Security best practices for Amazon Transcribe - Amazon Transcribe
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Security best practices for Amazon Transcribe

The following best practices are general guidelines and don’t represent a complete security solution. Because these best practices might not be appropriate or sufficient for your environment, use them as helpful considerations rather than prescriptions.

  • Use data encryption, such as Amazon KMS encryption context

    Amazon KMS encryption context is a map of plain text, non-secret key:value pairs. This map represents additional authenticated data, known as encryption context pairs, which provide an added layer of security for your data.

    For more information, refer to Amazon KMS encryption context.

  • Use temporary credentials whenever possible

    Where possible, use temporary credentials instead of long-term credentials, such as access keys. For scenarios in which you need IAM users with programmatic access and long-term credentials, we recommend that you rotate access keys. Regularly rotating long-term credentials helps you familiarize yourself with the process. This is useful in case you are ever in a situation where you must rotate credentials, such as when an employee leaves your company. We recommend that you use IAM access last used information to rotate and remove access keys safely.

    For more information, see Rotating access keys and Security best practices in IAM.

  • Use IAM roles for applications and Amazon services that require Amazon Transcribe access

    Use an IAM role to manage temporary credentials for applications or services that need to access Amazon Transcribe. When you use a role, you don't have to distribute long-term credentials, such as passwords or access keys, to an Amazon EC2 instance or Amazon service. IAM roles can supply temporary permissions that applications can use when they make requests to Amazon resources.

    For more information, refer to IAM roles and Common scenarios for roles: Users, applications, and services.

  • Use tag-based access control

    You can use tags to control access within your Amazon Web Services accounts. In Amazon Transcribe. tags can be added to: transcription jobs, custom vocabularies, custom vocabulary filters, and custom language models.

    For more information, refer to Tag-based access control.

  • Use Amazon monitoring tools

    Monitoring is an important part of maintaining the reliability, security, availability, and performance of Amazon Transcribe and your Amazon solutions. You can monitor Amazon Transcribe using CloudTrail.

    For more information, refer to Monitoring Amazon Transcribe with Amazon CloudTrail.

  • Enable Amazon Config

    Amazon Config can assess, audit, and evaluate the configurations of your Amazon resources. Using Amazon Config, you can review changes in configurations and relationships between Amazon resources. You can also investigate detailed resource configuration histories and determine your overall compliance against the configurations specified in your internal guidelines. This can help you simplify compliance auditing, security analysis, change management, and operational troubleshooting.

    For more information, refer to What Is Amazon Config?