serverless-step-functions icon indicating copy to clipboard operation
serverless-step-functions copied to clipboard

Published 20 hours ago verified publisher icon serverless-operations

Restrict IAM Policy for states:StopExecution

Open agupta94 opened this issue 2 years ago • 0 comments

This is a Bug Report

Description

  • What went wrong? Permissions for states:DescribeExecution,states:StopExecution are currently set to *.

  • What did you expect should have happened? Permissions should be restricted to the executions of the respective state machine.

Additional Data

Based on AWS docs https://docs.aws.amazon.com/step-functions/latest/dg/concept-create-iam-advanced.html, these permissions can be restricted to the executions for the respective state machine. states:StartExecution already points to the respective state machine. So requesting a similar behavior while generating the IAM policy.

agupta94 avatar Jul 22 '22 23:07 agupta94