AWS transcribe documentation change
Summary
Added a JSON example for key policy statements to grant access to a customer managed key for HealthScribe encryption.
Security assessment
This change provides an example key policy for customer-managed encryption, which is a security feature. It helps users configure encryption properly but does not address a specific security vulnerability or incident.
Diff
diff --git a/transcribe/latest/dg/health-scribe-encryption.md b/transcribe/latest/dg/health-scribe-encryption.md index bf3c7a55c..c5b2d12ac 100644 --- a//transcribe/latest/dg/health-scribe-encryption.md +++ b//transcribe/latest/dg/health-scribe-encryption.md @@ -118,0 +119,42 @@ The following are example key policy statements to grant access to a customer ma +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Sid": "AllowAccessToResourceAccessRoleForMedicalScribe", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::111122223333:role/ResourceAccessRole" + }, + "Action": [ + "kms:Encrypt", + "kms:Decrypt", + "kms:GenerateDataKey*" + ], + "Resource": "arn:aws:kms:us-west-2:111122223333:key/KMS-Example-KeyId", + "Condition": { + "StringEquals": { + "kms:EncryptionContext:aws:us-east-1:transcribe:medical-scribe:session-id": "1234abcd-12ab-34cd-56ef-123456SAMPLE", + "kms:EncryptionContext:ECKey": "ECValue" + } + } + }, + { + "Sid": "AllowAccessToResourceAccessRoleForDescribeKey", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::111122223333:role/ResourceAccessRole" + }, + "Action": "kms:DescribeKey", + "Resource": "arn:aws:kms:us-west-2:111122223333:key/KMS-Example-KeyId" + } + ] + } + +