AWS Security ChangesHomeSearch

AWS pcs documentation change

Service: pcs · 2025-06-28 · Documentation medium

File: pcs/latest/userguide/get-started-cfn-template-parts.md

Summary

Added ManagedAccounting and AccountingPolicyEnforcement parameters, updated security-related descriptions for SSH access and Session Manager

Security assessment

Added parameters for Slurm accounting policies and improved documentation about SSH access restrictions. These changes promote security best practices (IP restrictions, resource limits) but don't address specific vulnerabilities.

Diff

diff --git a/pcs/latest/userguide/get-started-cfn-template-parts.md b/pcs/latest/userguide/get-started-cfn-template-parts.md
index 4cbcc519c..f76c382b5 100644
--- a//pcs/latest/userguide/get-started-cfn-template-parts.md
+++ b//pcs/latest/userguide/get-started-cfn-template-parts.md
@@ -55,0 +56,2 @@ The code samples in this topic are **not complete**. The presence of ellipsis (`
+              - ManagedAccounting
+              - AccountingPolicyEnforcement
@@ -83 +85 @@ The `Parameters` section defines the custom parameters for the template. AWS Clo
-        Description: Architecture of the login and compute node instances
+        Description: Processor architecture for the login and compute node instances
@@ -87 +89 @@ The `Parameters` section defines the custom parameters for the template. AWS Clo
-        Default: 23.11
+        Default: 24.11
@@ -90 +91,0 @@ The `Parameters` section defines the custom parameters for the template. AWS Clo
-             - 23.11
@@ -91,0 +93,17 @@ The `Parameters` section defines the custom parameters for the template. AWS Clo
+             - 24.11
+    
+      ManagedAccounting:
+        Type: String
+        Default: 'disabled'
+        AllowedValues:
+          - 'enabled'
+          - 'disabled'
+        Description: Monitor cluster usage, manage access control, and enforce resource limits with Slurm accounting. Requires Slurm 24.11 or newer.
+    
+      AccountingPolicyEnforcement:
+        Description: Specify which Slurm accounting policies to enforce
+        Type: String
+        Default: none
+        AllowedValues:
+          - none
+          - 'associations,limits,safe'
@@ -94 +112 @@ The `Parameters` section defines the custom parameters for the template. AWS Clo
-        Description: KeyPair to login to the head node
+        Description: SSH keypair to log in to the head node
@@ -99 +117 @@ The `Parameters` section defines the custom parameters for the template. AWS Clo
-        Description: IP(s) allowed to directly access the login nodes. We recommend that you restrict it with your own IP/subnet (x.x.x.x/32 for your own ip or x.x.x.x/24 for range. Replace x.x.x.x with your own PUBLIC IP. You can get your public IP using tools such as https://ifconfig.co/)
+        Description: IP(s) allowed to access the login node over SSH. We recommend that you restrict it with your own IP/subnet (x.x.x.x/32 for your own ip or x.x.x.x/24 for range. Replace x.x.x.x with your own PUBLIC IP. You can get your public IP using tools such as https://ifconfig.co/)
@@ -314 +331 @@ The template outputs cluster identification and management URLs through `Cluster
-          - { ConsoleDomain: !Sub '${AWS::Region}.console.aws.amazon.com',
+          - { ConsoleDomain: !If [ GovCloud, 'console.amazonaws-us-gov.com', !If [ China, 'console.amazonaws.cn', !Sub '${AWS::Region}.console.aws.amazon.com']],
@@ -321 +338 @@ The template outputs cluster identification and management URLs through `Cluster
-        Description: URL to access instance(s) in the login node group
+        Description: URL to access instance(s) in the login node group via Session Manager
@@ -324 +341 @@ The template outputs cluster identification and management URLs through `Cluster
-          - { ConsoleDomain: !Sub '${AWS::Region}.console.aws.amazon.com',
+          - { ConsoleDomain: !If [ GovCloud, 'console.amazonaws-us-gov.com', !If [ China, 'console.amazonaws.cn', !Sub '${AWS::Region}.console.aws.amazon.com']],