AWS opensearch-service medium security documentation change
Summary
Updated account IDs and modified EC2 resource ARNs in policies
Security assessment
Changed EC2 resource ARNs to use wildcard account IDs in policy examples, potentially introducing over-permissive patterns
Diff
diff --git a/opensearch-service/latest/developerguide/configure-client-self-managed-opensearch.md b/opensearch-service/latest/developerguide/configure-client-self-managed-opensearch.md index 90f769e57..005e4c2d4 100644 --- a//opensearch-service/latest/developerguide/configure-client-self-managed-opensearch.md +++ b//opensearch-service/latest/developerguide/configure-client-self-managed-opensearch.md @@ -156 +156 @@ JSON - "AWS": "arn:aws:iam::pipeline-account-id:role/pipeline-role" + "AWS": "arn:aws:iam::444455556666:role/pipeline-role" @@ -163 +163 @@ JSON - "arn:aws:es:region:account-id:domain/domain-name" + "arn:aws:es:us-east-1:account-id:domain/domain-name" @@ -195 +195 @@ JSON - "Resource": ["arn:aws:secretsmanager:region:account-id:secret:secret-name"] + "Resource": ["arn:aws:secretsmanager:us-east-1:111122223333:secret:secret-name"] @@ -209,3 +209,3 @@ JSON - "arn:aws:ec2:*:account-id:network-interface/*", - "arn:aws:ec2:*:account-id:subnet/*", - "arn:aws:ec2:*:account-id:security-group/*" + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*"