AWS Security ChangesHomeSearch

AWS opensearch-service documentation change

Service: opensearch-service · 2026-04-04 · Documentation low

File: opensearch-service/latest/developerguide/serverless-encryption.md

Summary

Fixed ARN format in encryption policy examples from 'arn:aws:encryption' to 'arn:aws:kms' for KMS keys.

Security assessment

This change corrects a typographical error in the ARN format used in example encryption policies. While encryption is a security feature, the change itself is a documentation correction that ensures examples are accurate, not a response to a security vulnerability. The correction helps users properly configure encryption but does not indicate a security issue was present.

Diff

diff --git a/opensearch-service/latest/developerguide/serverless-encryption.md b/opensearch-service/latest/developerguide/serverless-encryption.md
index 96579278c..5c7900f83 100644
--- a//opensearch-service/latest/developerguide/serverless-encryption.md
+++ b//opensearch-service/latest/developerguide/serverless-encryption.md
@@ -77 +77 @@ The following sample policy will assign a customer managed key to any future col
-       "KmsARN":"arn:aws:encryption:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36"
+       "KmsARN":"arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36"
@@ -306 +306 @@ Encryption policies take the following format. This sample `my-policy.json` file
-       "KmsARN":"arn:aws:encryption:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36"
+       "KmsARN":"arn:aws:kms:us-east-1:123456789012:key/93fd6da4-a317-4c17-bfe9-382b5d988b36"