AWS rtb-fabric documentation change
Summary
Added ec2:DescribeSubnets permission and updated IAM policy example
Security assessment
Routine permission expansion without security context. No vulnerability fixes or security features documented. Broadens IAM permissions but no evidence of security issue.
Diff
diff --git a/rtb-fabric/latest/userguide/managed-endpoints.md b/rtb-fabric/latest/userguide/managed-endpoints.md index fb3d3d270..288b8f980 100644 --- a//rtb-fabric/latest/userguide/managed-endpoints.md +++ b//rtb-fabric/latest/userguide/managed-endpoints.md @@ -46,0 +47,2 @@ For Auto Scaling group managed endpoints, the IAM role must include the followin + * `ec2:DescribeSubnets` + @@ -110 +112 @@ The role must also allow the following permissions in its permissions policies: - "Sid": "EksEndpointsIpDiscovery", + "Sid": "AsgEndpointsIpDiscovery", @@ -116 +118,2 @@ The role must also allow the following permissions in its permissions policies: - "ec2:DescribeAvailabilityZones" + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSubnets" @@ -118,6 +121 @@ The role must also allow the following permissions in its permissions policies: - "Resource": "*", - "Condition": { - "StringEquals": { - "ec2:Region": "us-east-1" - } - } + "Resource": "*"