AWS parallelcluster medium security documentation change
Summary
Added guidance about required IAM permissions (iam:AttachRolePolicy/iam:DetachRolePolicy) for attaching additional policies to head nodes
Security assessment
The change addresses security-related IAM permission requirements for managing policies, ensuring users understand necessary permissions for secure operations.
Diff
diff --git a/parallelcluster/latest/ug/cfn-provider-stack.md b/parallelcluster/latest/ug/cfn-provider-stack.md index c7fb19305..27a95a1c4 100644 --- a//parallelcluster/latest/ug/cfn-provider-stack.md +++ b//parallelcluster/latest/ug/cfn-provider-stack.md @@ -37,0 +38,2 @@ If you need additional policies for the head node, compute nodes, or for access +If you need to attach additional policies to the head node, you must also grant the necessary permissions to attach or detach those policies to the IAM role associated with the head node. Specifically, you'll need to attach the "iam:AttachRolePolicy" and "iam:DetachRolePolicy" permissions (or their equivalent in a managed policy) to the IAM role used by the head node. For more information, see [AWS ParallelCluster user example policies for managing IAM resources](./iam-roles-in-parallelcluster-v3.html#iam-roles-in-parallelcluster-v3-user-policy-manage-iam). +