AWS transcribe documentation change
Summary
Removed JSON example of KMS key policy with encryption context conditions
Security assessment
Deleted example policy but did not indicate correction of insecure configurations. Changes seem focused on content reorganization rather than security fixes.
Diff
diff --git a/transcribe/latest/dg/health-scribe-encryption.md b/transcribe/latest/dg/health-scribe-encryption.md index a8871df01..20dec27b2 100644 --- a//transcribe/latest/dg/health-scribe-encryption.md +++ b//transcribe/latest/dg/health-scribe-encryption.md @@ -119,43 +118,0 @@ The following are example key policy statements to grant access to a customer ma -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid":"Allow access to the ResourceAccessRole for StartMedicalScribeStream", - "Effect":"Allow", - "Principal":{ - "AWS": "arn:aws:iam::123456789012:role/ResourceAccessRole" - }, - "Action":[ - "kms:Encrypt", - "kms:Decrypt", - "kms:GenerateDataKey*" - ], - "Resource":"arn:aws:kms:us-west-2:123456789012:key/Key_ID", - "Condition": { - "StringEquals": { - // below is the service generated encryption context example - "kms:EncryptionContext:aws:us-east-1:transcribe:medical-scribe:session-id":"1234abcd-12ab-34cd-56ef-123456SAMPLE", - // plus any encryption context that you specify in the request - "kms:EncryptionContext:${ECKey}": "${ECValue}" - } - } - }, - { - "Sid":"Allow access to the ResourceAccessRole for DescribeKey", - "Effect":"Allow", - "Principal":{ - "AWS": "arn:aws:iam::123456789012:role/ResourceAccessRole" - }, - "Action": "kms:DescribeKey", - "Resource":"arn:aws:kms:us-west-2:123456789012:key/Key_ID" - } - } - -