Amazon OpenSearch Service now supports JSON Web Key Set (JWKS) URL configuration for JWT authentication. You can configure a JWKS URL as part of your JWT authentication setup, allowing your OpenSearch domains to automatically fetch and validate public keys from your identity provider’s JWKS endpoint.
Previously, JWT authentication required you to manually configure and update static public keys. With JWKS URL support, your domains automatically retrieve the latest public keys from your identity provider, eliminating the need to manually update keys when your identity provider rotates signing keys. The configuration includes built-in security validation checks and clear error messaging to help troubleshoot issues.
JWKS URL support requires OpenSearch version 3.3 or later. You can set up JWKS URL configuration using the Amazon OpenSearch Service console, the AWS CLI, or the CreateDomain and UpdateDomainConfig APIs.
JWKS URL configuration for JWT authentication is available in all AWS Regions where Amazon OpenSearch Service is available. To learn more, see JWT authentication and authorization in the Amazon OpenSearch Service Developer Guide.
Categories: general:products/amazon-opensearch-service,marketing:marchitecture/analytics
Source: Amazon Web Services
Latest Posts
- Amazon SageMaker HyperPod now supports data capture for inference workloads
- Microsoft Teams: Front-of-room view control for Webinars and structured meetings in Teams Rooms on Android [MC1316231]
- New flexibility and choice for sharing organizational data across Microsoft 365 and Viva apps [MC1316232]
- Amazon Managed Grafana now supports dual-stack connectivity (IPv6 and IPv4)
