AWS eks documentation change
Summary
Updated CIDR requirements to include CGNAT range in network configuration guidelines
Security assessment
Expanding valid CIDR ranges for networking doesn't indicate security remediation. This appears to be a documentation update for broader network compatibility.
Diff
diff --git a/eks/latest/userguide/hybrid-nodes-networking.md b/eks/latest/userguide/hybrid-nodes-networking.md index 7ea0a7e77..352a4a559 100644 --- a//eks/latest/userguide/hybrid-nodes-networking.md +++ b//eks/latest/userguide/hybrid-nodes-networking.md @@ -29 +29 @@ The on-premises node and pod CIDR blocks must meet the following requirements: - 1. Be within one of the following `IPv4` RFC-1918 ranges: `10.0.0.0/8`, `172.16.0.0/12`, or `192.168.0.0/16`. + 1. Be within one of the following `IPv4` RFC-1918 ranges: `10.0.0.0/8`, `172.16.0.0/12`, or `192.168.0.0/16` , or within the CGNAT range defined by RFC 6598: `100.64.0.0/10` . @@ -141 +141 @@ The following steps use the AWS CLI. You can also create these resources in the - 1. Run the following command to create a VPC. Replace `VPC_CIDR` with an `IPv4` RFC-1918 (private) or non-RFC-1918 (public) CIDR range (for example `10.0.0.0/16`). Note: DNS resolution, which is an EKS requirement, is enabled for the VPC by default. + 1. Run the following command to create a VPC. Replace VPC_CIDR with an IPv4 CIDR range that is either RFC 1918 (private), CGNAT (RFC 6598), or non-RFC 1918/non-CGNAT (public) (for example, 10.0.0.0/16). Note: DNS resolution, which is an EKS requirement, is enabled for the VPC by default.