AWS Security ChangesHomeSearch

AWS step-functions high security documentation change

Service: step-functions · 2025-07-25 · Security-related high

File: step-functions/latest/dg/call-https-apis.md

Summary

Added 'Authorization' header to prohibited headers list for HTTP Task definitions

Security assessment

Explicitly prohibiting Authorization headers prevents potential credential exposure in Step Functions HTTP tasks. This directly addresses security concerns about sensitive data leakage in task configurations.

Diff

diff --git a/step-functions/latest/dg/call-https-apis.md b/step-functions/latest/dg/call-https-apis.md
index 6f272aadf..88b2e8fd5 100644
--- a//step-functions/latest/dg/call-https-apis.md
+++ b//step-functions/latest/dg/call-https-apis.md
@@ -219,0 +220,2 @@ You can't use the following headers in your HTTP Task definition. If you use the
+  * Authorization
+