AWS opensearch-service documentation change
Summary
Updated cross-account IAM policy example with specific account IDs (111122223333, 444455556666) and concrete resource ARNs. Added JSON formatting markers.
Security assessment
The change provides a more precise IAM policy example for cross-account pipeline access. While this improves security documentation by demonstrating proper account ID restrictions, there is no evidence it addresses an active security issue.
Diff
diff --git a/opensearch-service/latest/developerguide/cross-account-pipelines.md b/opensearch-service/latest/developerguide/cross-account-pipelines.md index 11d8bf618..a30be8464 100644 --- a//opensearch-service/latest/developerguide/cross-account-pipelines.md +++ b//opensearch-service/latest/developerguide/cross-account-pipelines.md @@ -97 +97,11 @@ In the following command, you must use the short form of the account ID by provi - --policy '{ + --policy 'IAM-policy' + +Use a policy like the following for `IAM-policy` + +JSON + + +**** + + + { @@ -105,2 +115,2 @@ In the following command, you must use the short form of the account ID by provi - "connecting-account-1", - "connecting-account-2" + "111122223333", + "444455556666" @@ -109,4 +119,3 @@ In the following command, you must use the short form of the account ID by provi - "Action": [ - "osis:CreatePipelineEndpoint" - ], - "Resource": "arn:aws:osis:region:pipeline-owner-account-ID:pipeline/pipeline-name" + "Action": + "osis:CreatePipelineEndpoint", + "Resource": "arn:aws:osis:us-east-1:123456789012:pipeline/pipeline-name" @@ -115 +124,2 @@ In the following command, you must use the short form of the account ID by provi - }' + } +