AWS eks medium security documentation change
Summary
Added ec2:RevokeSecurityGroupEgress and ec2:AuthorizeSecurityGroupEgress permissions to AmazonEKSServiceRolePolicy for EFA compatibility
Security assessment
Explicitly adds security-related IAM permissions for managing security group egress rules, which directly impacts network security configurations. This addresses specific security group management requirements for AI/ML workloads.
Diff
diff --git a/eks/latest/userguide/security-iam-awsmanpol.md b/eks/latest/userguide/security-iam-awsmanpol.md index 939e071eb..628a7b306 100644 --- a//eks/latest/userguide/security-iam-awsmanpol.md +++ b//eks/latest/userguide/security-iam-awsmanpol.md @@ -416,0 +417 @@ Change | Description | Date +Added permission to AmazonEKSServiceRolePolicy. | Added `ec2:RevokeSecurityGroupEgress` and `ec2:AuthorizeSecurityGroupEgress` permissions to allow EKS AI/ML customers to add Security Group Egress rules to the default EKS Cluster SG that are compatible with EFA, as part of the EKS 1.33 version release. | April 14, 2025