AWS Security ChangesHomeSearch

AWS eks high security documentation change

Service: eks · 2026-03-16 · Security-related high

File: eks/latest/userguide/cni-iam-role.md

Summary

Updated OIDC provider ARNs and condition keys

Security assessment

Accurate OIDC provider ARNs are critical for secure pod identity federation. Incorrect values could allow unauthorized service account impersonation.

Diff

diff --git a/eks/latest/userguide/cni-iam-role.md b/eks/latest/userguide/cni-iam-role.md
index f164fd666..c97fd7a85 100644
--- a//eks/latest/userguide/cni-iam-role.md
+++ b//eks/latest/userguide/cni-iam-role.md
@@ -105 +105 @@ If no output is returned, then you must [create an IAM OIDC provider for your cl
-                        "Federated": "&region-arn;iam::111122223333:oidc-provider/oidc.eks.&region_api_default;.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE"
+                        "Federated": "arn:aws:iam::111122223333:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE"
@@ -110,2 +110,2 @@ If no output is returned, then you must [create an IAM OIDC provider for your cl
-                            "oidc.eks.&region_api_default;.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud": "sts.amazonaws.com",
-                            "oidc.eks.&region_api_default;.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub": "system:serviceaccount:kube-system:aws-node"
+                            "oidc.eks.us-east-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud": "sts.amazonaws.com",
+                            "oidc.eks.us-east-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub": "system:serviceaccount:kube-system:aws-node"
@@ -224 +224 @@ If you created a cluster that uses the `IPv6` family and the cluster has version
-                    "&region-arn;ec2:*:*:network-interface/*"
+                    "arn:aws:ec2:*:*:network-interface/*"