AWS step-functions documentation change
Summary
Added a detailed IAM policy JSON example for DetectSentiment permissions
Security assessment
The added IAM policy example demonstrates proper permissions configuration for AWS Comprehend, which is a security best practice. However, it does not address a specific security issue.
Diff
diff --git a/step-functions/latest/dg/getting-started.md b/step-functions/latest/dg/getting-started.md index b01da6f99..8c79a68a9 100644 --- a//step-functions/latest/dg/getting-started.md +++ b//step-functions/latest/dg/getting-started.md @@ -452 +452,16 @@ Before you can run the workflow, you need to create a **role** and **policy** to - 5. For **Policy name** enter `DetectSentimentPolicy`, then **Create policy**. + 5. For **Policy name** enter `DetectSentimentPolicy`, then **Create policy**. You should have created a policy as JSON, similar to the following: TIM + + { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "comprehend:DetectSentiment" + ], + "Resource": [ + "*" + ], + "Effect": "Allow" + } + ] + }