AWS opensearch-service documentation change
Summary
Removed DynamoDB and S3 access policy examples for data pipeline
Security assessment
Deletion of data access policy examples reduces documentation about secure data handling practices but doesn't fix a security issue. Impacts guidance for proper resource permissions.
Diff
diff --git a/opensearch-service/latest/developerguide/configure-client-ddb.md b/opensearch-service/latest/developerguide/configure-client-ddb.md index cb032f2a9..fbea90a4e 100644 --- a//opensearch-service/latest/developerguide/configure-client-ddb.md +++ b//opensearch-service/latest/developerguide/configure-client-ddb.md @@ -51,61 +50,0 @@ After you have your DynamoDB table set up, [set up the pipeline role](./pipeline -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "allowRunExportJob", - "Effect": "Allow", - "Action": [ - "dynamodb:DescribeTable", - "dynamodb:DescribeContinuousBackups", - "dynamodb:ExportTableToPointInTime" - ], - "Resource": [ - "arn:aws:dynamodb::111122223333:table/my-table" - ] - }, - { - "Sid": "allowCheckExportjob", - "Effect": "Allow", - "Action": [ - "dynamodb:DescribeExport" - ], - "Resource": [ - "arn:aws:dynamodb::111122223333:table/my-table/export/*" - ] - }, - { - "Sid": "allowReadFromStream", - "Effect": "Allow", - "Action": [ - "dynamodb:DescribeStream", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator" - ], - "Resource": [ - "arn:aws:dynamodb::111122223333:table/my-table/stream/*" - ] - }, - { - "Sid": "allowReadAndWriteToS3ForExport", - "Effect": "Allow", - "Action": [ - "s3:GetObject", - "s3:AbortMultipartUpload", - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Resource": [ - "arn:aws:s3:::my-bucket/export-folder/*" - ] - } - ] - } - -