AWS healthimaging documentation change
Summary
Added KMS permissions policy example for encryption operations
Security assessment
Added IAM policy example for KMS cryptographic operations (CreateGrant, GenerateDataKey, Decrypt). Improves security documentation but shows no evidence of fixing a vulnerability. Enhances guidance for secure key management.
Diff
diff --git a/healthimaging/latest/devguide/data-encryption.md b/healthimaging/latest/devguide/data-encryption.md index b9c9b7642..dd73465ab 100644 --- a//healthimaging/latest/devguide/data-encryption.md +++ b//healthimaging/latest/devguide/data-encryption.md @@ -78,0 +79,25 @@ The IAM user, IAM role, or AWS account creating your repositories must have perm +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "kms:CreateGrant", + "kms:GenerateDataKey", + "kms:RetireGrant", + "kms:Decrypt", + "kms:ReEncrypt*" + ], + "Resource": "arn:aws:kms:us-east-1:123456789012:key/bec71d48-3462-4cdd-9514-77a7226e001f" + } + ] + } + +