AWS Security ChangesHomeSearch

AWS opensearch-service documentation change

Service: opensearch-service · 2026-07-07 · Documentation low

File: opensearch-service/latest/developerguide/managedomains-logstash.md

Summary

Added documentation about supported authentication methods for Logstash

Security assessment

The change explicitly lists authentication methods including IAM credentials and instance profiles, enhancing security documentation without addressing a specific vulnerability

Diff

diff --git a/opensearch-service/latest/developerguide/managedomains-logstash.md b/opensearch-service/latest/developerguide/managedomains-logstash.md
index ca3a4e77f..21fa3748a 100644
--- a//opensearch-service/latest/developerguide/managedomains-logstash.md
+++ b//opensearch-service/latest/developerguide/managedomains-logstash.md
@@ -116,0 +117,2 @@ If your OpenSearch Service domain is in a VPC, the Logstash OSS machine must be
+Supported authentication methods for Logstash include: (1) HTTP Basic Authentication with the fine-grained access control internal user database, (2) IAM credentials specified directly in the configuration file, (3) IAM credentials exported as environment variables, and (4) EC2 instance profiles when running Logstash on an EC2 instance. When using an EC2 instance profile, the `logstash-output-opensearch` plugin automatically retrieves temporary credentials from the instance metadata service, so you do not need to specify `aws_access_key_id` or `aws_secret_access_key` in the configuration.
+