AWS Security ChangesHomeSearch

AWS healthimaging medium security documentation change

Service: healthimaging · 2025-11-22 · Security-related medium

File: healthimaging/latest/devguide/dicomweb-oidc-requirements.md

Summary

Removed detailed IAM policy examples and lambda resource policy configuration

Security assessment

The removal of concrete IAM policy examples and lambda resource policies could lead to insecure configurations if users no longer have reference implementations for proper access control. This creates a risk of misconfigured permissions.

Diff

diff --git a/healthimaging/latest/devguide/dicomweb-oidc-requirements.md b/healthimaging/latest/devguide/dicomweb-oidc-requirements.md
index bcdf4eca0..d27a63ecf 100644
--- a//healthimaging/latest/devguide/dicomweb-oidc-requirements.md
+++ b//healthimaging/latest/devguide/dicomweb-oidc-requirements.md
@@ -27,0 +28 @@ Here is an example of a policy allowing associated roles to access to HealthImag
+Here is an example of the trust relationship policy that should be associated to the role(s):
@@ -29,21 +30,4 @@ Here is an example of a policy allowing associated roles to access to HealthImag
-    {
-        "Version": "2012-10-17",		 	 	 
-        "Statement": [
-            {
-                "Sid": "MedicalImagingDicomWebOperations",
-                "Effect": "Allow",
-                "Action": [
-                    "medical-imaging:SearchDICOMInstances",
-                    "medical-imaging:GetImageSetMetadata",
-                    "medical-imaging:GetDICOMSeriesMetadata",
-                    "medical-imaging:SearchDICOMStudies",
-                    "medical-imaging:GetDICOMBulkdata",
-                    "medical-imaging:SearchDICOMSeries",
-                    "medical-imaging:GetDICOMInstanceMetadata",
-                    "medical-imaging:GetDICOMInstance",
-                    "medical-imaging:GetDICOMInstanceFrames"
-                ],
-                "Resource": "arn:aws:medical-imaging:{Region}:{Account}:datastore/{DatastoreId}"
-            }
-        ]
-    }
+JSON
+    
+
+****
@@ -51 +34,0 @@ Here is an example of a policy allowing associated roles to access to HealthImag
-Here is an example of the trust relationship policy that should be associated to the role(s):
@@ -125,22 +108,0 @@ Here is an example of lambda resource policy:
-    
-    {
-      "Version": "2012-10-17",		 	 	 
-      "Id": "default",
-      "Statement": [
-        {
-          "Sid": "LambaAuthorizer-HealthImagingInvokePermission",
-          "Effect": "Allow",
-          "Principal": {
-            "Service": "medical-imaging.amazonaws.com"
-          },
-          "Action": "lambda:InvokeFunction",
-          "Resource": "arn:aws:lambda:{Region}:{Account}::function:{LambdaAuthorizerFunctionName}",
-          "Condition": {
-            "ArnLike": {
-              "AWS:SourceArn": "arn:aws:medical-imaging:{Region}:{Account}:datastore/{DatastoreId}"
-            }
-          }
-        }
-      ]
-    }
-