AWS eks documentation change
Summary
Added outbound rule documentation for Elastic Fabric Adapter (EFA) traffic within the default security group
Security assessment
Documents new security group rules enabling EFA traffic for AI/ML workloads. While security-related, this describes a feature enhancement (network permissions for performance) rather than addressing a vulnerability.
Diff
diff --git a/eks/latest/userguide/sec-group-reqs.md b/eks/latest/userguide/sec-group-reqs.md index 9660bac63..66c72df7b 100644 --- a//eks/latest/userguide/sec-group-reqs.md +++ b//eks/latest/userguide/sec-group-reqs.md @@ -22,0 +23,3 @@ Outbound | All | All | | 0.0.0.0/0(`IPv4`) or ::/0 (`IPv6`) +Outbound | All | All | | Self (for EFA traffic) + +The default security group includes an outbound rule that allows Elastic Fabric Adapter (EFA) traffic with the destination of the same security group. This enables EFA traffic within the cluster, which is beneficial for AI/ML and High Performance Computing (HPC) workloads. For more information, see [Elastic Fabric Adapter for AI/ML and HPC workloads on Amazon EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) in the _Amazon Elastic Compute Cloud User Guide_.