AWS Security ChangesHomeSearch

AWS step-functions documentation change

Service: step-functions · 2025-02-27 · Documentation low

File: step-functions/latest/dg/connect-stepfunctions.md

Summary

Added clarification about ARN types required for different IAM policy actions

Security assessment

While the change discusses IAM policies, it's focused on proper configuration rather than addressing a security vulnerability or introducing new security features.

Diff

diff --git a/step-functions/latest/dg/connect-stepfunctions.md
index 294242875..e51499fa3 100644
--- a/step-functions/latest/dg/connect-stepfunctions.md
+++ b/step-functions/latest/dg/connect-stepfunctions.md
@@ -243,0 +244,6 @@ Asynchronous
+###### ARN types required
+
+In the policy for **Synchronous** , note that `states:StartExecution` requires a state machine ARN whereas `states:DescribeExecution` and `states:StopExecution` require an execution ARN.
+
+If you mistakenly combine all three actions, the JSON will be valid but the IAM policy will be incorrect. An incorrect policy can cause stuck workflows and/or access issues during workflow execution.
+