AWS eks documentation change
Summary
Updated ARN formatting in error examples and fixed STS endpoint URL syntax
Security assessment
The changes normalize ARN format placeholders and fix a URL formatting issue. No security vulnerabilities or security feature additions are addressed.
Diff
diff --git a/eks/latest/userguide/security-iam-troubleshoot.md b/eks/latest/userguide/security-iam-troubleshoot.md index cf417f935..a4bd66499 100644 --- a//eks/latest/userguide/security-iam-troubleshoot.md +++ b//eks/latest/userguide/security-iam-troubleshoot.md @@ -21,2 +21,2 @@ If you receive an `AccessDeniedException` when calling an AWS API operation, the - User: arn:aws:iam::111122223333:user/user_name is not authorized to perform: - eks:DescribeCluster on resource: arn:aws:eks:region:111122223333:cluster/my-cluster + User: <shared id="region.arn"/>iam::111122223333:user/user_name is not authorized to perform: + eks:DescribeCluster on resource: <shared id="region.arn"/>eks:region:111122223333:cluster/my-cluster @@ -72 +72 @@ To learn more, consult the following: -Your containers receive this error if your application is explicitly making requests to the AWS STS global endpoint (` [https://sts.amazonaws](https://sts.amazonaws) `) and your Kubernetes service account is configured to use a regional endpoint. You can resolve the issue with one of the following options: +Your containers receive this error if your application is explicitly making requests to the AWS STS global endpoint (`https://sts.amazonaws`) and your Kubernetes service account is configured to use a regional endpoint. You can resolve the issue with one of the following options: @@ -76 +76 @@ Your containers receive this error if your application is explicitly making requ - * Update your application code to make explicit calls to regional endpoints such as ` [https://sts.us-west-2.amazonaws.com](https://sts.us-west-2.amazonaws.com) `. Your application should have redundancy built in to pick a different AWS Region in the event of a failure of the service in the AWS Region. For more information, see [Managing AWS STS in an AWS Region](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) in the IAM User Guide. + * Update your application code to make explicit calls to regional endpoints such as `https://sts.us-west-2.amazonaws.com`. Your application should have redundancy built in to pick a different AWS Region in the event of a failure of the service in the AWS Region. For more information, see [Managing AWS STS in an AWS Region](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) in the IAM User Guide.