AWS opensearch-service documentation change
Summary
Updated console URL, simplified log enabling steps, and retained log group naming best practices
Security assessment
While log group naming recommendations (retained from original) relate to access policies, the changes themselves only streamline navigation steps. No new security features or vulnerabilities are addressed.
Diff
diff --git a/opensearch-service/latest/developerguide/monitoring-pipeline-logs.md b/opensearch-service/latest/developerguide/monitoring-pipeline-logs.md index 9da8ad53e..cae80bb74 100644 --- a//opensearch-service/latest/developerguide/monitoring-pipeline-logs.md +++ b//opensearch-service/latest/developerguide/monitoring-pipeline-logs.md @@ -52 +52 @@ You can enable log publishing on existing pipelines, or while creating a pipelin - 1. Sign in to the Amazon OpenSearch Service console at [https://console.aws.amazon.com/aos/home](https://console.aws.amazon.com/aos/home). + 1. Sign in to the Amazon OpenSearch Service console at [https://console.aws.amazon.com/aos/osis/home](https://console.aws.amazon.com/aos/osis/home#osis/ingestion-pipelines). You'll be on the Pipelines page. @@ -54 +54 @@ You can enable log publishing on existing pipelines, or while creating a pipelin - 2. Choose **Pipelines** in the left navigation pane. + 2. Open the pipeline that you want to enable logs, then choose **Actions** , **Edit log publishing options**. @@ -56 +56 @@ You can enable log publishing on existing pipelines, or while creating a pipelin - 3. Open the pipeline that you want to enable logs, then choose **Actions** , **Edit log publishing options**. + 3. Enable **Publish to CloudWatch Logs**. @@ -58,3 +58 @@ You can enable log publishing on existing pipelines, or while creating a pipelin - 4. Enable **Publish to CloudWatch Logs**. - - 5. Either create a new log group or select an existing one. We recommend that you format the name as a path, such as `/aws/**vendedlogs** /OpenSearchIngestion/`pipeline-name`/audit-logs`. This format makes it easier to apply a CloudWatch access policy that grants permissions to all log groups under a specific path such as `/aws/vendedlogs/OpenSearchIngestion`. + 4. Either create a new log group or select an existing one. We recommend that you format the name as a path, such as `/aws/**vendedlogs** /OpenSearchIngestion/`pipeline-name`/audit-logs`. This format makes it easier to apply a CloudWatch access policy that grants permissions to all log groups under a specific path such as `/aws/vendedlogs/OpenSearchIngestion`. @@ -66 +64 @@ You must include the prefix `vendedlogs` in the log group name, otherwise creati - 6. Choose **Save**. + 5. Choose **Save**.