AWS opensearch-service medium security documentation change
Summary
Removed example policy allowing public access (* principal) with dashboard restrictions
Security assessment
The deleted policy example allowed public access (AWS: *) while trying to restrict dashboards, which creates insecure configurations by default. Removal prevents exposure risks.
Diff
diff --git a/opensearch-service/latest/developerguide/fgac.md b/opensearch-service/latest/developerguide/fgac.md index 867ec0d72..69aaaaec7 100644 --- a//opensearch-service/latest/developerguide/fgac.md +++ b//opensearch-service/latest/developerguide/fgac.md @@ -519,30 +518,0 @@ Use IAM credentials for calls to the OpenSearch APIs, and block most access to D -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "*" - }, - "Action": "es:ESHttp*", - "Resource": "arn:aws:es:us-east-1::domain/domain-name/*" - }, - { - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Action": "es:ESHttp*", - "Resource": "arn:aws:es:us-east-1::domain/domain-name/_dashboards*" - } - ] - } - -