AWS opensearch-service documentation change
Summary
Fixed ARN format in encryption policy examples from 'arn:aws:encryption' to 'arn:aws:kms' for KMS keys.
Security assessment
This change corrects a typographical error in the ARN format used in example encryption policies. While encryption is a security feature, the change itself is a documentation correction that ensures examples are accurate, not a response to a security vulnerability. The correction helps users properly configure encryption but does not indicate a security issue was present.
Diff
diff --git a/opensearch-service/latest/developerguide/serverless-encryption.md b/opensearch-service/latest/developerguide/serverless-encryption.md index 96579278c..5c7900f83 100644 --- a//opensearch-service/latest/developerguide/serverless-encryption.md +++ b//opensearch-service/latest/developerguide/serverless-encryption.md @@ -77 +77 @@ The following sample policy will assign a customer managed key to any future col - "KmsARN":"arn:aws:encryption:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36" + "KmsARN":"arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36" @@ -306 +306 @@ Encryption policies take the following format. This sample `my-policy.json` file - "KmsARN":"arn:aws:encryption:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36" + "KmsARN":"arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36"