Amazon OpenSearch Service Update: This release enables customers to use JSON Web Tokens (JWT) for authentication on their Amazon OpenSearch Service domains.

Author: AWS

.changes/next-release/feature-AmazonOpenSearchService-6717e03.json

@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "Amazon OpenSearch Service",
+    "contributor": "",
+    "description": "This release enables customers to use JSON Web Tokens (JWT) for authentication on their Amazon OpenSearch Service domains."
+}

services/opensearch/src/main/resources/codegen-resources/service-2.json

@@ -8,7 +8,8 @@
     "serviceFullName":"Amazon OpenSearch Service",
     "serviceId":"OpenSearch",
     "signatureVersion":"v4",
-    "uid":"opensearch-2021-01-01"
+    "uid":"opensearch-2021-01-01",
+    "auth":["aws.auth#sigv4"]
   },
   "operations":{
     "AcceptInboundConnection":{
@@ -1282,6 +1283,10 @@
           "shape":"SAMLOptionsOutput",
           "documentation":"<p>Container for information about the SAML configuration for OpenSearch Dashboards.</p>"
         },
+        "JWTOptions":{
+          "shape":"JWTOptionsOutput",
+          "documentation":"<p>Container for information about the JWT configuration of the Amazon OpenSearch Service.</p>"
+        },
         "AnonymousAuthDisableDate":{
           "shape":"DisableTimestamp",
           "documentation":"<p>Date and time when the migration period will be disabled. Only necessary when <a href=\"https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing\">enabling fine-grained access control on an existing domain</a>.</p>"
@@ -1312,6 +1317,10 @@
           "shape":"SAMLOptionsInput",
           "documentation":"<p>Container for information about the SAML configuration for OpenSearch Dashboards.</p>"
         },
+        "JWTOptions":{
+          "shape":"JWTOptionsInput",
+          "documentation":"<p>Container for information about the JWT configuration of the Amazon OpenSearch Service. </p>"
+        },
         "AnonymousAuthEnabled":{
           "shape":"Boolean",
           "documentation":"<p>True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when <a href=\"https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing\">enabling fine-grained access control on an existing domain</a>.</p>"
@@ -3904,7 +3913,7 @@
         },
         "Status":{
           "shape":"DataSourceStatus",
-          "documentation":"<p>The status of the data source response.</p>"
+          "documentation":"<p>The status of the data source.</p>"
         }
       },
       "documentation":"<p>The result of a <code>GetDataSource</code> operation.</p>"
@@ -4280,6 +4289,50 @@
       "type":"list",
       "member":{"shape":"Issue"}
     },
+    "JWTOptionsInput":{
+      "type":"structure",
+      "members":{
+        "Enabled":{
+          "shape":"Boolean",
+          "documentation":"<p>True to enable JWT authentication and authorization for a domain.</p>"
+        },
+        "SubjectKey":{
+          "shape":"SubjectKey",
+          "documentation":"<p>Element of the JWT assertion to use for the user name.</p>"
+        },
+        "RolesKey":{
+          "shape":"RolesKey",
+          "documentation":"<p>Element of the JWT assertion to use for roles.</p>"
+        },
+        "PublicKey":{
+          "shape":"String",
+          "documentation":"<p>Element of the JWT assertion used by the cluster to verify JWT signatures.</p>"
+        }
+      },
+      "documentation":"<p>The JWT authentication and authorization configuration for an Amazon OpenSearch Service domain.</p>"
+    },
+    "JWTOptionsOutput":{
+      "type":"structure",
+      "members":{
+        "Enabled":{
+          "shape":"Boolean",
+          "documentation":"<p>True if JWT use is enabled.</p>"
+        },
+        "SubjectKey":{
+          "shape":"String",
+          "documentation":"<p>The key used for matching the JWT subject attribute.</p>"
+        },
+        "RolesKey":{
+          "shape":"String",
+          "documentation":"<p>The key used for matching the JWT roles attribute.</p>"
+        },
+        "PublicKey":{
+          "shape":"String",
+          "documentation":"<p>The key used to verify the signature of incoming JWT requests.</p>"
+        }
+      },
+      "documentation":"<p>Describes the JWT options configured for the domain.</p>"
+    },
     "KmsKeyId":{
       "type":"string",
       "max":500,
@@ -5704,6 +5757,11 @@
       "min":20,
       "pattern":"arn:(aws|aws\\-cn|aws\\-us\\-gov|aws\\-iso|aws\\-iso\\-b):iam::[0-9]+:role\\/.*"
     },
+    "RolesKey":{
+      "type":"string",
+      "max":64,
+      "min":1
+    },
     "RollbackOnDisable":{
       "type":"string",
       "documentation":"<p>The rollback state while disabling Auto-Tune for the domain.</p>",
@@ -6176,6 +6234,11 @@
       "type":"list",
       "member":{"shape":"String"}
     },
+    "SubjectKey":{
+      "type":"string",
+      "max":64,
+      "min":1
+    },
     "TLSSecurityPolicy":{
       "type":"string",
       "enum":[
@@ -6262,7 +6325,7 @@
         },
         "Status":{
           "shape":"DataSourceStatus",
-          "documentation":"<p>The status of the data source update request.</p>"
+          "documentation":"<p>The status of the data source update.</p>"
         }
       },
       "documentation":"<p>Container for the parameters to the <code>UpdateDataSource</code> operation.</p>"