AWS eks high security documentation change
Summary
Corrected ARNs in trust policies and resource references
Security assessment
Proper cross-account ARNs prevent unintended trust relationships. Incorrect values could enable unauthorized cross-account access.
Diff
diff --git a/eks/latest/userguide/cross-account-access.md b/eks/latest/userguide/cross-account-access.md index 2dcb06db6..49daa5299 100644 --- a//eks/latest/userguide/cross-account-access.md +++ b//eks/latest/userguide/cross-account-access.md @@ -50 +50 @@ Account B (`444455556666`) creates an IAM role with the permissions that Pods in - "AWS": "®ion-arn;iam::111122223333:root" + "AWS": "arn:aws:iam::111122223333:root" @@ -75 +75 @@ Account A (`111122223333`) creates a role with a trust policy that gets credenti - "Federated": "®ion-arn;iam::111122223333:oidc-provider/oidc.eks.®ion_api_default;.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE" + "Federated": "arn:aws:iam::111122223333:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE" @@ -80 +80 @@ Account A (`111122223333`) creates a role with a trust policy that gets credenti - "oidc.eks.®ion_api_default;.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud": "sts.amazonaws.com" + "oidc.eks.us-east-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud": "sts.amazonaws.com" @@ -107 +107 @@ Account A attaches a permission policy to the role created in Step 2. This polic - "Resource": "®ion-arn;iam::444455556666:role/account-b-role" + "Resource": "arn:aws:iam::444455556666:role/account-b-role"