AWS transcribe documentation change
Summary
Removed multiple JSON policy examples including trust relationships, KMS access policies, and tag-based access controls
Security assessment
Deleted security policy templates but did not demonstrate vulnerability fixes. Changes appear to streamline documentation rather than address specific security weaknesses. No explicit security context provided in diff.
Diff
diff --git a/transcribe/latest/dg/security_iam_id-based-policy-examples.md b/transcribe/latest/dg/security_iam_id-based-policy-examples.md index 890c8bb0c..42ed6c07c 100644 --- a//transcribe/latest/dg/security_iam_id-based-policy-examples.md +++ b//transcribe/latest/dg/security_iam_id-based-policy-examples.md @@ -86,33 +85,0 @@ The IAM entity you use to make your transcription request must have a trust poli -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "transcribe.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole" - ], - "Condition": { - "StringEquals": { - "aws:SourceAccount": "111122223333" - }, - "StringLike": { - "aws:SourceArn": "arn:aws:transcribe:us-west-2:111122223333:*" - } - } - } - ] - } - - @@ -121,33 +87,0 @@ JSON -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "transcribe.streaming.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole" - ], - "Condition": { - "StringEquals": { - "aws:SourceAccount": "111122223333" - }, - "StringLike": { - "aws:SourceArn": "arn:aws:transcribe:us-west-2:111122223333:*" - } - } - } - ] - } - - @@ -276,33 +209,0 @@ The following policy grants the IAM role “`ExampleRole`” permission to use t -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::111122223333:role/ExampleRole" - }, - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Resource": "*", - "Condition": { - "StringEquals": { - "kms:EncryptionContext:color":"indigoBlue" - } - } - } - ] - } - - @@ -313,31 +213,0 @@ Here's an example of an assume role policy that shows how you can use `aws:Sourc -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "transcribe.amazonaws.com" - }, - "Action": [ - "sts:AssumeRole" - ], - "Condition": { - "StringEquals": { - "aws:SourceAccount": "111122223333" - }, - "StringLike": { - "aws:SourceArn": "arn:aws:transcribe:us-west-2:111122223333:*" - } - } - } - ] - } - - @@ -352,29 +221,0 @@ For more information on tagging in Amazon Transcribe, see [Tagging resources](./ -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ListTranscriptionJobsInConsole", - "Effect": "Allow", - "Action": "transcribe:ListTranscriptionJobs", - "Resource": "*" - }, - { - "Sid": "ViewTranscriptionJobsIfOwner", - "Effect": "Allow", - "Action": "transcribe:GetTranscriptionJobs", - "Resource": "arn:aws:transcribe:*:*:transcription-job/*", - "Condition": { - "StringEquals": {"aws:ResourceTag/Owner": "${aws:username}"} - } - } - ] - } - -