AWS Security ChangesHomeSearch

AWS opensearch-service medium security documentation change

Service: opensearch-service · 2025-04-23 · Security-related medium

File: opensearch-service/latest/developerguide/configure-client-ddb.md

Summary

Removed 'sts_role_arn' from pipeline example and updated blueprint documentation link.

Security assessment

Elimination of hardcoded role ARN in DynamoDB pipeline configuration example mitigates risks associated with accidental credential exposure in user configurations. This aligns with security best practices for avoiding sensitive data in documentation examples.

Diff

diff --git a/opensearch-service/latest/developerguide/configure-client-ddb.md b/opensearch-service/latest/developerguide/configure-client-ddb.md
index 57d037b83..6bf43d924 100644
--- a//opensearch-service/latest/developerguide/configure-client-ddb.md
+++ b//opensearch-service/latest/developerguide/configure-client-ddb.md
@@ -136 +135,0 @@ You can then configure an OpenSearch Ingestion pipeline like the following, whic
-            sts_role_arn: "arn:aws:iam::account-id:role/pipeline-role"
@@ -148 +147 @@ You can then configure an OpenSearch Ingestion pipeline like the following, whic
-You can use a preconfigured DynamoDB blueprint to create this pipeline. For more information, see [Using blueprints to create a pipeline](./pipeline-blueprint.html).
+You can use a preconfigured DynamoDB blueprint to create this pipeline. For more information, see [Working with blueprints](./pipeline-blueprint.html).