AWS Security ChangesHomeSearch

AWS eks medium security documentation change

Service: eks · 2025-05-10 · Security-related medium

File: eks/latest/userguide/access-policy-permissions.md

Summary

Added multiple notes clarifying that specific access policies are restricted to AWS service-linked roles and cannot be used with customer-managed roles

Security assessment

The changes explicitly restrict policy usage to prevent potential privilege escalation through customer-managed roles. This clarifies security boundaries and prevents misconfiguration that could lead to unauthorized access.

Diff

diff --git a/eks/latest/userguide/access-policy-permissions.md b/eks/latest/userguide/access-policy-permissions.md
index 2e638c6ca..a46e58039 100644
--- a//eks/latest/userguide/access-policy-permissions.md
+++ b//eks/latest/userguide/access-policy-permissions.md
@@ -143,0 +144,4 @@ If you manually specifiy a Node IAM role in a NodeClass, you need to create an A
+###### Note
+
+This policy is designated for AWS service-linked roles only and cannot be used with customer-managed roles.
+
@@ -188,0 +193,4 @@ Amazon EKS automatically creates an access entry with this access policy for the
+###### Note
+
+This policy is designated for AWS service-linked roles only and cannot be used with customer-managed roles.
+
@@ -203,0 +212,4 @@ Amazon EKS automatically creates an access entry with this access policy for the
+###### Note
+
+This policy is designated for AWS service-linked roles only and cannot be used with customer-managed roles.
+
@@ -265,0 +278,4 @@ Amazon EKS automatically creates an access entry with this access policy for the
+###### Note
+
+This policy is designated for AWS service-linked roles only and cannot be used with customer-managed roles.
+
@@ -429,0 +446,4 @@ Amazon EKS automatically creates an access entry with this access policy for the
+###### Note
+
+This policy is designated for AWS service-linked roles only and cannot be used with customer-managed roles.
+
@@ -439,0 +460,4 @@ Kubernetes API groups | Kubernetes nonResourceURLs | Kubernetes resources | Kube
+###### Note
+
+This policy is designated for AWS service-linked roles only and cannot be used with customer-managed roles.
+