Fixed broken links with arn:aws included on three pages

chrisnegus · chrisnegus · commit f46020e954f1 · 2025-08-28T15:02:04.000Z
diff --git a/latest/ug/networking/security-groups-pods-deployment.adoc b/latest/ug/networking/security-groups-pods-deployment.adoc
@@ -24,7 +24,7 @@ v1.7.6
 ----
 +
 If your Amazon VPC CNI plugin for Kubernetes version is earlier than `1.7.7`, then update the plugin to version `1.7.7` or later. For more information, see <<managing-vpc-cni>>
-. Add the link:iam/home#/policies/{arn-aws}iam::aws:policy/AmazonEKSVPCResourceController[AmazonEKSVPCResourceController,type="console"] managed IAM policy to the <<create-service-role,cluster role>> that is associated with your Amazon EKS cluster. The policy allows the role to manage network interfaces, their private IP addresses, and their attachment and detachment to and from network instances.
+. Add the link:iam/home#/policies/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController[AmazonEKSVPCResourceController,type="console"] managed IAM policy to the <<create-service-role,cluster role>> that is associated with your Amazon EKS cluster. The policy allows the role to manage network interfaces, their private IP addresses, and their attachment and detachment to and from network instances. 
 +
 .. Retrieve the name of your cluster IAM role and store it in a variable. Replace [.replaceable]`my-cluster` with the name of your cluster.
 +
diff --git a/latest/ug/storage/s3-csi-create.adoc b/latest/ug/storage/s3-csi-create.adoc
@@ -26,7 +26,7 @@ This procedure will show you how to deploy the <<s3-csi, Mountpoint for Amazon S
 
 The Mountpoint for Amazon S3 CSI driver requires Amazon S3 permissions to interact with your file system. This section shows how to create an IAM policy that grants the necessary permissions.
 
-The following example policy follows the IAM permission recommendations for Mountpoint. Alternatively, you can use the {aws} managed policy link:iam/home?#/policies/{arn-aws}iam::aws:policy/AmazonS3FullAccess$jsonEditor[AmazonS3FullAccess,type="console"], but this managed policy grants more permissions than are needed for Mountpoint.  
+The following example policy follows the IAM permission recommendations for Mountpoint. Alternatively, you can use the {aws} managed policy link:iam/home?#/policies/arn:aws:iam::aws:policy/AmazonS3FullAccess$jsonEditor[AmazonS3FullAccess,type="console"], but this managed policy grants more permissions than are needed for Mountpoint.  
 
 For more information about the recommended permissions for Mountpoint, see https://github.com/awslabs/mountpoint-s3/blob/main/doc/CONFIGURATION.md#iam-permissions[Mountpoint IAM permissions] on GitHub.
 
diff --git a/latest/ug/workloads/workloads-add-ons-available-eks.adoc b/latest/ug/workloads/workloads-add-ons-available-eks.adoc
@@ -344,7 +344,7 @@ The Amazon EKS add-on name is `aws-mountpoint-s3-csi-driver`.
 
 This add-on uses the  IAM roles for service accounts capability of Amazon EKS. For more information, see <<iam-roles-for-service-accounts>>.
 
-The IAM role that is created will require a policy that gives access to S3. Follow the https://github.com/awslabs/mountpoint-s3/blob/main/doc/CONFIGURATION.md#iam-permissions[Mountpoint IAM permissions recommendations] when creating the policy. Alternatively, you may use the {aws} managed policy link:iam/home?#/policies/{arn-aws}iam::aws:policy/AmazonS3FullAccess$jsonEditor[AmazonS3FullAccess,type="console"], but this managed policy grants more permissions than are needed for Mountpoint.  
+The IAM role that is created will require a policy that gives access to S3. Follow the https://github.com/awslabs/mountpoint-s3/blob/main/doc/CONFIGURATION.md#iam-permissions[Mountpoint IAM permissions recommendations] when creating the policy. Alternatively, you may use the {aws} managed policy link:iam/home?#/policies/arn:aws:iam::aws:policy/AmazonS3FullAccess$jsonEditor[AmazonS3FullAccess,type="console"], but this managed policy grants more permissions than are needed for Mountpoint.  
 
