AWS pcs documentation change
Summary
Added documentation for the new AWSPCSComputeNodePolicy, which allows compute nodes to connect to clusters.
Security assessment
This introduces a security feature (IAM policy) to control compute node access but does not resolve a known security issue.
Diff
diff --git a/pcs/latest/userguide/security-iam-awsmanpol.md b/pcs/latest/userguide/security-iam-awsmanpol.md index 13779cd0e..8ff524f8a 100644 --- a//pcs/latest/userguide/security-iam-awsmanpol.md +++ b//pcs/latest/userguide/security-iam-awsmanpol.md @@ -5 +5 @@ -AWSPCSServiceRolePolicyPolicy updates +AWSPCSComputeNodePolicyAWSPCSServiceRolePolicyPolicy updates @@ -16,0 +17,17 @@ For more information, see [AWS managed policies](https://docs.aws.amazon.com/IAM +## AWS managed policy: AWSPCSComputeNodePolicy + +You can attach AWSPCSComputeNodePolicy to your IAM entities. You can attach this policy to an AWS PCS compute node IAM role that you specify to allow nodes that use that role to connect to an AWS PCS cluster. + +AWS PCS attaches this policy to a compute node group role when you use the console to create a compute node group. + +**Permissions details** + +This policy includes the following permissions. + + * `pcs:RegisterComputeNodeGroupInstance` – Allow an AWS PCS compute node (EC2 instance) to register with an AWS PCS cluster. + + + + +To view the permissions for this policy, see [AWSPCSComputeNodePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSPCSComputeNodePolicy.html) in the _AWS Managed Policy Reference_. + @@ -43,0 +61 @@ Change | Description | Date +AWSPCSComputeNodePolicy – New policy | AWS PCS added a new policy to grant permission to AWS PCS compute nodes to connect to AWS PCS clusters. AWS PCS attaches this policy to an IAM role when you create a compute node group in the AWS PCS console. | June 23, 2025