AWS Security ChangesHomeSearch

AWS opensearch-service medium security documentation change

Service: opensearch-service · 2025-08-28 · Security-related medium

File: opensearch-service/latest/developerguide/fgac-iam.md

Summary

Removed example IAM policy allowing root access to OpenSearch domain

Security assessment

The removed policy example granted overly permissive root access (arn:aws:iam:::root), which violates least privilege principles. Removing it prevents users from following insecure configurations.

Diff

diff --git a/opensearch-service/latest/developerguide/fgac-iam.md b/opensearch-service/latest/developerguide/fgac-iam.md
index 994f49577..709a8f359 100644
--- a//opensearch-service/latest/developerguide/fgac-iam.md
+++ b//opensearch-service/latest/developerguide/fgac-iam.md
@@ -92,23 +91,0 @@ Navigate to the Amazon OpenSearch Service console at [https://console.aws.amazon
-JSON
-    
-
-****
-    
-    
-        {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Effect": "Allow",
-          "Principal": {
-            "AWS": "arn:aws:iam:::root"
-          },
-          "Action": [
-            "es:ESHttp*"
-          ],
-          "Resource": "arn:aws:es:us-east-1::domain/{domain-name}/*"
-        }
-      ]
-    }
-    
-