AWS Security ChangesHomeSearch

AWS step-functions documentation change

Service: step-functions · 2025-08-28 · Documentation low

File: step-functions/latest/dg/vpc-endpoints.md

Summary

Specified granular Step Functions actions in VPC endpoint policy example

Security assessment

Replaced a wildcard action (*Execution) with specific actions (e.g., states:ListExecutions), demonstrating least privilege principles. This improves security documentation but does not address a known vulnerability.

Diff

diff --git a/step-functions/latest/dg/vpc-endpoints.md b/step-functions/latest/dg/vpc-endpoints.md
index f3299006a..b7e933e5b 100644
--- a//step-functions/latest/dg/vpc-endpoints.md
+++ b//step-functions/latest/dg/vpc-endpoints.md
@@ -72 +72,3 @@ The following example shows an Amazon VPC endpoint policy that allows one user t
-                "Action": "*Execution",
+                "Action": [
+                  "states:ListExecutions", "states:StartExecution", "states:StopExecution", "states:DescribeExecution"
+                ],
@@ -82 +84 @@ The following example shows an Amazon VPC endpoint policy that allows one user t
-                  "AWS": "arn:aws:iam::account-id:user/MyUser"
+                  "AWS": "arn:aws:iam::123456789012:user/MyUser"