AWS Security ChangesHomeSearch

AWS opensearch-service medium security documentation change

Service: opensearch-service · 2025-08-28 · Security-related medium

File: opensearch-service/latest/developerguide/fgac.md

Summary

Removed example policy allowing public access (* principal) with dashboard restrictions

Security assessment

The deleted policy example allowed public access (AWS: *) while trying to restrict dashboards, which creates insecure configurations by default. Removal prevents exposure risks.

Diff

diff --git a/opensearch-service/latest/developerguide/fgac.md b/opensearch-service/latest/developerguide/fgac.md
index 867ec0d72..69aaaaec7 100644
--- a//opensearch-service/latest/developerguide/fgac.md
+++ b//opensearch-service/latest/developerguide/fgac.md
@@ -519,30 +518,0 @@ Use IAM credentials for calls to the OpenSearch APIs, and block most access to D
-JSON
-    
-
-****
-    
-    
-    
-    {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Effect": "Allow",
-          "Principal": {
-            "AWS": "*"
-          },
-          "Action": "es:ESHttp*",
-          "Resource": "arn:aws:es:us-east-1::domain/domain-name/*"
-        },
-        {
-          "Effect": "Deny",
-          "Principal": {
-            "AWS": "*"
-          },
-          "Action": "es:ESHttp*",
-          "Resource": "arn:aws:es:us-east-1::domain/domain-name/_dashboards*"
-        }
-      ]
-    }
-      
-