AWS opensearch-service documentation change
Summary
Removed IAM policy example for passing roles and ESHttpPost permissions
Security assessment
The change removes an example policy but doesn't indicate any security issue. Focus appears to be on simplifying documentation.
Diff
diff --git a/opensearch-service/latest/developerguide/ml-external-connector.md b/opensearch-service/latest/developerguide/ml-external-connector.md index 6653aeb8c..fbb332cd9 100644 --- a//opensearch-service/latest/developerguide/ml-external-connector.md +++ b//opensearch-service/latest/developerguide/ml-external-connector.md @@ -106,24 +105,0 @@ In order to create the connector, you need permission to pass the IAM role to Op -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "iam:PassRole", - "Resource": "arn:aws:iam:::role/opensearch-secretmanager-role" - }, - { - "Effect": "Allow", - "Action": "es:ESHttpPost", - "Resource": "arn:aws:es:us-east-1::domain/domain-name/*" - } - ] - } - -