AWS healthlake medium security documentation change
Summary
Added JSON formatting blocks and corrected SecretsManager ARN syntax by removing region from resource ARN
Security assessment
Fixes incorrect ARN format for SecretsManager resources in IAM policies, which could lead to policy enforcement failures. Proper ARN formatting is critical for security policy effectiveness.
Diff
diff --git a/healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md b/healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md index b1a240470..d857f7fd7 100644 --- a//healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md +++ b//healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md @@ -206,0 +207,6 @@ Adding the IAM action `GetSecretValue` to execution role grants the necessary pe +JSON + + +**** + + @@ -214 +220 @@ Adding the IAM action `GetSecretValue` to execution role grants the necessary pe - "Resource": "arn:aws:secretsmanager:your-region:your-aws-account-id:secret:secret-name-DKodTA" + "Resource": "arn:aws:secretsmanager:"your-aws-account-id:secret:secret-name-DKodTA" @@ -284,0 +292,6 @@ Use this procedure to create a service role. When you create a service you will +JSON + + +**** + + @@ -299 +312 @@ Use this procedure to create a service role. When you create a service you will - "aws:SourceArn": "arn:aws:healthlake:your-region:your-account-id:datastore/fhir/your-datastore-id" + "aws:SourceArn": "arn:aws:healthlake:us-east-1:your-account-id:datastore/fhir/your-datastore-id"