AWS Security ChangesHomeSearch

AWS entityresolution high security documentation change

Service: entityresolution · 2025-10-01 · Security-related high

File: entityresolution/latest/userguide/create-idmw-two-accounts-prerequisite.md

Summary

Added KMS key policy example with cross-account decryption permissions and service restrictions

Security assessment

The policy enforces least-privilege access to encrypted data with account-based restrictions and service conditions, directly addressing data protection requirements.

Diff

diff --git a/entityresolution/latest/userguide/create-idmw-two-accounts-prerequisite.md b/entityresolution/latest/userguide/create-idmw-two-accounts-prerequisite.md
index 465b573b9..7dc66ce47 100644
--- a//entityresolution/latest/userguide/create-idmw-two-accounts-prerequisite.md
+++ b//entityresolution/latest/userguide/create-idmw-two-accounts-prerequisite.md
@@ -20,0 +21,26 @@ Before you create an ID mapping workflow across two AWS accounts with LiveRamp,
+JSON
+    
+
+****
+    
+    
+        {
+        "Version":"2012-10-17",		 	 	 
+        "Statement": [{
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": "arn:aws:iam::715724997226:root" 
+            },
+            "Action": [
+                "kms:Decrypt"
+            ],
+            "Resource": "arn:aws:kms:us-east-1:111122223333:key/key-id",
+            "Condition": {
+                "StringEquals": {
+                "kms:ViaService": "s3.us-east-1.amazonaws.com"
+                }
+            }
+        }]
+    }
+    
+