AWS Security ChangesHomeSearch

AWS pcs documentation change

Service: pcs · 2026-07-04 · Documentation low

File: pcs/latest/userguide/troubleshooting-compute-node-bootstrap.md

Summary

Added details about VPC endpoint configuration and DNS resolution requirements for private subnets.

Security assessment

The change clarifies network configuration best practices but doesn't address a specific security vulnerability or introduce new security features. It focuses on connectivity requirements.

Diff

diff --git a/pcs/latest/userguide/troubleshooting-compute-node-bootstrap.md b/pcs/latest/userguide/troubleshooting-compute-node-bootstrap.md
index e46010176..8decbecfb 100644
--- a//pcs/latest/userguide/troubleshooting-compute-node-bootstrap.md
+++ b//pcs/latest/userguide/troubleshooting-compute-node-bootstrap.md
@@ -196 +196 @@ Verify that the instance profile associated with the compute node has the `pcs:R
-If your compute nodes are in a private subnet, make sure that you have configured VPC endpoints for AWS PCS or that your subnet has a route to a NAT gateway for internet access. For more information, see the following:
+If your compute nodes are in a private subnet, make sure that you have configured VPC endpoints for AWS PCS. Alternatively, make sure that your subnet has a route to a NAT gateway for internet access. By default, the AWS PCS agent uses the dual-stack, non-FIPS endpoint `pcs.`region`.api.aws`. If you use custom DNS, make sure that it can resolve `pcs.`region`.api.aws` to the endpoint. For more information, see the following: