AWS Security ChangesHomeSearch

AWS opensearch-service medium security documentation change

Service: opensearch-service · 2025-08-28 · Security-related medium

File: opensearch-service/latest/developerguide/monitoring-pipeline-logs.md

Summary

Removed CloudWatch Logs permissions policy example with wildcard resource (*)

Security assessment

The deleted example used Resource: * for CloudWatch Logs permissions, which violates least privilege. Removal prevents users from adopting over-permissive configurations.

Diff

diff --git a/opensearch-service/latest/developerguide/monitoring-pipeline-logs.md b/opensearch-service/latest/developerguide/monitoring-pipeline-logs.md
index 7f69defe6..45bdc4a18 100644
--- a//opensearch-service/latest/developerguide/monitoring-pipeline-logs.md
+++ b//opensearch-service/latest/developerguide/monitoring-pipeline-logs.md
@@ -19,27 +18,0 @@ You need the following CloudWatch Logs permissions in order to create and update
-JSON
-    
-
-****
-    
-    
-    
-    {a
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Resource": "*",
-                "Action": [
-                    "logs:CreateLogDelivery",
-                    "logs:PutResourcePolicy",
-                    "logs:UpdateLogDelivery",
-                    "logs:DeleteLogDelivery",
-                    "logs:DescribeResourcePolicies",
-                    "logs:GetLogDelivery",
-                    "logs:ListLogDeliveries"
-                ]
-            }
-        ]
-    }
-    
-