AWS Security ChangesHomeSearch

AWS opensearch-service medium security documentation change

Service: opensearch-service · 2025-08-10 · Security-related medium

File: opensearch-service/latest/developerguide/serverless-vpc.md

Summary

Updated SAML group condition key syntax and principal tag reference in VPC policy example

Security assessment

Changed from 'aws:SamlGroups' to correct 'saml:Groups' condition key and updated principal reference. Fixes policy syntax to ensure proper access control enforcement.

Diff

diff --git a/opensearch-service/latest/developerguide/serverless-vpc.md b/opensearch-service/latest/developerguide/serverless-vpc.md
index 62586fade..4732333e0 100644
--- a//opensearch-service/latest/developerguide/serverless-vpc.md
+++ b//opensearch-service/latest/developerguide/serverless-vpc.md
@@ -162,4 +162,4 @@ JSON
-                        "aws:SamlGroups": [
-                            "saml/123456789012/idp123/group/football",
-                            "saml/123456789012/idp123/group/soccer",
-                            "saml/123456789012/idp123/group/cricket"
+                        "saml:Groups": [
+                            "saml/111122223333/idp123/group/football",
+                            "saml/111122223333/idp123/group/soccer",
+                            "saml/111122223333/idp123/group/cricket"
@@ -193,2 +193,2 @@ JSON
-                        "aoss:SamlPrincipal": [
-                            "saml/123456789012/idp123/user/user1234"]
+                        "aws:PrincipalTag/Department": [
+                            "Engineering"]