AWS step-functions documentation change
Summary
Added clarification about tasks becoming stuck when events lack required data and polling permissions are missing
Security assessment
Explains a reliability issue related to IAM permissions but doesn't address security vulnerabilities. Focuses on operational consequences rather than security weaknesses.
Diff
diff --git a/step-functions/latest/dg/service-integration-iam-templates.md b/step-functions/latest/dg/service-integration-iam-templates.md index 2554b00d0..90b7e8987 100644 --- a//step-functions/latest/dg/service-integration-iam-templates.md +++ b//step-functions/latest/dg/service-integration-iam-templates.md @@ -44 +44 @@ For Run a Job (.sync) tasks that support **both** polling and events, your task -In the previous scenario, you might not notice the polling permissions are missing or incorrect. In the rare case that an event fails to be delivered to or processed by Step Functions, your execution could become stuck. +In the previous scenario, you might not notice the polling permissions are missing or incorrect. In the rare case that an event fails to be delivered to or processed by Step Functions, your execution could become stuck. Additionally, in some cases the event might not contain all the data that is required to complete the task. When this happens, Step Functions polls the service to retrieve the remaining data. If the execution role lacks the required permissions for polling, the task gets stuck, even though other tasks that don't require additional polling succeed.