AWS Security ChangesHomeSearch

AWS entityresolution high security documentation change

Service: entityresolution · 2025-10-01 · Security-related high

File: entityresolution/latest/userguide/data-protection.md

Summary

Added KMS policy example for provider decryption permissions with service restrictions

Security assessment

Documents secure key management practices with principal restrictions and service-based conditions to protect encrypted data assets.

Diff

diff --git a/entityresolution/latest/userguide/data-protection.md b/entityresolution/latest/userguide/data-protection.md
index 0b4d37d95..99e40ff78 100644
--- a//entityresolution/latest/userguide/data-protection.md
+++ b//entityresolution/latest/userguide/data-protection.md
@@ -149,0 +150,27 @@ The following are policy statement examples you can add for providers to decrypt
+JSON
+    
+
+****
+    
+    
+    
+    {
+        "Version":"2012-10-17",		 	 	 
+        "Statement": [{
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": "arn:aws:iam::715724997226:root" 
+            },
+            "Action": [
+                "kms:Decrypt"
+            ],
+            "Resource": "arn:aws:kms:us-east-1:111122223333:key/key-id",
+            "Condition": {
+                "StringEquals": {
+                "kms:ViaService": "s3.us-east-1.amazonaws.com"
+                }
+            }
+        }]
+    }
+    
+