AWS Security ChangesHomeSearch

AWS step-functions documentation change

Service: step-functions · 2025-10-07 · Documentation low

File: step-functions/latest/dg/connect-to-resource.md

Summary

Added clarification about Step Functions Resource ARN format and legacy Lambda integrations

Security assessment

The changes provide technical clarification about resource URI formatting and legacy integration patterns without addressing security vulnerabilities or documenting security controls

Diff

diff --git a/step-functions/latest/dg/connect-to-resource.md b/step-functions/latest/dg/connect-to-resource.md
index 329f1fa5e..51e26169b 100644
--- a//step-functions/latest/dg/connect-to-resource.md
+++ b//step-functions/latest/dg/connect-to-resource.md
@@ -21,0 +22,4 @@ Each of these service integration patterns is controlled by how you create a URI
+An ASL Resource value in Step Functions is a unique name (URI) which conforms to [ARN format](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html#arns-syntax), but typically does not identify an actual _Resource_ in your account. The prefix "`arn:aws:states:`" sets up a namespace that Step Functions uses for integrations. The `:::` portion of the value denotes empty `region` and `account-id` fields which are unnecessary because both are inferred from the region and account in which the workflow runs.
+
+Legacy integrations to AWS Lambda are the one exception where the Resource value specifies an actual Lambda function resource. The Step Functions console will display these legacy Resources, but you cannot create or edit such resources in the present day graphical UI, unless you choose to edit the ASL code directly.
+