AWS Security ChangesHomeSearch

AWS eks high security documentation change

Service: eks · 2026-03-16 · Security-related high

File: eks/latest/userguide/cross-account-access.md

Summary

Corrected ARNs in trust policies and resource references

Security assessment

Proper cross-account ARNs prevent unintended trust relationships. Incorrect values could enable unauthorized cross-account access.

Diff

diff --git a/eks/latest/userguide/cross-account-access.md b/eks/latest/userguide/cross-account-access.md
index 2dcb06db6..49daa5299 100644
--- a//eks/latest/userguide/cross-account-access.md
+++ b//eks/latest/userguide/cross-account-access.md
@@ -50 +50 @@ Account B (`444455556666`) creates an IAM role with the permissions that Pods in
-            "AWS": "&region-arn;iam::111122223333:root"
+            "AWS": "arn:aws:iam::111122223333:root"
@@ -75 +75 @@ Account A (`111122223333`) creates a role with a trust policy that gets credenti
-            "Federated": "&region-arn;iam::111122223333:oidc-provider/oidc.eks.&region_api_default;.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE"
+            "Federated": "arn:aws:iam::111122223333:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE"
@@ -80 +80 @@ Account A (`111122223333`) creates a role with a trust policy that gets credenti
-              "oidc.eks.&region_api_default;.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud": "sts.amazonaws.com"
+              "oidc.eks.us-east-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud": "sts.amazonaws.com"
@@ -107 +107 @@ Account A attaches a permission policy to the role created in Step 2. This polic
-                "Resource": "&region-arn;iam::444455556666:role/account-b-role"
+                "Resource": "arn:aws:iam::444455556666:role/account-b-role"