Skip to content

Terraform AWS Step Functions

State machines with IAM execution roles, logging, tracing, retries, timeouts, and workflow definitions for auditable application orchestration.

1 controls enforced6 frameworks

Controls Enforced

The following compliance controls are enforced by this module at terraform plan time.

Quick Start

module "step_functions" {
  source  = "acscessentialeight.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "acscism2023.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "awscontroltower.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "awsgenai.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "awswellarchitected.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "cccsmedium.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "cfrpart11.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "cis.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "cisv500.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "cisv600.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "cisv80ig1.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "cisacyberessentials.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "eugmpannex11.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "fedramplow.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "fedrampmoderate.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "ffiec.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "gdpr.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "hipaa.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "iso27001.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "nis2.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "nist800171.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "nist80053.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "nistcsf.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "nydfs23.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "pcidss.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "rbicybersecurity.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "rbiitfnbfc.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

module "step_functions" {
  source  = "soc2.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "<version>"

  # ... your arguments here
}

See the Get Started guide to get started and read the Features section for more details on how to customize the module for your requirements.

Migration from Upstream

Already using terraform-aws-modules? Change only the source URL:

module "step_functions" {
  source  = "terraform-aws-modules/step-functions/aws"
  version = "1.0"
}

module "step_functions" {
  source  = "soc2.compliance.tf/terraform-aws-modules/step-functions/aws"
  version = "1.0"
}

Same arguments. Same outputs. Compliance controls are enforced automatically at terraform plan. If a required value is missing, you get a clear validation error telling you what to set.

See the Migration Guide for step-by-step instructions.

Reversibility

No lock-in. Switch back by reverting the source URL to the upstream path:

module "step_functions" {
  source  = "terraform-aws-modules/step-functions/aws"
}

Run terraform init -upgrade. Terraform state is unchanged — same resource addresses, same provider, no compliance.tf-specific resources. Controls you already applied remain in AWS.

Mapped compliance frameworks

ACSC-EE-ML2-7.7: Multi-factor authentication ML2

16 Business Continuity

A.8.15 Logging

3 Incident handling

5.3.4: Anti-malware mechanisms and processes are active, maintained, and monitored.

10.2.1: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.1: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.2: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.3: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.4: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.5: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.6: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.7: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.2: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.3.1: Audit logs are protected from destruction and unauthorized modifications.

10.6.3: Time-synchronization mechanisms support consistent time settings across all systems.

A1.2.1: Multi-tenant service providers facilitate logging and incident response for all customers.

A1.2.3: Processes or mechanisms are implemented for reporting and addressing suspected or confirmed security incidents and vulnerabilities

A1.2 The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives

PI1.3 Data is processed completely, accurately, and timely as authorized to meet the entity's processing integrity commitments and system requirements

Framework Coverage

Which controls from this module are active under each framework endpoint. ● enforced by default · ○ not activated by this endpoint

ControlACSC Essential EightEU GMP Annex 11ISO/IEC 27001:2022NIS2 Directive (EU 2022/2555)PCI DSS v4.0SOC 2
Step Function state machines should have logging turned on

Showing top 6 frameworks by coverage. All framework endpoints →