Amazon Virtual Private Cloud Endpoint Policies for Step Functions - Amazon Step Functions
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Virtual Private Cloud Endpoint Policies for Step Functions

You can create an Amazon VPC endpoint policy for Step Functions in which you specify the following:

  • The principal that can perform actions.

  • The actions that can be performed.

  • The resources on which the actions can be performed.

The following example shows an Amazon VPC endpoint policy that allows one user to create state machines, and denies all other users permission to delete state machines. The example policy also grants all users execution permission.

{ "Version": "2012-10-17", "Statement": [ { "Action": "*Execution", "Resource": "*", "Effect": "Allow", "Principal": "*" }, { "Action": "states:CreateStateMachine", "Resource": "*", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:user/MyUser" } }, { "Action": "states:DeleteStateMachine", "Resource": "*", "Effect": "Deny", "Principal": "*" } ] }

For more information about creating endpoint policies, see the following: