AWS healthimaging medium security documentation change
Summary
Added note about confused deputy prevention in IAM policy and updated policy condition operators
Security assessment
Explicitly addresses the confused deputy problem by restricting access via IAM conditions, a security control to prevent unauthorized cross-service access.
Diff
diff --git a/healthimaging/latest/devguide/getting-started-setting-up.md b/healthimaging/latest/devguide/getting-started-setting-up.md index b67fe5153..c592aa4c3 100644 --- a//healthimaging/latest/devguide/getting-started-setting-up.md +++ b//healthimaging/latest/devguide/getting-started-setting-up.md @@ -205,0 +206,4 @@ For the purposes of this guide, the code examples in [Starting an import job](./ +###### Note + +The `Condition` block in this trust policy helps prevent the confused deputy problem by ensuring that only your specific AWS HealthImaging data store can be accessed. For more information about this security measure, see [Cross-service confused deputy prevention in HealthImaging](https://docs.aws.amazon.com/healthimaging/latest/devguide/security-iam-deputy.html). + @@ -216 +220 @@ For the purposes of this guide, the code examples in [Starting an import job](./ - "ForAllValues:StringEquals": { + "StringEquals": { @@ -219 +223 @@ For the purposes of this guide, the code examples in [Starting an import job](./ - "ForAllValues:ArnEquals": { + "ArnEquals": {