AWS opensearch-service documentation change
Summary
Removed JSON policy examples for VPC endpoint access using SAML and IAM principals
Security assessment
Removal of policy examples does not indicate a security issue but reduces documentation completeness for VPC configuration.
Diff
diff --git a/opensearch-service/latest/developerguide/serverless-vpc.md b/opensearch-service/latest/developerguide/serverless-vpc.md index 4732333e0..3a0b27325 100644 --- a//opensearch-service/latest/developerguide/serverless-vpc.md +++ b//opensearch-service/latest/developerguide/serverless-vpc.md @@ -145,29 +144,0 @@ You can use SAML identities in your VPC endpoint policy to determine VPC endpoin -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": "*", - "Action": "*", - "Resource": "*", - "Condition": { - "ForAnyValue:StringEquals": { - "saml:Groups": [ - "saml/111122223333/idp123/group/football", - "saml/111122223333/idp123/group/soccer", - "saml/111122223333/idp123/group/cricket" - ] - } - } - } - ] - } - - @@ -207,39 +177,0 @@ You can also include IAM and SAML users in the same VPC endpoint policy. To do t -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": "*", - "Action": "*", - "Resource": "*", - "Condition": { - "ForAnyValue:StringEquals": { - "saml:groups": [ - "saml//idp123/group/football", - "saml//idp123/group/soccer", - "saml//idp123/group/cricket" - ] - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": [ - "" - ] - }, - "Action": "*", - "Resource": "*" - } - ] - } - -