AWS Step Functions Adds Tag-Based Permissions

Posted on: Mar 5, 2019

AWS Step Functions now supports additional access control with tag-based permissions. This allows you to control access based on tags using AWS Identity and Access Management (IAM) policies.

Tags are simple labels consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources. Although there are no inherent types of tags, they enable customers to categorize resources by purpose, owner, or other criteria. For example, you can tag AWS Step Functions state machines based on business units and only allow access to those state machines to members of that business unit. When new environments are launched with tags, the corresponding IAM permissions are automatically applied. By tagging resources at the time of creation, you can eliminate the need to run custom tagging scripts after resource creation.

You can add or remove tags from your AWS Step Functions resources using the console, CLI, or SDK. AWS tags are supported by AWS Step Functions in all regions where Step Functions is available at no additional cost. For more information, please visit: