AWS healthlake documentation change
Summary
Removed mention of specific access methods (AWS Management Console, AWS CLI, AWS API) being blocked by default permissions, simplifying the explanation of default IAM policy behavior.
Security assessment
The change removes redundant details about access methods but does not alter the core security principle of least privilege or introduce new security-related information. The documentation still emphasizes that IAM policies are required for access, and there is no evidence of addressing a specific vulnerability or incident.
Diff
diff --git a/healthlake/latest/devguide/security_iam_id-based-policy-examples.md b/healthlake/latest/devguide/security_iam_id-based-policy-examples.md index 67fb26e97..c6b5510ee 100644 --- a//healthlake/latest/devguide/security_iam_id-based-policy-examples.md +++ b//healthlake/latest/devguide/security_iam_id-based-policy-examples.md @@ -9 +9 @@ Policy best practicesUsing the consoleAccessing an AWS HealthLake data store in -By default, users and roles don't have permission to create or modify HealthLake resources. They also can't perform tasks by using the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS API. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies. The administrator can then add the IAM policies to roles, and users can assume the roles. +By default, users and roles don't have permission to create or modify HealthLake resources. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies.