluster
-        apiServerEndpoint: https://example.com
-        certificateAuthority: Y2VydGlmaWNhdGVBdXRob3JpdHk=
-        cidr: 10.100.0.0/16
-      kubelet:
-        config:
-          clusterDNS:
-          - 10.100.0.10
-        flags:
-        - --node-labels=app=my-app,environment=production
-    
-    --BOUNDARY--
-
@@ -260,4 +212,0 @@ Windows user data uses PowerShell commands. When creating a managed node group,
-###### Important
-
-When creating Windows node groups, Amazon EKS updates the `aws-auth` `ConfigMap` to allow Linux-based nodes to join the cluster. The service doesn’t automatically configure permissions for Windows AMIs. If you’re using Windows nodes, you’ll need to manage access either via the access entry API or by updating the `aws-auth` `ConfigMap` directly. For more information, see [Deploy Windows nodes on EKS clusters](./windows-support.html).
-
@@ -431,2 +379,0 @@ For more information, see [Amazon Machine Images (AMI)](https://docs.aws.amazon.
-You cannot use dynamic parameter references for AMI IDs in Launch Templates used with managed node groups.
-