From d6d5f0ceb8bcc2c4bd863fe0a7dbe137c100252c Mon Sep 17 00:00:00 2001
From: VaidSaraswat <41310238+VaidSaraswat@users.noreply.github.com>
Date: Tue, 27 Aug 2024 16:02:59 -0700
Subject: [PATCH] Update packages/aws-cdk-lib/aws-stepfunctions/README.md

Co-authored-by: Adam Wong <55506708+wong-a@users.noreply.github.com>
---
 packages/aws-cdk-lib/aws-stepfunctions/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/aws-cdk-lib/aws-stepfunctions/README.md b/packages/aws-cdk-lib/aws-stepfunctions/README.md
index 131b1752b1882..d7fcc281c4517 100644
--- a/packages/aws-cdk-lib/aws-stepfunctions/README.md
+++ b/packages/aws-cdk-lib/aws-stepfunctions/README.md
@@ -997,7 +997,7 @@ If a state machine is encrypted with a customer managed key and has logging enab
 const stateMachineKmsKey = new kms.Key(this, 'StateMachine Key');
 const logGroupKey = new kms.Key(this, 'LogGroup Key');
 
-// To enable encrypted CloudWatch log integration for a state machine, you must add the following to your log group key policy
+// Required KMS key policy to enrypt the CloudWatch log group
 logGroupKey.addToResourcePolicy(new cdk.aws_iam.PolicyStatement({
   resources: ['*'],
   actions: ['kms:Encrypt*', 'kms:Decrypt*', 'kms:ReEncrypt*', 'kms:GenerateDataKey*', 'kms:Describe*'],