Posted On: Mar 5, 2019

Amazon Step Functions now supports additional access control with tag-based permissions. This allows you to control access based on tags using Amazon Identity and Access Management (IAM) policies. 

Tags are simple labels consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources. Although there are no inherent types of tags, they enable customers to categorize resources by purpose, owner, or other criteria. For example, you can tag Amazon Step Functions state machines based on business units and only allow access to those state machines to members of that business unit. When new environments are launched with tags, the corresponding IAM permissions are automatically applied. By tagging resources at the time of creation, you can eliminate the need to run custom tagging scripts after resource creation.

You can add or remove tags from your Amazon Step Functions resources using the console or SDK. Amazon Web Services tags are supported by Amazon Web Services Step at no additional cost. For more information see Tagging in the Amazon Step Functions Developer Guide.