AWS entityresolution high security documentation change
Summary
Added KMS policy example for provider decryption permissions with service restrictions
Security assessment
Documents secure key management practices with principal restrictions and service-based conditions to protect encrypted data assets.
Diff
diff --git a/entityresolution/latest/userguide/data-protection.md b/entityresolution/latest/userguide/data-protection.md index 0b4d37d95..99e40ff78 100644 --- a//entityresolution/latest/userguide/data-protection.md +++ b//entityresolution/latest/userguide/data-protection.md @@ -149,0 +150,27 @@ The following are policy statement examples you can add for providers to decrypt +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [{ + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::715724997226:root" + }, + "Action": [ + "kms:Decrypt" + ], + "Resource": "arn:aws:kms:us-east-1:111122223333:key/key-id", + "Condition": { + "StringEquals": { + "kms:ViaService": "s3.us-east-1.amazonaws.com" + } + } + }] + } + +