AWS Security ChangesHomeSearch

AWS eks documentation change

Service: eks · 2025-06-07 · Documentation low

File: eks/latest/userguide/sec-group-reqs.md

Summary

Added outbound rule documentation for Elastic Fabric Adapter (EFA) traffic within the default security group

Security assessment

Documents new security group rules enabling EFA traffic for AI/ML workloads. While security-related, this describes a feature enhancement (network permissions for performance) rather than addressing a vulnerability.

Diff

diff --git a/eks/latest/userguide/sec-group-reqs.md b/eks/latest/userguide/sec-group-reqs.md
index 9660bac63..66c72df7b 100644
--- a//eks/latest/userguide/sec-group-reqs.md
+++ b//eks/latest/userguide/sec-group-reqs.md
@@ -22,0 +23,3 @@ Outbound |  All |  All |  |  0.0.0.0/0(`IPv4`) or ::/0 (`IPv6`)
+Outbound |  All |  All |  |  Self (for EFA traffic)  
+  
+The default security group includes an outbound rule that allows Elastic Fabric Adapter (EFA) traffic with the destination of the same security group. This enables EFA traffic within the cluster, which is beneficial for AI/ML and High Performance Computing (HPC) workloads. For more information, see [Elastic Fabric Adapter for AI/ML and HPC workloads on Amazon EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) in the _Amazon Elastic Compute Cloud User Guide_.