AWS Security ChangesHomeSearch

AWS healthlake documentation change

Service: healthlake · 2025-08-25 · Documentation low

File: healthlake/latest/devguide/getting-started-setting-up.md

Summary

Replaced placeholder 'accountID' with sample '111122223333' in ARN examples

Security assessment

Standardized example account ID format without altering security meaning or exposing credentials

Diff

diff --git a/healthlake/latest/devguide/getting-started-setting-up.md b/healthlake/latest/devguide/getting-started-setting-up.md
index a807d4db9..c1d3ec889 100644
--- a//healthlake/latest/devguide/getting-started-setting-up.md
+++ b//healthlake/latest/devguide/getting-started-setting-up.md
@@ -134,0 +135,6 @@ The `AWSLakeFormationDataAdmin` policy grants access to all AWS Lake Formation r
+JSON
+    
+
+****
+    
+    
@@ -261,0 +269,6 @@ After you set up permission, you are ready to import files into your data store
+JSON
+    
+
+****
+    
+    
@@ -264 +277,2 @@ After you set up permission, you are ready to import files into your data store
-        "Statement": [{
+        "Statement": [
+            {
@@ -267 +281,3 @@ After you set up permission, you are ready to import files into your data store
-                "Service": ["healthlake.amazonaws.com"]
+                    "Service": [
+                        "healthlake.amazonaws.com"
+                    ]
@@ -275 +291 @@ After you set up permission, you are ready to import files into your data store
-                    "aws:SourceArn": "arn:aws:healthlake:us-west-2:accountID:datastore/fhir/datastoreID"
+                        "aws:SourceArn": "arn:aws:healthlake:us-west-2:111122223333:datastore/fhir/datastoreID"
@@ -278 +294,2 @@ After you set up permission, you are ready to import files into your data store
-        }]
+            }
+        ]
@@ -282,0 +301,6 @@ After you set up permission, you are ready to import files into your data store
+JSON
+    
+
+****
+    
+    
@@ -328 +353 @@ If you already created a role for HealthLake, you can reuse it and grant it the
-HealthLake supports both [native SDK export requests](./exporting-fhir-data.html) and the [FHIR R4 $export](./reference-fhir-operations.html#export-operation) operation. Separate IAM actions must be provided depending on which export API you decide to use. This allows you to handle `allow` and `deny` permissions separately. If you want to restrict both HealthLake SDK and FHIR REST API exports, you must apply deny permissions to the separate IAM actions. IAM user permission changes are not required if you give users full access to HealthLake.
+HealthLake supports both [native SDK export requests](./exporting-fhir-data.html) and the [FHIR R4 $export](./reference-fhir-operations-export.html) operation. Separate IAM actions must be provided depending on which export API you decide to use. This allows you to handle `allow` and `deny` permissions separately. If you want to restrict both HealthLake SDK and FHIR REST API exports, you must apply deny permissions to the separate IAM actions. IAM user permission changes are not required if you give users full access to HealthLake.
@@ -373,0 +399,6 @@ The user or role that sets up permissions must have permission to create roles,
+JSON
+    
+
+****
+    
+    
@@ -377,2 +408,7 @@ The user or role that sets up permissions must have permission to create roles,
-      "Statement": [{
-        "Action": ["iam:CreateRole", "iam:CreatePolicy", "iam:AttachRolePolicy"],
+        "Statement": [
+            {
+                "Action": [
+                    "iam:CreateRole",
+                    "iam:CreatePolicy",
+                    "iam:AttachRolePolicy"
+                ],
@@ -381,2 +417,3 @@ The user or role that sets up permissions must have permission to create roles,
-        }, {
-        "Action": "iam:PassRole"
+            },
+            {
+                "Action": "iam:PassRole",
@@ -390 +427,2 @@ The user or role that sets up permissions must have permission to create roles,
-      }]
+            }
+        ]
@@ -398,0 +438,6 @@ The user or role that sets up permissions must have permission to create roles,
+JSON
+    
+
+****
+    
+    
@@ -401 +446,2 @@ The user or role that sets up permissions must have permission to create roles,
-        "Statement": [{
+        "Statement": [
+            {
@@ -404 +450,3 @@ The user or role that sets up permissions must have permission to create roles,
-                "Service": ["healthlake.amazonaws.com"]
+                    "Service": [
+                        "healthlake.amazonaws.com"
+                    ]
@@ -412 +460 @@ The user or role that sets up permissions must have permission to create roles,
-                    "aws:SourceArn": "arn:aws:healthlake:us-west-2:accountID:datastore/fhir/data store ID"
+                        "aws:SourceArn": "arn:aws:healthlake:us-west-2:111122223333:datastore/fhir/data store ID"
@@ -415 +463,2 @@ The user or role that sets up permissions must have permission to create roles,
-        }]
+            }
+        ]
@@ -419,0 +470,6 @@ The user or role that sets up permissions must have permission to create roles,
+JSON
+    
+
+****
+    
+