AWS eks documentation change
Summary
Fixed IAM policy ARN strings in vendor add-on setup commands by replacing invalid syntax with proper ARN formats
Security assessment
The updates correct documentation errors in policy ARNs but show no evidence of addressing a security vulnerability. The changes ensure accurate IAM role configuration for vendor add-ons, reducing potential misconfiguration risks. No security incident or vulnerability is referenced.
Diff
diff --git a/eks/latest/userguide/workloads-add-ons-available-vendors.md b/eks/latest/userguide/workloads-add-ons-available-vendors.md index 9089ae1ba..d611c2cb0 100644 --- a//eks/latest/userguide/workloads-add-ons-available-vendors.md +++ b//eks/latest/userguide/workloads-add-ons-available-vendors.md @@ -71 +71 @@ The following command requires that you have an IAM OpenID Connect (OIDC) provid - --role-only --attach-policy-arn shared id="region.arn"/iam::aws:policy/AWSMarketplaceMeteringRegisterUsage --approve + --role-only --attach-policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage --approve @@ -183 +183 @@ The following command requires that you have an IAM OpenID Connect (OIDC) provid - --role-only --attach-policy-arn shared id="region.arn"/iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy --approve + --role-only --attach-policy-arn arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy --approve @@ -302 +302 @@ The following command requires that you have an IAM OpenID Connect (OIDC) provid - --role-only --attach-policy-arn shared id="region.arn"/iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy --approve + --role-only --attach-policy-arn arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy --approve @@ -328 +328 @@ The following command requires that you have an IAM OpenID Connect (OIDC) provid - --role-only --attach-policy-arn shared id="region.arn"/iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy --approve + --role-only --attach-policy-arn arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy --approve @@ -376 +376 @@ The following command requires that you have an IAM OpenID Connect (OIDC) provid - --role-only --attach-policy-arn shared id="region.arn"/iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy --approve + --role-only --attach-policy-arn arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy --approve