AWS eks medium security documentation change
Summary
Added 'ssmmessages:OpenDataChannel' permission to AWS managed policy AmazonEKSLocalOutpostServiceRolePolicy
Security assessment
The addition of 'ssmmessages' permission enables secure communication channels via AWS Systems Manager Session Manager, which is critical for encrypted instance management. This addresses potential security gaps in control plane instance management by ensuring proper secure shell access mechanisms.
Diff
diff --git a/eks/latest/userguide/security-iam-awsmanpol.md b/eks/latest/userguide/security-iam-awsmanpol.md index 808d051dc..d41a2c3b8 100644 --- a//eks/latest/userguide/security-iam-awsmanpol.md +++ b//eks/latest/userguide/security-iam-awsmanpol.md @@ -438 +438 @@ The `AmazonEKSLocalOutpostServiceRolePolicy` includes the following permissions: - * **`ssm` ** – Allows Amazon EC2 Systems Manager connection to the control plane instances, which is used by Amazon EKS to communicate and manage the local cluster in your account. + * **`ssm`, `ssmmessages` ** – Allows Amazon EC2 Systems Manager connection to the control plane instances, which is used by Amazon EKS to communicate and manage the local cluster in your account. @@ -461,0 +462 @@ Change | Description | Date +Added permission to AWS managed policy: AmazonEKSLocalOutpostServiceRolePolicy | Added `ssmmessages:OpenDataChannel` permission to `AmazonEKSLocalOutpostServiceRolePolicy`. | June 26, 2025