AWS opensearch-service documentation change
Summary
Added note clarifying relationship between data access policies and required IAM permissions.
Security assessment
Documents critical security requirement (aoss:APIAccessAll and aoss:DashboardsAccessAll) for proper access control implementation.
Diff
diff --git a/opensearch-service/latest/developerguide/serverless-data-access.md b/opensearch-service/latest/developerguide/serverless-data-access.md index 6197d1d64..ecc846f68 100644 --- a//opensearch-service/latest/developerguide/serverless-data-access.md +++ b//opensearch-service/latest/developerguide/serverless-data-access.md @@ -245,0 +246,4 @@ The following permissions are supported in data access policies. For the OpenSea +###### Note + +These permissions are specific to data access policies and are not IAM actions. They do not appear in the IAM console or IAM policy simulator. To grant principals access to collection resources, you also need the IAM permissions `aoss:APIAccessAll` and `aoss:DashboardsAccessAll`. For more information, see [Data access policies versus IAM policies](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-data-access.html#serverless-data-vs-iam). +