AWS Security ChangesHomeSearch

AWS opensearch-service high security documentation change

Service: opensearch-service · 2026-07-10 · Security-related high

File: opensearch-service/latest/developerguide/ac.md

Summary

Added warning about open access policies on VPC domains accepting unsigned HTTP requests

Security assessment

The change highlights a security risk where VPC domains with open access policies permit unsigned requests, potentially enabling unauthorized access if security groups are misconfigured. This documents a security implication of configuration choices.

Diff

diff --git a/opensearch-service/latest/developerguide/ac.md b/opensearch-service/latest/developerguide/ac.md
index 0cbbd666e..e0805c1ca 100644
--- a//opensearch-service/latest/developerguide/ac.md
+++ b//opensearch-service/latest/developerguide/ac.md
@@ -312,0 +313,2 @@ If you enabled VPC access for your domain, you can't configure an IP-based polic
+If you use an open access policy on a VPC domain without specifying an AWS principal, the domain accepts unsigned HTTP requests from any traffic that the security group permits. For more information, see [About access policies on VPC domains](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc.html#vpc-security).
+