AWS Security ChangesHomeSearch

AWS opensearch-service documentation change

Service: opensearch-service · 2026-07-04 · Documentation medium

File: opensearch-service/latest/developerguide/ac.md

Summary

Added documentation for 'aws:SecureTransport' condition key in resource-based policies to enforce HTTPS connections.

Security assessment

The change explicitly documents a security feature (enforcing encrypted transport) using a global condition key. While it enhances security guidance by showing how to require HTTPS, there's no evidence it addresses a specific vulnerability or incident.

Diff

diff --git a/opensearch-service/latest/developerguide/ac.md b/opensearch-service/latest/developerguide/ac.md
index 2a416429a..0cbbd666e 100644
--- a//opensearch-service/latest/developerguide/ac.md
+++ b//opensearch-service/latest/developerguide/ac.md
@@ -460 +460,6 @@ To learn more about pairing actions and resources, see the `Resource` element in
-As noted in Identity-based policies, the `aws:ResourceTag`, `aws:RequestTag`, and `aws:TagKeys` condition keys apply to the configuration API as well as the OpenSearch APIs.  
+As noted in Identity-based policies, the `aws:ResourceTag`, `aws:RequestTag`, and `aws:TagKeys` condition keys apply to the configuration API as well as the OpenSearch APIs. Amazon OpenSearch Service also supports the `aws:SecureTransport` global condition key in resource-based access policies. You can use `aws:SecureTransport` to require that requests to your domain be made over HTTPS. For example:
+    
+    
+    "Condition": { "Bool": { "aws:SecureTransport": "true" } }
+
+For more information about condition keys, see [AWS global condition context keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) in the _IAM User Guide_.