AWS Security ChangesHomeSearch

AWS healthlake medium security documentation change

Service: healthlake · 2025-08-25 · Security-related medium

File: healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md

Summary

Added JSON formatting blocks and corrected SecretsManager ARN syntax by removing region from resource ARN

Security assessment

Fixes incorrect ARN format for SecretsManager resources in IAM policies, which could lead to policy enforcement failures. Proper ARN formatting is critical for security policy effectiveness.

Diff

diff --git a/healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md b/healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md
index b1a240470..d857f7fd7 100644
--- a//healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md
+++ b//healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md
@@ -206,0 +207,6 @@ Adding the IAM action `GetSecretValue` to execution role grants the necessary pe
+JSON
+    
+
+****
+    
+    
@@ -214 +220 @@ Adding the IAM action `GetSecretValue` to execution role grants the necessary pe
-          "Resource": "arn:aws:secretsmanager:your-region:your-aws-account-id:secret:secret-name-DKodTA"
+                "Resource": "arn:aws:secretsmanager:"your-aws-account-id:secret:secret-name-DKodTA"
@@ -284,0 +292,6 @@ Use this procedure to create a service role. When you create a service you will
+JSON
+    
+
+****
+    
+    
@@ -299 +312 @@ Use this procedure to create a service role. When you create a service you will
-                  "aws:SourceArn": "arn:aws:healthlake:your-region:your-account-id:datastore/fhir/your-datastore-id"
+                        "aws:SourceArn": "arn:aws:healthlake:us-east-1:your-account-id:datastore/fhir/your-datastore-id"