AWS Security ChangesHomeSearch

AWS eks documentation change

Service: eks · 2026-03-07 · Documentation low

File: eks/latest/userguide/hybrid-nodes-networking.md

Summary

Updated CIDR requirements to include CGNAT range in network configuration guidelines

Security assessment

Expanding valid CIDR ranges for networking doesn't indicate security remediation. This appears to be a documentation update for broader network compatibility.

Diff

diff --git a/eks/latest/userguide/hybrid-nodes-networking.md b/eks/latest/userguide/hybrid-nodes-networking.md
index 7ea0a7e77..352a4a559 100644
--- a//eks/latest/userguide/hybrid-nodes-networking.md
+++ b//eks/latest/userguide/hybrid-nodes-networking.md
@@ -29 +29 @@ The on-premises node and pod CIDR blocks must meet the following requirements:
-  1. Be within one of the following `IPv4` RFC-1918 ranges: `10.0.0.0/8`, `172.16.0.0/12`, or `192.168.0.0/16`.
+  1. Be within one of the following `IPv4` RFC-1918 ranges: `10.0.0.0/8`, `172.16.0.0/12`, or `192.168.0.0/16` , or within the CGNAT range defined by RFC 6598: `100.64.0.0/10` .
@@ -141 +141 @@ The following steps use the AWS CLI. You can also create these resources in the
-  1. Run the following command to create a VPC. Replace `VPC_CIDR` with an `IPv4` RFC-1918 (private) or non-RFC-1918 (public) CIDR range (for example `10.0.0.0/16`). Note: DNS resolution, which is an EKS requirement, is enabled for the VPC by default.
+  1. Run the following command to create a VPC. Replace VPC_CIDR with an IPv4 CIDR range that is either RFC 1918 (private), CGNAT (RFC 6598), or non-RFC 1918/non-CGNAT (public) (for example, 10.0.0.0/16). Note: DNS resolution, which is an EKS requirement, is enabled for the VPC by default.