I'm following this article to go through the steps on how to set up a cloudwatch rule in the AWS console to trigger a StepFunction state machine, link:https://blog.shikisoft.com/3-ways-to-schedule-aws-lambda-and-step-functions-state-machines/
One of the steps, in the console it can create a new role to give cloudwatch events permission to trigger statemachine, for some reason I have permission issue when trying this step, can someone try this process and copy the permission/policy of this new role for me? So that I can use it in Terraform definition. Hope this makes sense, thanks.
This role gives Cloudwatch Events (not rebranded as EventBridge) to assume role as you and then start execution for the state machine.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [ "states:StartExecution" ],
"Resource": [ "arn:aws:states:*:*:stateMachine:*" ]
}
]
}
This wiki might be helpful https://docs.aws.amazon.com/eventbridge/latest/userguide/iam-identity-based-access-control-eventbridge.html#target-permissions-eventbridge
On
for some reason I have permission issue when trying this step
You may not have the permission to either create target or IAM roles. I'd recommend checking the permission of the role you are using in the console.