AWS healthlake documentation change
Summary
Removed JSON examples for SecretsManager permissions and service role trust policy
Security assessment
Example removal does not alter security requirements. No security vulnerabilities mentioned in changes.
Diff
diff --git a/healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md b/healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md index d857f7fd7..6e079b012 100644 --- a//healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md +++ b//healthlake/latest/devguide/reference-smart-on-fhir-token-validation.md @@ -207,19 +206,0 @@ Adding the IAM action `GetSecretValue` to execution role grants the necessary pe -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "secretsmanager:GetSecretValue", - "Resource": "arn:aws:secretsmanager:"your-aws-account-id:secret:secret-name-DKodTA" - } - ] - } - - @@ -292,28 +272,0 @@ Use this procedure to create a service role. When you create a service you will -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "sts:AssumeRole", - "Principal": { - "Service": "healthlake.amazonaws.com" - }, - "Condition": { - "StringEquals": { - "aws:SourceAccount": "your-account-id" - }, - "ArnEquals": { - "aws:SourceArn": "arn:aws:healthlake:us-east-1:your-account-id:datastore/fhir/your-datastore-id" - } - } - } - ] - } - -