AWS Security ChangesHomeSearch

AWS AWSEC2 documentation change

Service: AWSEC2 · 2026-06-16 · Documentation low

File: AWSEC2/latest/UserGuide/network_mtu.md

Summary

Added 'untracked connections' as a condition for receiving PMTUD responses alongside automatically tracked connections and security group rules allowing ICMP traffic.

Security assessment

The change clarifies security group behavior for PMTUD responses but doesn't address a specific vulnerability. It improves documentation about connection tracking mechanisms which are part of network security configuration.

Diff

diff --git a/AWSEC2/latest/UserGuide/network_mtu.md b/AWSEC2/latest/UserGuide/network_mtu.md
index 41a534a4f..5c84c5da4 100644
--- a//AWSEC2/latest/UserGuide/network_mtu.md
+++ b//AWSEC2/latest/UserGuide/network_mtu.md
@@ -85 +85 @@ The IPv6 protocol does not support fragmentation in the network. When a host sen
-Connections made through some components, like NAT gateways and load balancers, are [automatically tracked](./security-group-connection-tracking.html#automatic-tracking). This means that [security group tracking](./security-group-connection-tracking.html) is automatically enabled for your outbound connection attempts. If connections are automatically tracked or if your security group rules allow inbound ICMP traffic, you can receive PMTUD responses.
+Connections made through some components, like NAT gateways and load balancers, are [automatically tracked](./security-group-connection-tracking.html#automatic-tracking). This means that [security group tracking](./security-group-connection-tracking.html) is automatically enabled for your outbound connection attempts. If connections are automatically tracked, are [untracked](./security-group-connection-tracking.html#untracked-connections), or if your security group rules allow inbound ICMP traffic, you can receive PMTUD responses.