Amazon OpenSearch Service now supports JWKS URL configuration for JWT authentication

Amazon Web Services has enhanced its OpenSearch Service with support for JSON Web Key Set (JWKS) URL configuration for JWT authentication, allowing OpenSearch domains to automatically fetch and validate public keys from identity providers' JWKS endpoints. The update eliminates the previous requirement for manual configuration and updating of static public keys, streamlining the authentication process for enterprise deployments. The new capability addresses a significant operational pain point by enabling automatic retrieval of the latest public keys from identity providers, removing the need for manual intervention when providers rotate signing keys. AWS has incorporated built-in security validation checks and improved error messaging to help administrators troubleshoot authentication issues more effectively. The JWKS URL configuration feature requires OpenSearch version 3.3 or later and is accessible through the Amazon OpenSearch Service console, AWS CLI, or the CreateDomain and UpdateDomainConfig APIs. The enhancement is now available across all AWS regions where Amazon OpenSearch Service operates.