AWS securityhub documentation change
Summary
Updated descriptions for two EKS controls (cluster and node group) to clarify they check for 'standard support' Kubernetes versions and fail on 'unsupported or extended support' versions (previously just 'unsupported').
Security assessment
This change refines the description of security controls to be more precise about Kubernetes version support (distinguishing between standard, extended, and unsupported support). It enhances security documentation by providing clearer criteria but does not indicate a specific security issue being fixed.
Diff
diff --git a/securityhub/latest/userguide/eks-controls.md b/securityhub/latest/userguide/eks-controls.md index cf573e351..bea150ba1 100644 --- a//securityhub/latest/userguide/eks-controls.md +++ b//securityhub/latest/userguide/eks-controls.md @@ -58 +58 @@ To modify endpoint access for an existing EKS cluster, see [Modifying cluster en -This control checks whether an Amazon Elastic Kubernetes Service (Amazon EKS) cluster runs on a supported Kubernetes version. The control fails if the EKS cluster runs on an unsupported version. +This control checks whether an Amazon Elastic Kubernetes Service (Amazon EKS) cluster is running on a standard support Kubernetes version. The control fails if the Amazon EKS cluster is running on an unsupported or extended support version. @@ -202 +202 @@ To enable audit logs for your EKS cluster, see [Enabling and disabling control p -This control checks whether an Amazon EKS node group runs on a supported Kubernetes version. The control fails if the EKS node group runs on an unsupported version. +This control checks whether an Amazon EKS node group runs on a standard support Kubernetes version. The control fails if the Amazon EKS node group runs on an unsupported or extended support version.