AWS healthimaging documentation change
Summary
Added a JSON example of an IAM trust policy allowing medical-imaging.amazonaws.com to assume a role with source ARN and account conditions
Security assessment
The change adds an IAM policy example which is security documentation, but there's no evidence of addressing a specific vulnerability. It demonstrates security best practices for role assumption conditions.
Diff
diff --git a/healthimaging/latest/devguide/security-iam-deputy.md b/healthimaging/latest/devguide/security-iam-deputy.md index 50da36203..5bd31421e 100644 --- a//healthimaging/latest/devguide/security-iam-deputy.md +++ b//healthimaging/latest/devguide/security-iam-deputy.md @@ -14,0 +15,29 @@ In the following trust policy example, we use the `aws:SourceArn` and `aws:Sourc +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "medical-imaging.amazonaws.com" + }, + "Action": "sts:AssumeRole", + "Condition": { + "ArnLike": { + "aws:SourceArn": "arn:aws:medical-imaging:us-east-1:123456789012:datastore/*" + }, + "StringEquals": { + "aws:SourceAccount": "123456789012" + } + } + } + ] + } + +