AWS Security ChangesHomeSearch

AWS step-functions documentation change

Service: step-functions · 2025-04-18 · Documentation low

File: step-functions/latest/dg/sfn-best-practices.md

Summary

Updated ARN patterns to use 'account-id' and 'region' placeholders in examples

Security assessment

Routine documentation update for example consistency. No security-related changes.

Diff

diff --git a/step-functions/latest/dg/sfn-best-practices.md b/step-functions/latest/dg/sfn-best-practices.md
index 3dc46f5cb..1d931bb90 100644
--- a//step-functions/latest/dg/sfn-best-practices.md
+++ b//step-functions/latest/dg/sfn-best-practices.md
@@ -111 +111 @@ For tag-based authorization, state machine execution resources as shown in the f
-    arn:<partition>:states:<Region>:<account-id>:execution:<StateMachineName>:<ExecutionId>
+    arn:partition:states:region:account-id:execution:<StateMachineName>:<ExecutionId>
@@ -184 +184 @@ To avoid this situation, specify a reasonable timeout when you create a `Task` i
-      "Resource": "arn:aws:states:us-east-1:123456789012:activity:HelloWorld",
+      "Resource": "arn:aws:states:region:account-id:activity:HelloWorld",
@@ -201 +201 @@ If you use a [callback with a task token (.waitForTaskToken)](./connect-to-resou
-            "QueueUrl": "https://sqs.us-east-1.amazonaws.com/123456789012/push-based-queue"
+            "QueueUrl": "https://sqs.us-east-1.amazonaws.com/account-id/push-based-queue"