AWS Step Functions (IAM)

aws compute

AWS Step Functions is a serverless orchestration service that lets you coordinate multiple AWS services into flexible workflows.

Common permissions

states:ListStateMachinesstates:DescribeStateMachinestates:StartExecutionstates:StopExecutionstates:DescribeExecutionstates:GetExecutionHistorystates:ListExecutionsstates:ListTagsForResource

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "states:ListStateMachines",
        "states:DescribeStateMachine",
        "states:StartExecution",
        "states:StopExecution",
        "states:DescribeExecution",
        "states:GetExecutionHistory",
        "states:ListExecutions",
        "states:ListTagsForResource"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid states:* — grants full control including delete and modify of state machines and executions
Avoid states:DeleteStateMachine unless explicitly needed for cleanup

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/states/states.json ↗

API

full doc /v1/iam/states