AWS eks documentation change
Summary
Updated kubectl command to use 'fargate.amazonaws.com/pod-sg' annotation instead of 'vpc.amazonaws.com/pod-eni' for retrieving Fargate pod security groups
Security assessment
Change corrects an annotation key but does not address vulnerabilities or introduce new security features. Impacts operational accuracy rather than security posture.
Diff
diff --git a/eks/latest/best-practices/sgpp.md b/eks/latest/best-practices/sgpp.md index 04b1ff36d..d7fe5faf0 100644 --- a//eks/latest/best-practices/sgpp.md +++ b//eks/latest/best-practices/sgpp.md @@ -144 +144 @@ You can use the below commands to find the security groups applied to a Fargate - kubectl get pod FARGATE_POD -o jsonpath='{.metadata.annotations.vpc\.amazonaws\.com/pod-eni}{"\n"}' + kubectl get pod FARGATE_POD -o jsonpath='{.metadata.annotations.fargate\.amazonaws\.com/pod-sg}{"\n"}'