AWS step-functions high security documentation change
Summary
Added 'Authorization' header to prohibited headers list for HTTP Task definitions
Security assessment
Explicitly prohibiting Authorization headers prevents potential credential exposure in Step Functions HTTP tasks. This directly addresses security concerns about sensitive data leakage in task configurations.
Diff
diff --git a/step-functions/latest/dg/call-https-apis.md b/step-functions/latest/dg/call-https-apis.md index 6f272aadf..88b2e8fd5 100644 --- a//step-functions/latest/dg/call-https-apis.md +++ b//step-functions/latest/dg/call-https-apis.md @@ -219,0 +220,2 @@ You can't use the following headers in your HTTP Task definition. If you use the + * Authorization +