 You can create an IAM role and attach your policy to it with the following commands. Replace [.replaceable]`my-cluster` with the name of your cluster, [.replaceable]`region-code` with the correct {aws} Region code, [.replaceable]`AmazonEKS_S3_CSI_DriverRole` with the name for your role, and [.replaceable]`AmazonEKS_S3_CSI_DriverRole_ARN` with the role ARN. These commands require that you have https://eksctl.io[eksctl] installed on your device. For instructions on using the IAM console or {aws} CLI, see <<s3-create-iam-role>>.
 
@@ -547,7 +547,7 @@ The Amazon EKS add-on name is `amazon-cloudwatch-observability`.
 [#amazon-cloudwatch-observability-iam-permissions]
 === Required IAM permissions
 
-This add-on uses the  IAM roles for service accounts capability of Amazon EKS. For more information, see <<iam-roles-for-service-accounts>>. The permissions in the link:iam/home#/policies/{arn-aws}iam::aws:policy/AWSXrayWriteOnlyAccess[AWSXrayWriteOnlyAccess,type="console"] and link:iam/home#/policies/{arn-aws}iam::aws:policy/CloudWatchAgentServerPolicy[CloudWatchAgentServerPolicy,type="console"] {aws} managed policies are required. You can create an IAM role, attach the managed policies to it, and annotate the Kubernetes service account used by the add-on with the following command. Replace [.replaceable]`my-cluster` with the name of your cluster and [.replaceable]`AmazonEKS_Observability_role` with the name for your role. This command requires that you have https://eksctl.io[eksctl] installed on your device. If you need to use a different tool to create the role, attach the policy to it, and annotate the Kubernetes service account, see <<associate-service-account-role>>.
+This add-on uses the  IAM roles for service accounts capability of Amazon EKS. For more information, see <<iam-roles-for-service-accounts>>. The permissions in the link:iam/home#/policies/arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess[AWSXrayWriteOnlyAccess,type="console"] and link:iam/home#/policies/arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy[CloudWatchAgentServerPolicy,type="console"] {aws} managed policies are required. You can create an IAM role, attach the managed policies to it, and annotate the Kubernetes service account used by the add-on with the following command. Replace [.replaceable]`my-cluster` with the name of your cluster and [.replaceable]`AmazonEKS_Observability_role` with the name for your role. This command requires that you have https://eksctl.io[eksctl] installed on your device. If you need to use a different tool to create the role, attach the policy to it, and annotate the Kubernetes service account, see <<associate-service-account-role>>.
 
 [source,bash,subs="verbatim,attributes"]
 ----

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ v1.7.6`
`24`	`24`	`----`
`25`	`25`	`+`
`26`	`26`	If your Amazon VPC CNI plugin for Kubernetes version is earlier than `1.7.7`, then update the plugin to version `1.7.7` or later. For more information, see <<managing-vpc-cni>>
`27`		`-. Add the link:iam/home#/policies/{arn-aws}iam::aws:policy/AmazonEKSVPCResourceController[AmazonEKSVPCResourceController,type="console"] managed IAM policy to the <<create-service-role,cluster role>> that is associated with your Amazon EKS cluster. The policy allows the role to manage network interfaces, their private IP addresses, and their attachment and detachment to and from network instances.`
	`27`	`+. Add the link:iam/home#/policies/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController[AmazonEKSVPCResourceController,type="console"] managed IAM policy to the <<create-service-role,cluster role>> that is associated with your Amazon EKS cluster. The policy allows the role to manage network interfaces, their private IP addresses, and their attachment and detachment to and from network instances.`
`28`	`28`	`+`
`29`	`29`	.. Retrieve the name of your cluster IAM role and store it in a variable. Replace [.replaceable]`my-cluster` with the name of your cluster.
`30`	`30`	`+`