AWS Security ChangesHomeSearch

AWS parallelcluster documentation change

Service: parallelcluster · 2026-07-04 · Documentation medium

File: parallelcluster/latest/ug/network-configuration-v3-single-subnet.md

Summary

Added note about EFA-enabled nodes requiring private subnets/NAT when using compatible single-network-card instances

Security assessment

Extends network security guidance to new instance types, enforcing private network placement to prevent public exposure. Security improvement but not vulnerability fix.

Diff

diff --git a/parallelcluster/latest/ug/network-configuration-v3-single-subnet.md b/parallelcluster/latest/ug/network-configuration-v3-single-subnet.md
index c8ab5cdb8..01c8fd167 100644
--- a//parallelcluster/latest/ug/network-configuration-v3-single-subnet.md
+++ b//parallelcluster/latest/ug/network-configuration-v3-single-subnet.md
@@ -18,0 +19,2 @@ In this configuration, all instances of the cluster must be assigned a public IP
+  * Starting with AWS ParallelCluster version 3.15.0, this requirement also applies when you enable [Efa](./Scheduling-v3.html#yaml-Scheduling-SlurmQueues-ComputeResources-Efa) on a single-network-card instance type that supports more than one network interface. AWS ParallelCluster launches these compute nodes with multiple network interfaces, and AWS public IPs can only be assigned to instances launched with a single network interface. Use a private subnet with a [NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) for these compute nodes instead, as described in [AWS ParallelCluster using two subnets](./network-configuration-v3-two-subnets.html).
+