AWS transcribe documentation change
Summary
Removed detailed JSON examples of KMS key policies, IAM policies, and trust policies for encryption configuration
Security assessment
Removed example policies but did not address a specific security vulnerability. Changes appear to simplify documentation structure rather than fix security flaws. No evidence of security incident remediation.
Diff
diff --git a/transcribe/latest/dg/health-scribe-encryption-customer.md b/transcribe/latest/dg/health-scribe-encryption-customer.md index 375752ed3..32c6d1c58 100644 --- a//transcribe/latest/dg/health-scribe-encryption-customer.md +++ b//transcribe/latest/dg/health-scribe-encryption-customer.md @@ -28,54 +27,0 @@ The following is an example key policy you can use to grant your ResourceAccessR -JSON - - -**** - - - - { - "Version":"2012-10-17", - "Statement":[ - { - "Sid": "Allow access for key administrators", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::123456789012:root" - }, - "Action" : [ - "kms:*" - ], - "Resource": "*" - }, - { - "Sid":"Allow access to the ResourceAccessRole for StartMedicalScribeStream", - "Effect":"Allow", - "Principal":{ - "AWS": "arn:aws:iam::123456789012:role/ResourceAccessRole" - }, - "Action":[ - "kms:Encrypt", - "kms:Decrypt", - "kms:GenerateDataKey*" - ] - "Resource":"*", - "Condition": { - "StringEquals": { - "EncryptionContext":[ - "aws:us-east-1:transcribe:medical-scribe:session-id": "1234abcd-12ab-34cd-56ef-123456SAMPLE" - ] - } - } - }, - { - "Sid":"Allow access to the ResourceAccessRole for DescribeKey", - "Effect":"Allow", - "Principal":{ - "AWS": "arn:aws:iam::123456789012:role/ResourceAccessRole" - }, - "Action": "kms:DescribeKey", - "Resource":"*" - } - ] - } - - @@ -88,43 +33,0 @@ The following IAM policy example shows how to grant a ResourceAccessRole permiss -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:GenerateDataKey*" - ], - "Resource": "arn:aws:kms:us-west-2:123456789012:key/Key_ID", - "Effect": "Allow", - "Condition": { - "StringEquals": { - "kms:ViaService": "transcribe.streaming.amazonaws.com", - "EncryptionContext":[ - "aws:us-east-1:transcribe:medical-scribe:session-id": "1234abcd-12ab-34cd-56ef-123456SAMPLE" - ] - } - } - }, - { - "Action": [ - "kms:DescribeKey" - ], - "Resource": "arn:aws:kms:us-west-2:123456789012:key/Key_ID", - "Effect": "Allow", - "Condition": { - "StringEquals": { - "kms:ViaService": "transcribe.streaming.amazonaws.com" - } - } - } - ] - } - - @@ -133,29 +35,0 @@ The following is trust policy example for the ResourceAccessRole. For DataAccess -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "transcribe.streaming.amazonaws.com" - }, - "Action": "sts:AssumeRole", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "123456789012" - }, - "StringLike": { - "aws:SourceArn": "arn:aws:transcribe:us-west-2:123456789012:*" - } - } - } - ] - } - -