AWS Security ChangesHomeSearch

AWS opensearch-service documentation change

Service: opensearch-service · 2026-05-22 · Documentation medium

File: opensearch-service/latest/developerguide/direct-query-security-lake-configure.md

Summary

Added note about IAM authentication requirement for DirectQuery in Discover

Security assessment

Documents authentication requirements for a security-sensitive feature (DirectQuery) but doesn't address a specific vulnerability. Adds security-related documentation about access controls.

Diff

diff --git a/opensearch-service/latest/developerguide/direct-query-security-lake-configure.md b/opensearch-service/latest/developerguide/direct-query-security-lake-configure.md
index 73dac1175..70ce47455 100644
--- a//opensearch-service/latest/developerguide/direct-query-security-lake-configure.md
+++ b//opensearch-service/latest/developerguide/direct-query-security-lake-configure.md
@@ -12,0 +13,4 @@ Now that you've created your data source, you can set it up in OpenSearch Dashbo
+###### Note
+
+DirectQuery in Discover is only supported when logging into the OpenSearch UI application with IAM authentication. IAM Identity Center (IAM Identity Center) is not supported for DirectQuery. Since DirectQuery Security Lake can only be used from Discover, customers using IAM Identity Center cannot use DirectQuery Security Lake.
+