AWS eks high security documentation change
Summary
Fixed OIDC provider ARN and condition keys
Security assessment
Accurate OIDC provider configuration prevents unauthorized service account role assumption. Critical for maintaining least privilege access.
Diff
diff --git a/eks/latest/userguide/efs-csi.md b/eks/latest/userguide/efs-csi.md index 5d76e2a74..7afea5ba8 100644 --- a//eks/latest/userguide/efs-csi.md +++ b//eks/latest/userguide/efs-csi.md @@ -272 +272 @@ If the output from the command is `None`, review the **Prerequisites**. - "Federated": "®ion-arn;iam::123456789012:oidc-provider/oidc.eks.®ion_api_default;.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE" + "Federated": "arn:aws:iam::123456789012:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE" @@ -277,2 +277,2 @@ If the output from the command is `None`, review the **Prerequisites**. - "oidc.eks.®ion_api_default;.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub": "system:serviceaccount:kube-system:efs-csi-*", - "oidc.eks.®ion_api_default;.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud": "sts.amazonaws.com" + "oidc.eks.us-east-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub": "system:serviceaccount:kube-system:efs-csi-*", + "oidc.eks.us-east-1.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud": "sts.amazonaws.com"