AWS connecthealth medium security documentation change
Summary
Added clarification about insurance verification phases, fixed punctuation, and corrected AWS service ARN in Lambda resource policy condition from 'healthcareai' to 'health-agent'
Security assessment
The ARN correction in the Lambda resource-based policy condition (from 'arn:aws:healthcareai:*' to 'arn:aws:health-agent:*') is a security-relevant change. An incorrect ARN in a resource policy could lead to authorization failures or improper access control. This change ensures the policy correctly restricts invocations to the intended service principal, addressing a potential misconfiguration that could impact security.
Diff
diff --git a/connecthealth/latest/userguide/insurance-verification.md b/connecthealth/latest/userguide/insurance-verification.md index 6f1c83094..a9e48f04b 100644 --- a//connecthealth/latest/userguide/insurance-verification.md +++ b//connecthealth/latest/userguide/insurance-verification.md @@ -51,0 +52,2 @@ You don’t need RTE Lambda if: +Insurance verification involves a setup phase and a runtime phase. + @@ -68 +70 @@ For the sample Lambda code, see [sample-healthcare-realtime-eligibility](https:/ -The Appointment management agent provides the following information to your Lambda function: +The Appointment management agent provides the following information to your Lambda function. @@ -89 +91 @@ departmentNPI | Department NPI (optional) -Your Lambda function must return the following information to the Appointment management agent: +Your Lambda function must return the following information to the Appointment management agent. @@ -110 +112 @@ The customer must attach a resource-based policy to their Lambda function granti - * **Condition** : `ArnLike` with `AWS:SourceArn` matching `arn:aws:healthcareai:<region>:<aws-account-id>:*` + * **Condition** : `ArnLike` with `AWS:SourceArn` matching `arn:aws:health-agent:<region>:<aws-account-id>:*`