AWS Security ChangesHomeSearch

AWS opensearch-service documentation change

Service: opensearch-service · 2025-10-16 · Documentation low

File: opensearch-service/latest/developerguide/configure-client-source-security-lake.md

Summary

Updated example policy names and queue URLs to use concrete values (e.g., 'amzn-s3-demo-bucket') instead of placeholders in Security Lake integration documentation.

Security assessment

Clarifies configuration examples for security-related permissions but does not introduce new security features or address vulnerabilities. Improves accuracy of security setup documentation.

Diff

diff --git a/opensearch-service/latest/developerguide/configure-client-source-security-lake.md b/opensearch-service/latest/developerguide/configure-client-source-security-lake.md
index e6d73d32f..a488b3104 100644
--- a//opensearch-service/latest/developerguide/configure-client-source-security-lake.md
+++ b//opensearch-service/latest/developerguide/configure-client-source-security-lake.md
@@ -45 +45 @@ Before you create your OpenSearch Ingestion pipeline, perform the following step
-When you create a subscriber, Security Lake automatically creates two inline permissions policies—one for S3 and one for SQS. The policies take the following format: `AmazonSecurityLake-`{12345}`-S3` and `AmazonSecurityLake-`{12345}`-SQS`. To allow your pipeline to access the subscriber sources, you must associate the required permissions with your pipeline role.
+When you create a subscriber, Security Lake automatically creates two inline permissions policies—one for S3 and one for SQS. The policies take the following format: `AmazonSecurityLake-`amzn-s3-demo-bucket`-S3` and `AmazonSecurityLake-`AWSDemo`-SQS`. To allow your pipeline to access the subscriber sources, you must associate the required permissions with your pipeline role.
@@ -100 +100 @@ You must attach these permissions to the IAM role that you specify in the `sts_r
-          queue_url: "https://sqs.us-east-1amazonaws.com/account-id/AmazonSecurityLake-abcde-Main-Queue"
+          queue_url: "https://sqs.us-east-1amazonaws.com/account-id/AmazonSecurityLake-amzn-s3-demo-bucket-Main-Queue"
@@ -113 +113 @@ After you add the permissions to the pipeline role, use the preconfigured Securi
-You must specify the `queue_url` option within the `s3` source configuration, which is the Amazon SQS queue URL to read from. To format the URL, locate the **Subscription endpoint** in the subscriber configuration and change `arn:aws:` to `https://`. For example, `https://sqs.`us-east-1`amazonaws.com/`account-id`/AmazonSecurityLake-`abdcef`-Main-Queue`.
+You must specify the `queue_url` option within the `s3` source configuration, which is the Amazon SQS queue URL to read from. To format the URL, locate the **Subscription endpoint** in the subscriber configuration and change `arn:aws:` to `https://`. For example, `https://sqs.`us-east-1`amazonaws.com/`account-id`/AmazonSecurityLake-`AWSDemo`-Main-Queue`.