AWS AWSEC2 documentation change
Summary
Clarified and expanded the list of actions that cannot be performed on a requester-managed network interface, and added a note that resetting attributes is still allowed.
Security assessment
The change provides more detailed operational guidance on permissions and restrictions for a specific resource type (ENI). It clarifies security boundaries by explicitly listing prohibited actions (like modification, attachment/detachment, IP address management) but does not indicate it is fixing a discovered security flaw or weakness.
Diff
diff --git a/AWSEC2/latest/UserGuide/requester-managed-eni.md b/AWSEC2/latest/UserGuide/requester-managed-eni.md index b623285aa..451aaac47 100644 --- a//AWSEC2/latest/UserGuide/requester-managed-eni.md +++ b//AWSEC2/latest/UserGuide/requester-managed-eni.md @@ -13 +13 @@ A requester-managed network interface is a network interface that an AWS service - * You can view the requester-managed network interfaces in your account. You can add or remove tags, but you can't change other properties of a requester-managed network interface. + * You can view the requester-managed network interfaces in your account and you can add or remove tags. However, you can't perform the following actions on a requester-managed network interface: @@ -15 +15,11 @@ A requester-managed network interface is a network interface that an AWS service - * You can't detach a requester-managed network interface. + * Modify network interface attributes + + * Attach or detach the network interface + + * Associate or disassociate Elastic IP addresses + + * Assign or unassign private IP addresses + + * Specify the network interface when launching an instance + +You can still reset network interface attributes, even though you can't modify them.