AWS opensearch-service documentation change
Summary
Updated documentation links to use consistent lowercase titles, modified example configuration values (s3_bucket, removed sts_role_arn), and updated VPC attachment instructions with revised section naming.
Security assessment
Changes are primarily formatting improvements and example updates. The security-related content about secrets rotation and RBAC already existed and was not added here. Removal of sts_role_arn in examples does not indicate a security fix but rather configuration simplification.
Diff
diff --git a/opensearch-service/latest/developerguide/configure-client-docdb.md b/opensearch-service/latest/developerguide/configure-client-docdb.md index 6e1a09f3a..ba15fd516 100644 --- a//opensearch-service/latest/developerguide/configure-client-docdb.md +++ b//opensearch-service/latest/developerguide/configure-client-docdb.md @@ -27 +27 @@ Before you create your OpenSearch Ingestion pipeline, perform the following step - 4. Set up authentication on your Amazon DocumentDB cluster with AWS Secrets Manager. Enable secrets rotation by following the steps in [Automatically Rotating Passwords for Amazon DocumentDB](https://docs.aws.amazon.com/documentdb/latest/developerguide/security.managing-users.html#security.managing-users-rotating-passwords). For more information, see [Database Access Using Role-Based Access Control](https://docs.aws.amazon.com/documentdb/latest/developerguide/role_based_access_control.html) and [Security in Amazon DocumentDB](https://docs.aws.amazon.com/documentdb/latest/developerguide/security.html). + 4. Set up authentication on your Amazon DocumentDB cluster with AWS Secrets Manager. Enable secrets rotation by following the steps in [Automatically rotating passwords for Amazon DocumentDB](https://docs.aws.amazon.com/documentdb/latest/developerguide/security.managing-users.html#security.managing-users-rotating-passwords). For more information, see [Database access using Role-Based Access Control](https://docs.aws.amazon.com/documentdb/latest/developerguide/role_based_access_control.html) and [Security in Amazon DocumentDB](https://docs.aws.amazon.com/documentdb/latest/developerguide/security.html). @@ -29 +29 @@ Before you create your OpenSearch Ingestion pipeline, perform the following step - 5. If you use a change stream to subscribe to data changes on your Amazon DocumentDB collection, avoid data loss by extending the retention period to up to 7 days using the `change_stream_log_retention_duration` parameter. Change streams events are stored for 3 hours, by default, after the event has been recorded, which isn't enough time for large collections. To modify the change stream retention period, see [Modifying the Change Stream Log Retention Duration](https://docs.aws.amazon.com/documentdb/latest/developerguide/change_streams.html#change_streams-modifying_log_retention). + 5. If you use a change stream to subscribe to data changes on your Amazon DocumentDB collection, avoid data loss by extending the retention period to up to 7 days using the `change_stream_log_retention_duration` parameter. Change streams events are stored for 3 hours, by default, after the event has been recorded, which isn't enough time for large collections. To modify the change stream retention period, see [Modifying the change stream log retention duration](https://docs.aws.amazon.com/documentdb/latest/developerguide/change_streams.html#change_streams-modifying_log_retention). @@ -167,2 +167 @@ You can then configure an OpenSearch Ingestion pipeline like the following, whic - sts_role_arn: "arn:aws:iam::account-id:role/pipeline-role" - s3_bucket: "amzn-s3-demo-bucket" + s3_bucket: "bucket-name" @@ -190 +188,0 @@ You can then configure an OpenSearch Ingestion pipeline like the following, whic - sts_role_arn: "arn:aws:iam::account-id:role/pipeline-role" @@ -193 +191 @@ You can then configure an OpenSearch Ingestion pipeline like the following, whic -You can use a preconfigured Amazon DocumentDB blueprint to create this pipeline. For more information, see [Using blueprints to create a pipeline](./pipeline-blueprint.html). +You can use a preconfigured Amazon DocumentDB blueprint to create this pipeline. For more information, see [Working with blueprints](./pipeline-blueprint.html). @@ -195 +193 @@ You can use a preconfigured Amazon DocumentDB blueprint to create this pipeline. -If you're using the AWS Management Console to create your pipeline, you must also attach your pipeline to your VPC in order to use Amazon DocumentDB as a source. To do so, find the **Network configuration** section, select the **Attach to VPC** checkbox, and choose your CIDR from one of the provided default options, or select your own. You can use any CIDR from a private address space as defined in the [RFC 1918 Best Current Practice](https://datatracker.ietf.org/doc/html/rfc1918). +If you're using the AWS Management Console to create your pipeline, you must also attach your pipeline to your VPC in order to use Amazon DocumentDB as a source. To do so, find the **Source network options** section, select the **Attach to VPC** checkbox, and choose your CIDR from one of the provided default options. You can use any CIDR from a private address space as defined in the [RFC 1918 Best Current Practice](https://datatracker.ietf.org/doc/html/rfc1918).