AWS opensearch-service medium security documentation change
Summary
Removed domain access policy example granting es:* permissions
Security assessment
The deleted policy example used overly broad es:* permissions. Removal helps prevent users from granting excessive privileges during setup.
Diff
diff --git a/opensearch-service/latest/developerguide/osis-get-started.md b/opensearch-service/latest/developerguide/osis-get-started.md index cc5d3df00..d7e24f464 100644 --- a//opensearch-service/latest/developerguide/osis-get-started.md +++ b//opensearch-service/latest/developerguide/osis-get-started.md @@ -175,22 +174,0 @@ Make sure that the domain has the following domain-level access policy, which gr -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam:::role/OpenSearchIngestion-PipelineRole" - }, - "Action": "es:*", - "Resource": "arn:aws:es:us-east-1::domain/ingestion-domain/*" - } - ] - } - -