AWS Security ChangesHomeSearch

AWS opensearch-service documentation change

Service: opensearch-service · 2025-10-01 · Documentation medium

File: opensearch-service/latest/developerguide/cross-account-pipelines.md

Summary

Updated cross-account IAM policy example with specific account IDs (111122223333, 444455556666) and concrete resource ARNs. Added JSON formatting markers.

Security assessment

The change provides a more precise IAM policy example for cross-account pipeline access. While this improves security documentation by demonstrating proper account ID restrictions, there is no evidence it addresses an active security issue.

Diff

diff --git a/opensearch-service/latest/developerguide/cross-account-pipelines.md b/opensearch-service/latest/developerguide/cross-account-pipelines.md
index 11d8bf618..a30be8464 100644
--- a//opensearch-service/latest/developerguide/cross-account-pipelines.md
+++ b//opensearch-service/latest/developerguide/cross-account-pipelines.md
@@ -97 +97,11 @@ In the following command, you must use the short form of the account ID by provi
-      --policy '{
+      --policy 'IAM-policy'
+
+Use a policy like the following for `IAM-policy`
+
+JSON
+    
+
+****
+    
+    
+        {
@@ -105,2 +115,2 @@ In the following command, you must use the short form of the account ID by provi
-              "connecting-account-1",
-              "connecting-account-2"
+      "111122223333",
+      "444455556666"
@@ -109,4 +119,3 @@ In the following command, you must use the short form of the account ID by provi
-          "Action": [
-            "osis:CreatePipelineEndpoint"
-          ],
-          "Resource": "arn:aws:osis:region:pipeline-owner-account-ID:pipeline/pipeline-name"
+      "Action": 
+      "osis:CreatePipelineEndpoint",
+      "Resource": "arn:aws:osis:us-east-1:123456789012:pipeline/pipeline-name"
@@ -115 +124,2 @@ In the following command, you must use the short form of the account ID by provi
-    }'
+     }
+