Search code examples
amazon-web-servicesserverless-frameworkaws-step-functions

AWS Step Functions: new startExecution.sync:2 <role> not authorized to create managed-rule

I want to try the new AWS Step Functions functionality to start a nested Step Function via startExecution.sync:2 which should do exactly the same as startExecution.sync but return the result as json-object and not as serialized string.

When I want to deploy the Step Functions with CloudFormation, I get the Error "' is not authorized to create managed-rule. (Service: AWSStepFunctions; Status Code: 400; Error Code: AccessDeniedException; Request ID: ...; Proxy: null)"

This Error does only occur with the new startExecution.sync:2, startExecution.sync works perfectly.

My Inline-IAM-Statement is

iamRoleStatements:
# Event to start SF synchronous
- Effect: Allow
  Action:
    - events:PutTargets
    - events:PutRule
    - events:DescribeRule
    - events:DeleteRule
    - events:DisableRule
    - events:EnableRule
    - events:ListRules
  Resource:
    - arn:aws:events:eu-central-1:<MY_AWS_ACCOUNT_ID>:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule
- Effect: Allow
  Action:
    - states:StartExecution
  Resource:
    - <arn of other sf>
- Effect: Allow
  Action:
    - states:DescribeExecution
    - states:StopExecution
  Resource:
    - "*"

The Code for the Task to Start the other Function is

callOcrSf:
  Type: Task
  Resource: "arn:aws:states:::states:startExecution.sync:2"
  Parameters:
    StateMachineArn: <arn of other sf>
    Input.$: "$"
  ResultPath: "$.otherResult"
  Next: nextTask

Does anyone have an idea, why this is not working? I am using the serverless framework for deployment but I think it should not be a difference since it only creates CloudFormation stacks.

Solution

  • I've been using step functions with serverless framework, they have an interesting guide that might help you configure it : https://www.serverless.com/plugins/serverless-step-functions

    Another thing that you would need to install on you project is the plugin to actually be able to create the step function on your serverless yaml https://github.com/serverless-operations/serverless-step-functions

    also according to this PR https://github.com/serverless-operations/serverless-step-functions/pull/333 the startExecution.sync:2 was added in the version 2.19.0 of the package.