AWS notification about new IAM policies for EC2 CreateSecurityGroup API

Question

I'm having troubles understanding what's happening with an email sent by AWS about "[Action Required] Update Allow IAM policies for EC2 CreateSecurityGroup API by June 30, 2024. [AWS Account: xxxxxxx] [US-EAST-2]"

for those who have received could you please exmplain better what we shall do ? they said to replace vpc arn *arn:aws:ec2:ExampleRegion:ExampleVpcParticipant:vpc/ExampleVpcId* to *arn:aws:ec2:ExampleRegion:ExampleVpcOwner:vpc/ExampleVpcId * but they did not provide an example of what ExampleVpcParticipant and ExampleVpcOwner could be.

all my IAM policies that include a vpc arn are in format of "arn:aws:ec2:*:xxxxxxx:vpc/*" where xxxxxxx is the account ID, so what's wrong with it ?

on the AWS health dashboard, the affected resources redirects me to *https://console.aws.amazon.com/vpc/home?region=us-east-2*, not to a specific VPC nor to a specific IAM policy. so it's very confusing to understand what's the problem.

Accepted Answer

Contacted support, after some back and forth here's their reply:

> "The team have confirmed that you don't need to take any further action at this time, but if you ever receive a notice like this again, you will need to get direct assistance from the VPC Team"
No further action is required of you at this time.

Answer

Do you have multiple accounts and you are sharing your VPC ?

AWS notification about new IAM policies for EC2 CreateSecurityGroup API

Relevanter Inhalt