AWS opensearch-service medium security documentation change
Summary
Updated SAML group condition key syntax and principal tag reference in VPC policy example
Security assessment
Changed from 'aws:SamlGroups' to correct 'saml:Groups' condition key and updated principal reference. Fixes policy syntax to ensure proper access control enforcement.
Diff
diff --git a/opensearch-service/latest/developerguide/serverless-vpc.md b/opensearch-service/latest/developerguide/serverless-vpc.md index 62586fade..4732333e0 100644 --- a//opensearch-service/latest/developerguide/serverless-vpc.md +++ b//opensearch-service/latest/developerguide/serverless-vpc.md @@ -162,4 +162,4 @@ JSON - "aws:SamlGroups": [ - "saml/123456789012/idp123/group/football", - "saml/123456789012/idp123/group/soccer", - "saml/123456789012/idp123/group/cricket" + "saml:Groups": [ + "saml/111122223333/idp123/group/football", + "saml/111122223333/idp123/group/soccer", + "saml/111122223333/idp123/group/cricket" @@ -193,2 +193,2 @@ JSON - "aoss:SamlPrincipal": [ - "saml/123456789012/idp123/user/user1234"] + "aws:PrincipalTag/Department": [ + "Engineering"]