AWS eks documentation change
Summary
Added a new IAM policy example for read-only EKS Dashboard access and rephrased section headers
Security assessment
Introduces a security-related IAM policy template for least-privilege access to the EKS Dashboard, which helps users implement security best practices. However, there is no evidence this addresses a specific security vulnerability.
Diff
diff --git a/eks/latest/userguide/cluster-dashboard-orgs.md b/eks/latest/userguide/cluster-dashboard-orgs.md index 3093a1866..aba815308 100644 --- a//eks/latest/userguide/cluster-dashboard-orgs.md +++ b//eks/latest/userguide/cluster-dashboard-orgs.md @@ -142 +142 @@ This section outlines the minimum IAM policies required to enable trusted access -### Policies for enabling trusted access +### Policy for enabling trusted access @@ -169 +169 @@ To enable trusted access between EKS Dashboard and AWS Organizations, you need t -### Policies for delegating an administrator +### Policy for delegating an administrator @@ -188,0 +189,46 @@ To register or deregister a delegated administrator for the EKS Dashboard, you n +### Policy to view EKS Dashboard + + + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AmazonEKSDashboardReadOnly", + "Effect": "Allow", + "Action": [ + "eks:ListDashboardData", + "eks:ListDashboardResources", + "eks:DescribeClusterVersions" + ], + "Resource": "*" + }, + { + "Sid": "AmazonOrganizationsReadOnly", + "Effect": "Allow", + "Action": [ + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListRoots", + "organizations:ListAccountsForParent", + "organizations:ListOrganizationalUnitsForParent" + ], + "Resource": "*" + }, + { + "Sid": "AmazonOrganizationsDelegatedAdmin", + "Effect": "Allow", + "Action": [ + "organizations:ListDelegatedAdministrators" + ], + "Resource": [ + "*" + ], + "Condition": { + "StringEquals": { + "organizations:ServicePrincipal": "eks.amazonaws.com" + } + } + } + ] + } +