AWS Security ChangesHomeSearch

AWS opensearch-service documentation change

Service: opensearch-service · 2026-07-04 · Documentation medium

File: opensearch-service/latest/developerguide/serverless-data-access.md

Summary

Added note clarifying relationship between data access policies and required IAM permissions.

Security assessment

Documents critical security requirement (aoss:APIAccessAll and aoss:DashboardsAccessAll) for proper access control implementation.

Diff

diff --git a/opensearch-service/latest/developerguide/serverless-data-access.md b/opensearch-service/latest/developerguide/serverless-data-access.md
index 6197d1d64..ecc846f68 100644
--- a//opensearch-service/latest/developerguide/serverless-data-access.md
+++ b//opensearch-service/latest/developerguide/serverless-data-access.md
@@ -245,0 +246,4 @@ The following permissions are supported in data access policies. For the OpenSea
+###### Note
+
+These permissions are specific to data access policies and are not IAM actions. They do not appear in the IAM console or IAM policy simulator. To grant principals access to collection resources, you also need the IAM permissions `aoss:APIAccessAll` and `aoss:DashboardsAccessAll`. For more information, see [Data access policies versus IAM policies](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-data-access.html#serverless-data-vs-iam).
+