Sparked by @User’s topic on Metaflow with CI/CD, we’re also considering on how to approach it with some version controlled approach when it comes to creation of the step-function. We recognized that while step-functions can be created via a CLI, we feel that it’s easy to just CLI everything without commiting code (this is more of a SE’s concern then a DS)… To go about attempting to resolving that, here’s what we’re thinking. We remove the role/access that allows user to able to create step functions locally(simply not providing the SFN value in .metaflowconfig/config.json) . This access is granted by a “step-function-creator” engine in CodeBuild with some custom buildspec. Thoughts ?

you could remove SFN entries from the config or you could remove the related permissions from the IAM user

Yep, that's a very valid way to disallow

step-functions create

. It will still however copy-over the code package to S3 before failing to push to

step-functions

due to in-sufficient permissions.