AWS entityresolution high security documentation change
Summary
Added KMS key policy example with cross-account decryption permissions and service restrictions
Security assessment
The policy enforces least-privilege access to encrypted data with account-based restrictions and service conditions, directly addressing data protection requirements.
Diff
diff --git a/entityresolution/latest/userguide/create-idmw-two-accounts-prerequisite.md b/entityresolution/latest/userguide/create-idmw-two-accounts-prerequisite.md index 465b573b9..7dc66ce47 100644 --- a//entityresolution/latest/userguide/create-idmw-two-accounts-prerequisite.md +++ b//entityresolution/latest/userguide/create-idmw-two-accounts-prerequisite.md @@ -20,0 +21,26 @@ Before you create an ID mapping workflow across two AWS accounts with LiveRamp, +JSON + + +**** + + + { + "Version":"2012-10-17", + "Statement": [{ + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::715724997226:root" + }, + "Action": [ + "kms:Decrypt" + ], + "Resource": "arn:aws:kms:us-east-1:111122223333:key/key-id", + "Condition": { + "StringEquals": { + "kms:ViaService": "s3.us-east-1.amazonaws.com" + } + } + }] + } + +