Posted On: Mar 5, 2019
Amazon Step Functions now supports additional access control with tag-based permissions. This allows you to control access based on tags using Amazon Identity and Access Management (IAM) policies.
Tags are simple labels consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources. Although there are no inherent types of tags, they enable customers to categorize resources by purpose, owner, or other criteria. For example, you can tag Amazon Step Functions state machines based on business units and only allow access to those state machines to members of that business unit. When new environments are launched with tags, the corresponding IAM permissions are automatically applied. By tagging resources at the time of creation, you can eliminate the need to run custom tagging scripts after resource creation.