AWS Security ChangesHomeSearch

AWS pcs documentation change

Service: pcs · 2026-05-01 · Documentation low

File: pcs/latest/userguide/security-min-permissions.md

Summary

Added ec2:DescribeCapacityBlocks and ec2:DescribeCapacityBlockStatus permissions requirements

Security assessment

Updates least-privilege IAM policy documentation for new EC2 Capacity Blocks features. Enhances security posture but doesn't fix vulnerabilities.

Diff

diff --git a/pcs/latest/userguide/security-min-permissions.md b/pcs/latest/userguide/security-min-permissions.md
index a90b85d10..0ce58ee28 100644
--- a//pcs/latest/userguide/security-min-permissions.md
+++ b//pcs/latest/userguide/security-min-permissions.md
@@ -208 +208 @@ Amazon EC2 Capacity Blocks for ML is an Amazon EC2 purchasing option that enable
-You choose to use Capacity Blocks when you create or update a compute node group. The IAM identity you use to create or update the compute node group must have the following permission:
+You choose to use Capacity Blocks when you create or update a compute node group. The IAM identity you use to create or update the compute node group must have the following permissions:
@@ -211 +211,3 @@ You choose to use Capacity Blocks when you create or update a compute node group
-    ec2:DescribeCapacityReservations
+    ec2:DescribeCapacityReservations,
+    ec2:DescribeCapacityBlocks,
+    ec2:DescribeCapacityBlockStatus
@@ -250 +252,3 @@ Users who don't configure and manage the service don't require these permissions
-            "ec2:DescribeCapacityReservations"
+            "ec2:DescribeCapacityReservations",
+            "ec2:DescribeCapacityBlocks",
+            "ec2:DescribeCapacityBlockStatus"