AWS Security ChangesHomeSearch

AWS opensearch-service medium security documentation change

Service: opensearch-service · 2025-08-28 · Security-related medium

File: opensearch-service/latest/developerguide/cross-service-confused-deputy-prevention.md

Summary

Removed JSON example policy demonstrating confused deputy prevention with SourceArn/SourceAccount conditions

Security assessment

The removed example specifically addressed cross-service confused deputy prevention - a security-critical concept. Removing this documentation could reduce awareness of important security controls, though there's no evidence of a specific vulnerability being addressed.

Diff

diff --git a/opensearch-service/latest/developerguide/cross-service-confused-deputy-prevention.md b/opensearch-service/latest/developerguide/cross-service-confused-deputy-prevention.md
index bd03d4f3e..3e3d610e0 100644
--- a//opensearch-service/latest/developerguide/cross-service-confused-deputy-prevention.md
+++ b//opensearch-service/latest/developerguide/cross-service-confused-deputy-prevention.md
@@ -17,28 +16,0 @@ The following example shows how you can use the `aws:SourceArn` and `aws:SourceA
-JSON
-    
-
-****
-    
-    
-    
-    {
-       "Version":"2012-10-17",
-       "Statement":{
-          "Sid":"ConfusedDeputyPreventionExamplePolicy",
-          "Effect":"Allow",
-          "Principal":{
-             "Service":"es.amazonaws.com"
-          },
-          "Action":"sts:AssumeRole",
-          "Condition":{
-             "StringEquals":{
-                "aws:SourceAccount":""
-             },
-             "ArnLike":{
-                "aws:SourceArn":"arn:aws:es:us-east-1::domain/my-domain"
-             }
-          }
-       }
-    }
-    
-