AWS eks documentation change
Summary
Added required '--access-scope type=cluster' parameter to the 'aws eks associate-access-policy' command example.
Security assessment
This change corrects a command example for associating access policies, which are a security feature for controlling cluster access. The addition of the required '--access-scope' parameter ensures the command works correctly, preventing potential misconfiguration. However, there is no evidence this fixes a specific security vulnerability.
Diff
diff --git a/eks/latest/userguide/create-standard-access-entry-policy.md b/eks/latest/userguide/create-standard-access-entry-policy.md index 537a639ae..574b4b6d5 100644 --- a//eks/latest/userguide/create-standard-access-entry-policy.md +++ b//eks/latest/userguide/create-standard-access-entry-policy.md @@ -88 +88 @@ You need the ARN of the access policy. Review the [available access policies](./ - aws eks associate-access-policy --cluster-name <cluster-name> --principal-arn <iam-identity-arn> --policy-arn <access-policy-arn> + aws eks associate-access-policy --cluster-name <cluster-name> --principal-arn <iam-identity-arn> --access-scope type=cluster --policy-arn <access-policy-arn>