AWS Security ChangesHomeSearch

AWS eks documentation change

Service: eks · 2025-08-25 · Documentation low

File: eks/latest/best-practices/sgpp.md

Summary

Updated kubectl command to use 'fargate.amazonaws.com/pod-sg' annotation instead of 'vpc.amazonaws.com/pod-eni' for retrieving Fargate pod security groups

Security assessment

Change corrects an annotation key but does not address vulnerabilities or introduce new security features. Impacts operational accuracy rather than security posture.

Diff

diff --git a/eks/latest/best-practices/sgpp.md b/eks/latest/best-practices/sgpp.md
index 04b1ff36d..d7fe5faf0 100644
--- a//eks/latest/best-practices/sgpp.md
+++ b//eks/latest/best-practices/sgpp.md
@@ -144 +144 @@ You can use the below commands to find the security groups applied to a Fargate
-    kubectl get pod FARGATE_POD -o jsonpath='{.metadata.annotations.vpc\.amazonaws\.com/pod-eni}{"\n"}'
+    kubectl get pod FARGATE_POD -o jsonpath='{.metadata.annotations.fargate\.amazonaws\.com/pod-sg}{"\n"}'