Security best practices for Amazon Transcribe
The following best practices are general guidelines and don’t represent a complete security solution. Because these best practices might not be appropriate or sufficient for your environment, use them as helpful considerations rather than prescriptions.
-
Use data encryption, such as Amazon KMS encryption context
Amazon KMS encryption context is a map of plain text, non-secret key:value pairs. This map represents additional authenticated data, known as encryption context pairs, which provide an added layer of security for your data.
For more information, refer to Amazon KMS encryption context.
-
Use temporary credentials whenever possible
Where possible, use temporary credentials instead of long-term credentials, such as access keys. For scenarios in which you need IAM users with programmatic access and long-term credentials, we recommend that you rotate access keys. Regularly rotating long-term credentials helps you familiarize yourself with the process. This is useful in case you are ever in a situation where you must rotate credentials, such as when an employee leaves your company. We recommend that you use IAM access last used information to rotate and remove access keys safely.
For more information, see Rotating access keys and Security best practices in IAM.
-
Use IAM roles for applications and Amazon services that require Amazon Transcribe access
Use an IAM role to manage temporary credentials for applications or services that need to access Amazon Transcribe. When you use a role, you don't have to distribute long-term credentials, such as passwords or access keys, to an Amazon EC2 instance or Amazon service. IAM roles can supply temporary permissions that applications can use when they make requests to Amazon resources.
For more information, refer to IAM roles and Common scenarios for roles: Users, applications, and services.
-
Use tag-based access control
You can use tags to control access within your Amazon Web Services accounts. In Amazon Transcribe. tags can be added to: transcription jobs, custom vocabularies, custom vocabulary filters, and custom language models.
For more information, refer to Tag-based access control.
-
Use Amazon monitoring tools
Monitoring is an important part of maintaining the reliability, security, availability, and performance of Amazon Transcribe and your Amazon solutions. You can monitor Amazon Transcribe using CloudTrail.
For more information, refer to Monitoring Amazon Transcribe with Amazon CloudTrail.
-
Enable Amazon Config
Amazon Config can assess, audit, and evaluate the configurations of your Amazon resources. Using Amazon Config, you can review changes in configurations and relationships between Amazon resources. You can also investigate detailed resource configuration histories and determine your overall compliance against the configurations specified in your internal guidelines. This can help you simplify compliance auditing, security analysis, change management, and operational troubleshooting.
For more information, refer to What Is Amazon Config?