AWS Security ChangesHomeSearch

AWS eks high security documentation change

Service: eks · 2025-10-13 · Security-related high

File: eks/latest/eksctl/pod-identity-associations.md

Summary

Removed IAM role trust policy JSON for pod identity associations

Security assessment

Deletion of required sts:AssumeRole and sts:TagSession permissions in role trust relationships could lead to improper pod identity configuration. This directly impacts security posture by potentially breaking least-privilege access for pods.

Diff

diff --git a/eks/latest/eksctl/pod-identity-associations.md b/eks/latest/eksctl/pod-identity-associations.md
index bd092a6c7..a6483070c 100644
--- a//eks/latest/eksctl/pod-identity-associations.md
+++ b//eks/latest/eksctl/pod-identity-associations.md
@@ -23,15 +23 @@ Additionally, if using a pre-existing IAM role when creating a pod identity asso
-    {
-        "Version": "2012-10-17",		 	 	 
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Principal": {
-                    "Service": "pods.eks.amazonaws.com"
-                },
-                "Action": [
-                    "sts:AssumeRole",
-                    "sts:TagSession"
-                ]
-            }
-        ]
-    }
+    # Error: No files found with UUID: 44d1085a-03ca-431a-9774-b786a9774200