AWS Security ChangesHomeSearch

AWS connecthealth documentation change

Service: connecthealth · 2026-03-19 · Documentation low

File: connecthealth/latest/userguide/security-iam.md

Summary

Updated IAM policy examples to use concrete policy version (2012-10-17), removed 'health-agent:GenerateMedicalCodes' permission, modified KMS/S3 permissions structure, and changed 'Data protection' section title

Security assessment

Changes update policy examples for accuracy but don't address vulnerabilities. The S3 permission changes refine access patterns but don't explicitly patch security flaws. KMS permission change from ListKeysForService to ListKeys expands scope but lacks security context. Version updates are routine maintenance.

Diff

diff --git a/connecthealth/latest/userguide/security-iam.md b/connecthealth/latest/userguide/security-iam.md
index d220f0ddb..35b0cb68e 100644
--- a//connecthealth/latest/userguide/security-iam.md
+++ b//connecthealth/latest/userguide/security-iam.md
@@ -74 +74 @@ Read-only console policy:
-      "Version": "{POLICY_VERSION}",
+      "Version": "2012-10-17" ,
@@ -93 +93 @@ Full access console policy:
-      "Version": "{POLICY_VERSION}",
+      "Version": "2012-10-17" ,
@@ -102 +101,0 @@ Full access console policy:
-            "health-agent:GenerateMedicalCodes",
@@ -138 +137 @@ Full access console policy:
-            "kms:ListKeysForService",
+            "kms:ListKeys",
@@ -150,5 +148,0 @@ Full access console policy:
-            "s3:getBucket",
-            "s3:getBucketVersions",
-            "s3:getVersioning",
-            "s3:getLocation",
-            "s3:getService",
@@ -157 +151,2 @@ Full access console policy:
-            "s3:deleteObject"
+            "s3:ListBucket",
+            "s3:ListAllMyBuckets"
@@ -191 +186 @@ The following policy grants full access to a specific Amazon Connect Health doma
-      "Version": "{POLICY_VERSION}",
+      "Version": "2012-10-17" ,
@@ -212 +207 @@ The following policy allows users to start and retrieve ambient documentation se
-      "Version": "{POLICY_VERSION}",
+      "Version": "2012-10-17" ,
@@ -231 +226 @@ The following policy grants read-only access to ambient documentation sessions.
-      "Version": "{POLICY_VERSION}",
+      "Version": "2012-10-17" ,
@@ -250 +245 @@ The following policy grants full access to all Amazon Connect Health resources.
-      "Version": "{POLICY_VERSION}",
+      "Version": "2012-10-17" ,
@@ -266 +261 @@ The following policy grants read-only access to domains and agents while explici
-      "Version": "{POLICY_VERSION}",
+      "Version": "2012-10-17" ,
@@ -294 +289 @@ This example shows how you might create a policy that allows IAM users to view t
-      "Version": "{POLICY_VERSION}",
+      "Version": "2012-10-17" ,
@@ -334 +329 @@ The following example shows a service role policy for Amazon Connect Health that
-      "Version": "{POLICY_VERSION}",
+      "Version": "2012-10-17" ,
@@ -398 +393 @@ The following example shows a trust policy that allows the Amazon Connect Health
-      "Version": "{POLICY_VERSION}",
+      "Version": "2012-10-17" ,
@@ -433 +428 @@ Data protection
-CloudTrail logs
+Compliance validation