Closed
Description
Checkboxes for prior research
- I've gone through Developer Guide and API reference
- I've checked AWS Forums and StackOverflow.
- I've searched for previous similar issues and didn't find any solution.
Describe the bug
I'm trying to update the JWT public key in my OpenSearch cluster through the SDK.
await opensearchClient.send(
new UpdateDomainConfigCommand({
DomainName: <domain-name>,
AdvancedSecurityOptions: {
JWTOptions: {
PublicKey: publicKey,
},
},
})
);
The metadata of the call returns 200 with no apparent errors:
"$metadata": {
"httpStatusCode": 200,
"requestId": "a50a5ec1-3345-4ad6-b50e-a7b03bd7dd55",
"attempts": 1,
"totalRetryDelay": 0
},
However the returned config is not updated:
"AdvancedSecurityOptions": {
"Options": {
"AnonymousAuthEnabled": false,
"Enabled": true,
"InternalUserDatabaseEnabled": false,
"JWTOptions": {
"Enabled": true,
"PublicKey": "<old public key>",
"RolesKey": "roles", // default
"SubjectKey": "sub" // default
}
},
"Status": {
"CreationDate": "2025-03-18T21:48:56.833Z",
"PendingDeletion": false,
"State": "Active",
"UpdateDate": "2025-05-06T16:56:34.722Z", // this value is not updated either
"UpdateVersion": 135
}
},
The public key is not updated when looking through the console itself, as well.
Regression Issue
- Select this option if this issue appears to be a regression.
SDK version number
@aws-sdk/client-opensearch@3.787.0
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
nodejs22.x (from AWS Lambda)
Reproduction Steps
- Create an OpenSearch cluster, and enable JWT authentication with a public key.
- Attempt to update only the public key through the AWS-SDK.
Observed Behavior
The public key was not updated despite receiving a 200 response from the call.
Expected Behavior
The cluster will be updated with the new public key.
Possible Solution
No response
Additional Information/Context
No response