AWS Security ChangesHomeSearch

AWS opensearch-service documentation change

Service: opensearch-service · 2025-03-30 · Documentation medium

File: opensearch-service/latest/developerguide/osis-serverless-get-started.md

Summary

Added step to disable automatic policy matching and renumbered subsequent steps for clarity

Security assessment

Emphasizes manual configuration of access policies, promoting security best practices but does not address a specific security vulnerability.

Diff

diff --git a/opensearch-service/latest/developerguide/osis-serverless-get-started.md b/opensearch-service/latest/developerguide/osis-serverless-get-started.md
index 8001a7f9e..6397aa230 100644
--- a/opensearch-service/latest/developerguide/osis-serverless-get-started.md
+++ b/opensearch-service/latest/developerguide/osis-serverless-get-started.md
@@ -156 +156,3 @@ Next, create a collection to ingest data into. We'll name the collection `ingest
-  7. Now, configure a data acces policy for the collection. For **Definition method** , choose **JSON** and paste the following policy into the editor. This policy does two things:
+  7. Now, configure a data acces policy for the collection. Deselect **Automatically match access policy settings**.
+
+  8. For **Definition method** , choose **JSON** and paste the following policy into the editor. This policy does two things:
@@ -187 +189 @@ Next, create a collection to ingest data into. We'll name the collection `ingest
-  8. Replace the `Principal` elements. The first principal should specify the pipeline role that you created. The second should specify a user or role that you can use to query the collection later.
+  9. Replace the `Principal` elements. For the first principal, specify pipeline role that you created. For the second principal, specify a user or role that you can use to query the collection later.
@@ -189 +191 @@ Next, create a collection to ingest data into. We'll name the collection `ingest
-  9. Choose **Next**. Name the access policy **pipeline-domain-access** and choose **Next** again.
+  10. Choose **Next**. Name the access policy **pipeline-domain-access** and choose **Next** again.
@@ -191 +193 @@ Next, create a collection to ingest data into. We'll name the collection `ingest
-  10. Review your collection configuration and choose **Submit**.
+  11. Review your collection configuration and choose **Submit**.