AWS Security ChangesHomeSearch

AWS solutions documentation change

Service: solutions · 2026-05-28 · Documentation low

File: solutions/latest/migration-assistant-for-amazon-opensearch-service/aws-well-architected-design-considerations.md

Summary

Updated security design consideration from IRSA to EKS Pod Identity for pod authentication

Security assessment

This documents the same authentication method update in the Well-Architected section. It enhances security documentation by describing credentialless access but shows no evidence of addressing a specific vulnerability.

Diff

diff --git a/solutions/latest/migration-assistant-for-amazon-opensearch-service/aws-well-architected-design-considerations.md b/solutions/latest/migration-assistant-for-amazon-opensearch-service/aws-well-architected-design-considerations.md
index 72da09014..9a3ab2c74 100644
--- a//solutions/latest/migration-assistant-for-amazon-opensearch-service/aws-well-architected-design-considerations.md
+++ b//solutions/latest/migration-assistant-for-amazon-opensearch-service/aws-well-architected-design-considerations.md
@@ -32 +32 @@ This section describes how we architected this solution using the principles and
-  * The Amazon EKS deployment uses [IAM Roles for Service Accounts (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) so the Migration Console pod and the Argo workflow executor pods authenticate to Amazon OpenSearch Service, Amazon OpenSearch Serverless, and other AWS services without long-lived credentials.
+  * The Amazon EKS deployment uses [EKS Pod Identity](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html) so the Migration Console pod and the Argo workflow executor pods authenticate to Amazon OpenSearch Service, Amazon OpenSearch Serverless, and other AWS services without long-lived credentials.