AWS Security ChangesHomeSearch

AWS eks medium security documentation change

Service: eks · 2025-07-01 · Security-related medium

File: eks/latest/userguide/auto-change.md

Summary

Added documentation about Auto Mode NodeClass now encrypting both root and data volumes with custom KMS key

Security assessment

The change explicitly states improved encryption practices by extending KMS key usage to root volumes, which enhances data protection. This addresses potential security gaps in volume encryption.

Diff

diff --git a/eks/latest/userguide/auto-change.md b/eks/latest/userguide/auto-change.md
index 6b07ddac9..23aa5534c 100644
--- a//eks/latest/userguide/auto-change.md
+++ b//eks/latest/userguide/auto-change.md
@@ -5 +5 @@
-June 20, 2025June 13, 2025April 30, 2025April 18, 2025April 11, 2025April 4, 2025March 31, 2025March 21, 2025March 14, 2025
+June 30, 2025June 20, 2025June 13, 2025April 30, 2025April 18, 2025April 11, 2025April 4, 2025March 31, 2025March 21, 2025March 14, 2025
@@ -19,0 +20,4 @@ To receive notifications of all source file changes to this specific documentati
+## June 30, 2025
+
+**Feature:** The Auto Mode NodeClass now uses the configued custom KMS key to encrypt the read-only root volume of the instance, in addition to the read/write data volume. Previously, the custom KMS key was only used to encrypt the data volume.
+