AWS pcs documentation change
Summary
Added ec2:DescribeCapacityBlocks and ec2:DescribeCapacityBlockStatus permissions requirements
Security assessment
Updates least-privilege IAM policy documentation for new EC2 Capacity Blocks features. Enhances security posture but doesn't fix vulnerabilities.
Diff
diff --git a/pcs/latest/userguide/security-min-permissions.md b/pcs/latest/userguide/security-min-permissions.md index a90b85d10..0ce58ee28 100644 --- a//pcs/latest/userguide/security-min-permissions.md +++ b//pcs/latest/userguide/security-min-permissions.md @@ -208 +208 @@ Amazon EC2 Capacity Blocks for ML is an Amazon EC2 purchasing option that enable -You choose to use Capacity Blocks when you create or update a compute node group. The IAM identity you use to create or update the compute node group must have the following permission: +You choose to use Capacity Blocks when you create or update a compute node group. The IAM identity you use to create or update the compute node group must have the following permissions: @@ -211 +211,3 @@ You choose to use Capacity Blocks when you create or update a compute node group - ec2:DescribeCapacityReservations + ec2:DescribeCapacityReservations, + ec2:DescribeCapacityBlocks, + ec2:DescribeCapacityBlockStatus @@ -250 +252,3 @@ Users who don't configure and manage the service don't require these permissions - "ec2:DescribeCapacityReservations" + "ec2:DescribeCapacityReservations", + "ec2:DescribeCapacityBlocks", + "ec2:DescribeCapacityBlockStatus"