AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-08-19 · Documentation medium

File: cli/latest/reference/sagemaker/describe-cluster-node.md

Summary

Added documentation for VolumeKmsKeyId and RootVolume parameters in NodeDetails structure, mirroring encryption configuration details from create-cluster

Security assessment

Documents the same encryption controls for EBS volumes in cluster node descriptions, providing visibility into security configurations but not indicating any security issue resolution

Diff

diff --git a/cli/latest/reference/sagemaker/describe-cluster-node.md b/cli/latest/reference/sagemaker/describe-cluster-node.md
index 0c0d07d14..932f99fc6 100644
--- a//cli/latest/reference/sagemaker/describe-cluster-node.md
+++ b//cli/latest/reference/sagemaker/describe-cluster-node.md
@@ -15 +15 @@
-  * [AWS CLI 2.28.11 Command Reference](../../index.html) »
+  * [AWS CLI 2.28.12 Command Reference](../../index.html) »
@@ -299,0 +300,22 @@ NodeDetails -> (structure)
+>>>> 
+>>>> VolumeKmsKeyId -> (string)
+>>>>
+>>>>> The ID of a KMS key to encrypt the Amazon EBS volume.
+>>>> 
+>>>> RootVolume -> (boolean)
+>>>>
+>>>>> Specifies whether the configuration is for the cluster’s root or secondary Amazon EBS volume. You can specify two `ClusterEbsVolumeConfig` fields to configure both the root and secondary volumes. Set the value to `True` if you’d like to provide your own customer managed Amazon Web Services KMS key to encrypt the root volume. When `True` :
+>>>>> 
+>>>>>   * The configuration is applied to the root volume.
+>>>>>   * You can’t specify the `VolumeSizeInGB` field. The size of the root volume is determined for you.
+>>>>>   * You must specify a KMS key ID for `VolumeKmsKeyId` to encrypt the root volume with your own KMS key instead of an Amazon Web Services owned KMS key.
+>>>>> 
+
+>>>>> 
+>>>>> Otherwise, by default, the value is `False` , and the following applies:
+>>>>> 
+>>>>>   * The configuration is applied to the secondary volume, while the root volume is encrypted with an Amazon Web Services owned key.
+>>>>>   * You must specify the `VolumeSizeInGB` field.
+>>>>>   * You can optionally specify the `VolumeKmsKeyId` to encrypt the secondary volume with your own KMS key instead of an Amazon Web Services owned KMS key.
+>>>>> 
+
@@ -351 +373 @@ NodeDetails -> (structure)
-  * [AWS CLI 2.28.11 Command Reference](../../index.html) »
+  * [AWS CLI 2.28.12 Command Reference](../../index.html) »