I have a Lambda function defined in CDK. I'm using this Lambda to invoke a State Machine and for that I would need to provide it some Policies. The way I tried was the following:
const stepFunctionsPolicy = new PolicyStatement({
effect: Effect.ALLOW,
actions: ["states:*"],
resources: ['*']
})
MachineLambda.addToRolePolicy(stepFunctionsPolicy) //Added the Policy to the Lambda's Role
This is a workaround, but ideally, I would like to provide AWS Managed Policies, instead of manually defining each policy, to this Lambda function (specifically the AWSStepFunctionsFullAccess)?
The question specifically asks how to add the AWSStepFunctionsFullAccess managed policy to the Lambda's role. This allows the Lambda to perform CRUD operations on all step functions:
machineLambda.role?.addManagedPolicy(
iam.ManagedPolicy.fromAwsManagedPolicyName("AWSStepFunctionsFullAccess")
);
Consider granting the Lambda narrow permissions instead, following the IAM least privilege permissions security best practice:
myStateMachine.grantExecution(machineLambda);