AWS pcs documentation change
Summary
Added details about VPC endpoint configuration and DNS resolution requirements for private subnets.
Security assessment
The change clarifies network configuration best practices but doesn't address a specific security vulnerability or introduce new security features. It focuses on connectivity requirements.
Diff
diff --git a/pcs/latest/userguide/troubleshooting-compute-node-bootstrap.md b/pcs/latest/userguide/troubleshooting-compute-node-bootstrap.md index e46010176..8decbecfb 100644 --- a//pcs/latest/userguide/troubleshooting-compute-node-bootstrap.md +++ b//pcs/latest/userguide/troubleshooting-compute-node-bootstrap.md @@ -196 +196 @@ Verify that the instance profile associated with the compute node has the `pcs:R -If your compute nodes are in a private subnet, make sure that you have configured VPC endpoints for AWS PCS or that your subnet has a route to a NAT gateway for internet access. For more information, see the following: +If your compute nodes are in a private subnet, make sure that you have configured VPC endpoints for AWS PCS. Alternatively, make sure that your subnet has a route to a NAT gateway for internet access. By default, the AWS PCS agent uses the dual-stack, non-FIPS endpoint `pcs.`region`.api.aws`. If you use custom DNS, make sure that it can resolve `pcs.`region`.api.aws` to the endpoint. For more information, see the following: