16

So I am trying to invoke a simple step function I wrote using a Lambda in python. I am using boto3 for this purpose 

client = boto3.client('stepfunctions')
    response = client.start_execution(
        stateMachineArn='aws:states:.......',
        name='dev-hassan-pipeline-sf',
        input= json.dumps(returnVal)
    )

And I have created an IAM Role which has "AWSStepFunctionsFullAccess" policy 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "states:*",
            "Resource": "*"
        }
    ]
}

I assign this role to my Lambda, but when I run the lambda I get the following error 

An error occurred (AccessDeniedException) when calling the StartExecution operation: User: arn:aws:sts::xxxxxxxx:assumed-role/dev-hassan-role1/dev-hassan-pipeline-lambda is not authorized to access this resource: ClientError

dev-hassan-pipeline-lambda is my Lambda's name and dev-hassan-role1 is my role name

Can some one help me out here, what am I doing wrong, why cant I invoke the step function from Lambda as I have given it the permissions it needs

Improve this question

2 Answers 2

Reset to default
12

So, I found the mistake, I was using the wrong ARN. The ARN I was using was for a specific execution of the step function The correct ARN to be used is 

arn:aws:states:us-east-1:xxxxxxxx:stateMachine:dev-hassan-pipeline-sf

Its actually surprising, that I couldnt find the ARN for the state machine on the web ui. I figured out my mistake when looking at some sample codes, and I realized my ARN had execution in it and not statemachine.

I just realized, I did not even post the entire ARN in this question

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

-2

update your IAM role with policy "AWSStepFunctionsFullAccess" or whatever you need

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.