AWS Security ChangesHomeSearch

AWS transcribe documentation change

Service: transcribe · 2025-08-28 · Documentation low

File: transcribe/latest/dg/health-scribe-encryption.md

Summary

Removed JSON example of KMS key policy with encryption context conditions

Security assessment

Deleted example policy but did not indicate correction of insecure configurations. Changes seem focused on content reorganization rather than security fixes.

Diff

diff --git a/transcribe/latest/dg/health-scribe-encryption.md b/transcribe/latest/dg/health-scribe-encryption.md
index a8871df01..20dec27b2 100644
--- a//transcribe/latest/dg/health-scribe-encryption.md
+++ b//transcribe/latest/dg/health-scribe-encryption.md
@@ -119,43 +118,0 @@ The following are example key policy statements to grant access to a customer ma
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Sid":"Allow access to the ResourceAccessRole for StartMedicalScribeStream",
-                "Effect":"Allow",
-                "Principal":{
-                    "AWS": "arn:aws:iam::123456789012:role/ResourceAccessRole"
-                },
-                "Action":[
-                    "kms:Encrypt",
-                    "kms:Decrypt",
-                    "kms:GenerateDataKey*"
-                ],
-                "Resource":"arn:aws:kms:us-west-2:123456789012:key/Key_ID",
-                "Condition": {
-                    "StringEquals": {
-                        // below is the service generated encryption context example
-                        "kms:EncryptionContext:aws:us-east-1:transcribe:medical-scribe:session-id":"1234abcd-12ab-34cd-56ef-123456SAMPLE",
-                        // plus any encryption context that you specify in the request
-                        "kms:EncryptionContext:${ECKey}": "${ECValue}"
-                    }
-                }
-            },
-            {
-                "Sid":"Allow access to the ResourceAccessRole for DescribeKey",
-                "Effect":"Allow",
-                "Principal":{
-                    "AWS": "arn:aws:iam::123456789012:role/ResourceAccessRole"
-                },
-                "Action": "kms:DescribeKey",
-                "Resource":"arn:aws:kms:us-west-2:123456789012:key/Key_ID"
-            }
-    }
-    
-