IAM policies for Activities-only Step Functions state machines - Amazon Step Functions
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

IAM policies for Activities-only Step Functions state machines

For a state machine that has only Activity tasks, or no tasks at all, use an IAM policy that denies access to all actions and resources.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

For more information about using Activity tasks, see Learn about Activities in Step Functions.