AWS Security ChangesHomeSearch

AWS opensearch-service documentation change

Service: opensearch-service · 2025-06-25 · Documentation medium

File: opensearch-service/latest/developerguide/ac.md

Summary

Added multiple JSON section markers in access control policy examples

Security assessment

Improves documentation of security policies by adding JSON structure markers, enhancing clarity for security configurations. Does not address specific vulnerabilities.

Diff

diff --git a/opensearch-service/latest/developerguide/ac.md b/opensearch-service/latest/developerguide/ac.md
index 69cab908f..afb06aa5a 100644
--- a//opensearch-service/latest/developerguide/ac.md
+++ b//opensearch-service/latest/developerguide/ac.md
@@ -33,0 +34,6 @@ For example, the following resource-based policy grants `test-user` full access
+JSON
+    
+
+****
+    
+    
@@ -72,0 +80,6 @@ To further restrict `test-user`, you can apply the following policy:
+JSON
+    
+
+****
+    
+    
@@ -95,0 +110,6 @@ Next, you might decide to configure a role for power users. This policy gives `p
+JSON
+    
+
+****
+    
+    
@@ -131,0 +153,6 @@ Because identity-based policies attach to users or roles (principals), the JSON
+JSON
+    
+
+****
+    
+    
@@ -148,0 +177,6 @@ An administrator might have full access to OpenSearch Service and all data store
+JSON
+    
+
+****
+    
+    
@@ -164,0 +200,6 @@ Identity-based policies let you use tags to control access to the configuration
+JSON
+    
+
+****
+    
+    
@@ -187,0 +230,6 @@ You can also use tags to control access to the OpenSearch API. Tag-based policie
+JSON
+    
+
+****
+    
+    
@@ -215,0 +265,6 @@ OpenSearch Service supports the `RequestTag` and `TagKeys` global condition keys
+JSON
+    
+
+****
+    
+    
@@ -256,0 +313,6 @@ The following policy grants all HTTP requests that originate from the specified
+JSON
+    
+
+****
+    
+    
@@ -282,0 +346,6 @@ If your domain has a public endpoint and doesn't use [fine-grained access contro
+JSON
+    
+
+****
+    
+    
@@ -353,0 +424,6 @@ Specifying the `*` wildcard enables anonymous access to the domain, which we don
+JSON
+    
+
+****
+    
+    
@@ -417,0 +495,6 @@ For example, consider the following resource-based policy:
+JSON
+    
+
+****
+    
+    
@@ -479,0 +564,6 @@ Similarly, the following resource-based policy contains two subtle issues:
+JSON
+    
+
+****
+    
+