Amazon OpenSearch Service now supports JSON Web Key Set (JWKS) URL configuration for JWT authentication. You can configure a JWKS URL as part of your JWT authentication setup, allowing your OpenSearch domains to automatically fetch and validate public keys from your identity provider’s JWKS endpoint.
Previously, JWT authentication required you to manually configure and update static public keys. With JWKS URL support, your domains automatically retrieve the latest public keys from your identity provider, eliminating the need to manually update keys when your identity provider rotates signing keys. The configuration includes built-in security validation checks and clear error messaging to help troubleshoot issues.
JWKS URL support requires OpenSearch version 3.3 or later. You can set up JWKS URL configuration using the Amazon OpenSearch Service console, the AWS CLI, or the CreateDomain and UpdateDomainConfig APIs.
JWKS URL configuration for JWT authentication is available in all AWS Regions where Amazon OpenSearch Service is available. To learn more, see JWT authentication and authorization in the Amazon OpenSearch Service Developer Guide.
Categories: general:products/amazon-opensearch-service,marketing:marchitecture/analytics
Source: Amazon Web Services
Latest Posts
- Amazon OpenSearch Service now supports JWKS URL configuration for JWT authentication
- OpenAI GPT OSS and NVIDIA Nemotron Models Available on Amazon Bedrock in AWS GovCloud (US)
- (Updated) Triage your Outlook mobile inbox hands-free with Microsoft 365 Copilot voice catch-up [MC1187805]
- Microsoft Exchange Online: Dynamic distribution groups will populate membership faster on creation and modification [MC1294524]
