AWS opensearch-service medium security documentation change
Summary
Removed example IAM policy allowing root access to OpenSearch domain
Security assessment
The removed policy example granted overly permissive root access (arn:aws:iam:::root), which violates least privilege principles. Removing it prevents users from following insecure configurations.
Diff
diff --git a/opensearch-service/latest/developerguide/fgac-iam.md b/opensearch-service/latest/developerguide/fgac-iam.md index 994f49577..709a8f359 100644 --- a//opensearch-service/latest/developerguide/fgac-iam.md +++ b//opensearch-service/latest/developerguide/fgac-iam.md @@ -92,23 +91,0 @@ Navigate to the Amazon OpenSearch Service console at [https://console.aws.amazon -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam:::root" - }, - "Action": [ - "es:ESHttp*" - ], - "Resource": "arn:aws:es:us-east-1::domain/{domain-name}/*" - } - ] - } - -