AWS step-functions documentation change
Summary
Added clarification about ARN types required for different IAM policy actions
Security assessment
While the change discusses IAM policies, it's focused on proper configuration rather than addressing a security vulnerability or introducing new security features.
Diff
diff --git a/step-functions/latest/dg/connect-stepfunctions.md index 294242875..e51499fa3 100644 --- a/step-functions/latest/dg/connect-stepfunctions.md +++ b/step-functions/latest/dg/connect-stepfunctions.md @@ -243,0 +244,6 @@ Asynchronous +###### ARN types required + +In the policy for **Synchronous** , note that `states:StartExecution` requires a state machine ARN whereas `states:DescribeExecution` and `states:StopExecution` require an execution ARN. + +If you mistakenly combine all three actions, the JSON will be valid but the IAM policy will be incorrect. An incorrect policy can cause stuck workflows and/or access issues during workflow execution. +