AWS eks documentation change
Summary
Added proxy configuration instructions for IAM Roles Anywhere credential provider service and separated Amazon Linux/RHEL proxy setup.
Security assessment
Documents secure proxy configuration for credential management, ensuring proper service communication. While security-related, there's no evidence of addressing a specific vulnerability.
Diff
diff --git a/eks/latest/userguide/hybrid-nodes-proxy.md b/eks/latest/userguide/hybrid-nodes-proxy.md index 885ad5a04..d178cde00 100644 --- a//eks/latest/userguide/hybrid-nodes-proxy.md +++ b//eks/latest/userguide/hybrid-nodes-proxy.md @@ -149 +149,11 @@ If you are using a proxy for internet access, you must configure your operating -**Amazon Linux 2023 and Red Hat Enterprise Linux** +**Amazon Linux 2023** + + 1. Configure `dnf` to use your proxy. Create a file `/etc/dnf/dnf.conf` with the proxy-domain and port values for your environment. + + proxy=http://proxy-domain:port + + + + + +**Red Hat Enterprise Linux** @@ -158,0 +169,12 @@ If you are using a proxy for internet access, you must configure your operating +### IAM Roles Anywhere proxy configuration + +The IAM Roles Anywhere credential provider service is responsible for refreshing credentials when using IAM Roles Anywhere with the `enableCredentialsFile` flag (see [EKS Pod Identity Agent](./hybrid-nodes-add-ons.html#hybrid-nodes-add-ons-pod-id)). If you are using a proxy in your on-premises environment, you must configure the service so it can communicate with IAM Roles Anywhere endpoints. + +Create a file called `http-proxy.conf` in the `/etc/systemd/system/aws_signing_helper_update.service.d/` directory with the following content. Replace `proxy-domain` and `port` with the values for your environment. + + + [Service] + Environment="HTTP_PROXY=http://proxy-domain:port" + Environment="HTTPS_PROXY=http://proxy-domain:port" + Environment="NO_PROXY=localhost" +