AWS Security ChangesHomeSearch

AWS opensearch-service documentation change

Service: opensearch-service · 2025-03-30 · Documentation low

File: opensearch-service/latest/developerguide/configure-client-source-security-lake.md

Summary

Updated S3/SQS ARN patterns and queue URL examples by replacing placeholder syntax

Security assessment

Changes correct placeholder formatting in resource ARNs and URLs. No evidence of addressing security vulnerabilities or introducing security features.

Diff

diff --git a/opensearch-service/latest/developerguide/configure-client-source-security-lake.md b/opensearch-service/latest/developerguide/configure-client-source-security-lake.md
index e44a1c775..f31861034 100644
--- a/opensearch-service/latest/developerguide/configure-client-source-security-lake.md
+++ b/opensearch-service/latest/developerguide/configure-client-source-security-lake.md
@@ -61,5 +61,5 @@ Create a new permissions policy in IAM that combines only the required permissio
-                "arn:aws:s3:::aws-security-data-lake-{region}-abcde/aws/LAMBDA_EXECUTION/1.0/*",
-                "arn:aws:s3:::aws-security-data-lake-{region}-abcde/aws/S3_DATA/1.0/*",
-                "arn:aws:s3:::aws-security-data-lake-{region}-abcde/aws/VPC_FLOW/1.0/*",
-                "arn:aws:s3:::aws-security-data-lake-{region}-abcde/aws/ROUTE53/1.0/*",
-                "arn:aws:s3:::aws-security-data-lake-{region}-abcde/aws/SH_FINDINGS/1.0/*"
+                "arn:aws:s3:::aws-security-data-lake-region-abcde/aws/LAMBDA_EXECUTION/1.0/*",
+                "arn:aws:s3:::aws-security-data-lake-region-abcde/aws/S3_DATA/1.0/*",
+                "arn:aws:s3:::aws-security-data-lake-region-abcde/aws/VPC_FLOW/1.0/*",
+                "arn:aws:s3:::aws-security-data-lake-region-abcde/aws/ROUTE53/1.0/*",
+                "arn:aws:s3:::aws-security-data-lake-region-abcde/aws/SH_FINDINGS/1.0/*"
@@ -75 +75 @@ Create a new permissions policy in IAM that combines only the required permissio
-                "arn:aws:sqs:{region}:{account-id}:AmazonSecurityLake-abcde-Main-Queue"
+                "arn:aws:sqs:region:account-id:AmazonSecurityLake-abcde-Main-Queue"
@@ -93 +93 @@ You must attach these permissions to the IAM role that you specify in the `sts_r
-          queue_url: "https://sqs.{region}.amazonaws.com/{account-id}/AmazonSecurityLake-abcde-Main-Queue"
+          queue_url: "https://sqs.region.amazonaws.com/account-id/AmazonSecurityLake-abcde-Main-Queue"
@@ -96 +96 @@ You must attach these permissions to the IAM role that you specify in the `sts_r
-          **sts_role_arn: arn:aws:iam::{account-id}:role/pipeline-role**
+          **sts_role_arn: arn:aws:iam::account-id:role/pipeline-role**
@@ -107 +107 @@ After you add the permissions to the pipeline role, use the preconfigured Securi
-You must specify the `queue_url` option within the `s3` source configuration, which is the Amazon SQS queue URL to read from. To format the URL, locate the **Subscription endpoint** in the subscriber configuration and change `arn:aws:` to `https://`. For example, `https://sqs.`{region}`.amazonaws.com/`{account-id}`/AmazonSecurityLake-`abdcef`-Main-Queue`.
+You must specify the `queue_url` option within the `s3` source configuration, which is the Amazon SQS queue URL to read from. To format the URL, locate the **Subscription endpoint** in the subscriber configuration and change `arn:aws:` to `https://`. For example, `https://sqs.`region`.amazonaws.com/`account-id`/AmazonSecurityLake-`abdcef`-Main-Queue`.