AWS Security ChangesHomeSearch

AWS parallelcluster documentation change

Service: parallelcluster · 2025-04-03 · Documentation low

File: parallelcluster/latest/ug/api-reference-deploy-v3.md

Summary

Updated version from 3.7.0 to 3.13.0, added details about required IAM permissions for ParallelClusterFunctionRole, and introduced ParallelClusterFunctionAdditionalPolicies parameter

Security assessment

The changes enhance documentation about IAM role requirements and introduce a parameter for additional policies, which are security-related configurations but do not address a specific disclosed vulnerability.

Diff

diff --git a/parallelcluster/latest/ug/api-reference-deploy-v3.md b/parallelcluster/latest/ug/api-reference-deploy-v3.md
index bc3217cb6..9f2fc5c0d 100644
--- a//parallelcluster/latest/ug/api-reference-deploy-v3.md
+++ b//parallelcluster/latest/ug/api-reference-deploy-v3.md
@@ -19 +19 @@ Run the following commands to deploy the API:
-    $ VERSION=3.7.0
+    $ VERSION=3.13.0
@@ -35 +35,3 @@ The following parameters optional:
-  * **ParallelClusterFunctionRole** \- This overrides the IAM role that gets assigned to the AWS Lambda function implementing AWS ParallelCluster features. The parameter accepts the ARN of an IAM role. Such role needs to be configured to have AWS Lambda as the IAM principal. 
+  * **ParallelClusterFunctionRole** \- This overrides the IAM role that gets assigned to the AWS Lambda function implementing AWS ParallelCluster features. The parameter accepts the ARN of an IAM role. This role needs to be configured to have AWS Lambda as the IAM principal. Also, since this role will replace the default role of the API Lambda function, it must have at least the default permissions required by the API as listed in [AWS ParallelCluster example pcluster user policies](./iam-roles-in-parallelcluster-v3.html#iam-roles-in-parallelcluster-v3-example-user-policies).
+
+  * **ParallelClusterFunctionAdditionalPolicies** \- ARN of the additional IAM policy to be attached to the AWS ParallelCluster API function role. Only one policy can be specified.