AWS step-functions documentation change
Summary
Shortened explanation of default permissions, removing specific references to AWS Management Console, CLI, and API access
Security assessment
The change reduces redundancy in stating default deny permissions but does not alter security guidance or address a specific security issue. Core policy enforcement mechanisms remain unchanged.
Diff
diff --git a/step-functions/latest/dg/security_iam_id-based-policy-examples.md b/step-functions/latest/dg/security_iam_id-based-policy-examples.md index 3b1d257d6..27a4a2dd9 100644 --- a//step-functions/latest/dg/security_iam_id-based-policy-examples.md +++ b//step-functions/latest/dg/security_iam_id-based-policy-examples.md @@ -9 +9 @@ Policy best practicesUsing the consoleAllow users to view their own permissions -By default, users and roles don't have permission to create or modify Step Functions resources. They also can't perform tasks by using the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS API. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies. The administrator can then add the IAM policies to roles, and users can assume the roles. +By default, users and roles don't have permission to create or modify Step Functions resources. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies.