AWS Security ChangesHomeSearch

AWS codepipeline documentation change

Service: codepipeline · 2025-03-30 · Documentation low

File: codepipeline/latest/userguide/action-reference-StepFunctions.md

Summary

Added new section specifying minimum required permissions for StepFunctions actions with example IAM policy

Security assessment

Documents least-privilege permissions for StepFunctions integration but does not address a specific security incident

Diff

diff --git a/codepipeline/latest/userguide/action-reference-StepFunctions.md b/codepipeline/latest/userguide/action-reference-StepFunctions.md
index 88098dec7..fafcf26aa 100644
--- a/codepipeline/latest/userguide/action-reference-StepFunctions.md
+++ b/codepipeline/latest/userguide/action-reference-StepFunctions.md
@@ -5 +5 @@
-Action typeConfiguration parameters Input artifactsOutput artifactsOutput variablesExample action configurationBehaviorSee also
+Action typeConfiguration parameters Input artifactsOutput artifactsOutput variablesService role permissions: StepFunctions actionExample action configurationBehaviorSee also
@@ -135,0 +136,15 @@ The ARN of the execution of the state machine. Standard state machines only.
+## Service role permissions: `StepFunctions` action
+
+For the `StepFunctions` action, the following are the minimum permissions needed to create pipelines with a Step Functions invoke action.
+    
+    
+    {
+        "Effect": "Allow",
+        "Action": [
+            "states:DescribeStateMachine",
+            "states:DescribeExecution",
+            "states:StartExecution"
+        ],
+        "Resource": "resource_ARN"
+    },
+