This AWS step functions use case depicts an automated security incident response workflow with a manual approval step. When an IAM policy is created, a Step Functions workflow is triggered. The workflow compares the policy action to a list of restricted activities that can be customized. The workflow temporarily reverses the policy, then notifies an administrator and awaits approval or denial. As shown in this AWS step functions use cases diagram, you can extend this workflow to remediate automatically by applying alternative actions or restricting actions to specific ARNs. Download EdrawMax and create informative use case diagrams today.