AWS Security ChangesHomeSearch

AWS eks documentation change

Service: eks · 2026-01-10 · Documentation low

File: eks/latest/userguide/argocd-concepts.md

Summary

Updated CLI usage instructions, clarified sync wave behavior, enhanced project security guidance, removed repository organization examples, and added a sync option (SkipDryRunOnMissingResource).

Security assessment

Added security documentation by emphasizing project restrictions for production environments ('edit the default project to restrict access'). This promotes security best practices but doesn't address a specific vulnerability. No evidence of a security incident exists in the changes.

Diff

diff --git a/eks/latest/userguide/argocd-concepts.md b/eks/latest/userguide/argocd-concepts.md
index ead7041fe..d3439c6a6 100644
--- a//eks/latest/userguide/argocd-concepts.md
+++ b//eks/latest/userguide/argocd-concepts.md
@@ -88 +88,5 @@ View the application status:
-You can also view the application using the Argo CD CLI (`argocd app get guestbook`) or the Argo CD UI (accessible from the EKS console under your cluster’s Capabilities tab).
+You can also view the application using the Argo CD CLI or the Argo CD UI (accessible from the EKS console under your cluster’s Capabilities tab).
+
+###### Note
+
+When using the Argo CD CLI with the managed capability, specify applications with the namespace prefix: `argocd app get argocd/guestbook`.
@@ -150 +154 @@ Argo CD continuously monitors your sources and clusters to detect and correct di
-Resources are applied in wave order (lower numbers first, including negative numbers like `-1`). This allows you to create dependencies like namespaces (wave `-1`) before deployments (wave `0`).
+Resources are applied in wave order (lower numbers first, including negative numbers like `-1`). Wave `0` is the default if not specified. This allows you to create dependencies like namespaces (wave `-1`) before deployments (wave `0`) before services (wave `1`).
@@ -205 +209 @@ Projects provide logical grouping and access control for Applications:
-All Applications belong to a project. If not specified, they use the `default` project (which has no restrictions). For production, create projects with appropriate restrictions.
+Applications belong to a single project. If not specified, they use the `default` project, which has no restrictions by default. For production use, edit the `default` project to restrict access and create new projects with appropriate restrictions.
@@ -209,21 +212,0 @@ For project configuration and RBAC patterns, see [Configure Argo CD permissions]
-### Repository organization
-
-Most teams use directory-based organization with Kustomize overlays or Helm values files for different environments:
-    
-    
-    my-app/
-    ├── base/
-    │   ├── deployment.yaml
-    │   └── service.yaml
-    └── overlays/
-        ├── dev/
-        │   └── kustomization.yaml
-        ├── staging/
-        │   └── kustomization.yaml
-        └── prod/
-            └── kustomization.yaml
-
-This approach provides flexibility and clarity while keeping all environment configurations in a single repository.
-
-For detailed repository structure patterns and best practices, see the [Argo CD best practices documentation](https://argo-cd.readthedocs.io/en/stable/user-guide/best_practices/).
-
@@ -248,0 +232 @@ Fine-tune sync behavior with common options:
+        - SkipDryRunOnMissingResource=true