AWS healthimaging documentation change
Summary
Added IAM policy examples for DICOMWeb access and Lambda authorizer permissions
Security assessment
Added two security policy examples: 1) Resource policy for medical imaging operations 2) Lambda invoke permissions. Enhances access control documentation but doesn't address a specific vulnerability. Provides concrete security implementation guidance.
Diff
diff --git a/healthimaging/latest/devguide/dicomweb-oidc-requirements.md b/healthimaging/latest/devguide/dicomweb-oidc-requirements.md index c120f9cfa..453c59bb8 100644 --- a//healthimaging/latest/devguide/dicomweb-oidc-requirements.md +++ b//healthimaging/latest/devguide/dicomweb-oidc-requirements.md @@ -27,0 +28,30 @@ Here is an example of a policy allowing associated roles to access to HealthImag +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Sid": "MedicalImagingDicomWebOperations", + "Effect": "Allow", + "Action": [ + "medical-imaging:SearchDICOMInstances", + "medical-imaging:GetImageSetMetadata", + "medical-imaging:GetDICOMSeriesMetadata", + "medical-imaging:SearchDICOMStudies", + "medical-imaging:GetDICOMBulkdata", + "medical-imaging:SearchDICOMSeries", + "medical-imaging:GetDICOMInstanceMetadata", + "medical-imaging:GetDICOMInstance", + "medical-imaging:GetDICOMInstanceFrames" + ], + "Resource": "arn:aws:medical-imaging:us-east-1:123456789012:datastore/datastore-123" + } + ] + } + + @@ -108,0 +139,29 @@ Here is an example of lambda resource policy: +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Id": "default", + "Statement": [ + { + "Sid": "LambaAuthorizer-HealthImagingInvokePermission", + "Effect": "Allow", + "Principal": { + "Service": "medical-imaging.amazonaws.com" + }, + "Action": "lambda:InvokeFunction", + "Resource": "arn:aws:lambda:us-east-1:123456789012::function:{LambdaAuthorizerFunctionName}", + "Condition": { + "ArnLike": { + "AWS:SourceArn": "arn:aws:medical-imaging:us-east-1:123456789012:datastore/datastore-123" + } + } + } + ] + } + +