AWS Security ChangesHomeSearch

AWS opensearch-service documentation change

Service: opensearch-service · 2025-08-16 · Documentation low

File: opensearch-service/latest/developerguide/idc-aos.md

Summary

Multiple changes including capitalization fixes ('fine-grained'), regional availability note, and terminology updates ('Amazon OpenSearch Service' to 'OpenSearch')

Security assessment

Added regional availability requirement and account alignment requirements for IAM Identity Center integration. These clarify security best practices but do not address a specific vulnerability.

Diff

diff --git a/opensearch-service/latest/developerguide/idc-aos.md b/opensearch-service/latest/developerguide/idc-aos.md
index 705c712af..2d264c846 100644
--- a//opensearch-service/latest/developerguide/idc-aos.md
+++ b//opensearch-service/latest/developerguide/idc-aos.md
@@ -5 +5 @@
-ConsiderationsModifying the domain access policyConfiguring IAM Identity Center authentication and authorization (Console)Configuring Fine Grained Access ControlConfiguring IAM Identity Center authentication and authorization (CLI)Disabling IAM Identity Center authentication on the domain
+ConsiderationsModifying the domain access policyConfiguring IAM Identity Center authentication and authorization (Console)Configuring fine-grained access controlConfiguring IAM Identity Center authentication and authorization (CLI)Disabling IAM Identity Center authentication on the domain
@@ -7 +7 @@ ConsiderationsModifying the domain access policyConfiguring IAM Identity Center
-#  IAM Identity Center Trusted Identity Propagation Support for Amazon OpenSearch Service 
+#  IAM Identity Center Trusted Identity Propagation Support for OpenSearch 
@@ -9 +9 @@ ConsiderationsModifying the domain access policyConfiguring IAM Identity Center
-You can now use your centrally configured AWS IAM Identity Center principals (users and groups) via [ Trusted Identity Propagation](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overview.html) to access OpenSearch domains through [ OpenSearch Service applications ](./application.html). In order to enable IAM Identity Center support for Amazon OpenSearch Service, you will need to enable use of IAM Identity Center To learn more on how to do this, see [What is IAM Identity Center?](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html). See [ How to associate OpenSearch domain as datasource in OpenSearch applications?](./application.html) for details. 
+You can now use your centrally configured AWS IAM Identity Center principals (users and groups) via [ Trusted Identity Propagation](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overview.html) to access Amazon OpenSearch Service domains through [ OpenSearch Service applications ](./application.html). In order to enable IAM Identity Center support for OpenSearch, you will need to enable use of IAM Identity Center To learn more on how to do this, see [What is IAM Identity Center?](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html). See [ How to associate OpenSearch domain as datasource in OpenSearch applications?](./application.html) for details. 
@@ -22,0 +23,2 @@ Before you use IAM Identity Center with Amazon OpenSearch Service you must consi
+  * IAM Identity Center is available in your [ Region](./opensearch-ui-endpoints-quotas.html).
+
@@ -27 +29 @@ Before you use IAM Identity Center with Amazon OpenSearch Service you must consi
-  * Domain should be in the same region as IAM Identity Center instance.
+  * Domain is in the same Region as IAM Identity Center instance.
@@ -29 +31 @@ Before you use IAM Identity Center with Amazon OpenSearch Service you must consi
-  * Domain and [OpenSearch application](./application.html) should belong to same AWS account.
+  * Domain and [OpenSearch application](./application.html) belong to the same AWS account.
@@ -83 +85 @@ After you've made your changes, save your domain.
-## Configuring Fine Grained Access Control
+## Configuring fine-grained access control