To satisfy the requirement that PHI be encrypted at rest, encryption of data stored with the instance running models with AWS SageMaker is enabled using AWS Key Management Service (KMS) when setting up the endpoint (DescribeEndpointConfig:KmsKeyID). Encryption of model training results (artifacts) is enabled using AWS KMS and keys should be specified using the KmsKeyID in the OutputDataConfig description. If a KMS Key ID isn’t provided, the default Amazon S3 KMS Key for the role’s account will be utilized. AWS SageMaker is integrated with AWS CloudTrail to log all API calls. Amazon Simple Workflow Amazon Simple Workflow (SWF) helps developers build, run, and scale background jobs that have parallel or sequential steps. Amazon SWF can be thought of as a fully-managed state tracker and task coordinator in the Cloud. The Amazon Simple Workflow Service is used to orchestrate workflows and is not able to store or transmit data. PHI should not be placed in metadata for Amazon SWF or within any task description. Amazon SWF is integrated with AWS CloudTrail to log all API calls.
Amazon Web Services – Architecting for HIPAA Security and CompliancePage 34 AWS Secrets Manager AWS Secrets Manager is an AWS service that makes it easier for customers to manage “secrets.” Secrets can be database credentials, passwords, third-party API keys, and even arbitrary text. AWS Secrets Manager might be used to store PHI if such information is contained within “secrets”. All secrets stored by AWS Secrets Manager are encrypted at rest using the AWS Key Management System (KMS). Users can select the AWS KMS key used when creating a new secret. If no key is selected, the default key for the account will be utilized. AWS Secrets Manager is integrated with AWS CloudTrail to log all API calls. AWS Service Catalog AWS Service Catalog allows IT administrators to create, manage, and distribute portfolios of approved products to end users, who can then access the products they need in a personalized portal. AWS Service Catalog is used to catalog, share and deploy self-service solutions on AWS and cannot be used to store, transmit or process PHI. PHI should not be placed in any metadata for AWS Service Catalog items or within any item description. AWS Service Catalog is integrated with AWS CloudTrail to log all API calls. AWS Step Functions AWS Step Functions makes it easy to coordinate the components of distributed applications and microservices using visual workflows. AWS Step Functions is not able to store, transmit or process PHI. PHI should not be placed within the metadata for AWS Step Functions or within any task or state machine definition. AWS Step Functions is integrated with AWS CloudTrail to log all API calls.
You've reached the end of your free preview.
Want to read all 49 pages?
- Winter '17
- Amazon Web Services, AWS, Amazon Elastic Compute Cloud