AWS eks high security documentation change
Summary
Removed IAM role trust policy JSON for pod identity associations
Security assessment
Deletion of required sts:AssumeRole and sts:TagSession permissions in role trust relationships could lead to improper pod identity configuration. This directly impacts security posture by potentially breaking least-privilege access for pods.
Diff
diff --git a/eks/latest/eksctl/pod-identity-associations.md b/eks/latest/eksctl/pod-identity-associations.md index bd092a6c7..a6483070c 100644 --- a//eks/latest/eksctl/pod-identity-associations.md +++ b//eks/latest/eksctl/pod-identity-associations.md @@ -23,15 +23 @@ Additionally, if using a pre-existing IAM role when creating a pod identity asso - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "pods.eks.amazonaws.com" - }, - "Action": [ - "sts:AssumeRole", - "sts:TagSession" - ] - } - ] - } + # Error: No files found with UUID: 44d1085a-03ca-431a-9774-b786a9774200