Invoking AWS Step function from Lambda in python

Question

So I am trying to invoke a simple step function I wrote using a Lambda in python. I am using boto3 for this purpose

client = boto3.client('stepfunctions')
    response = client.start_execution(
        stateMachineArn='aws:states:.......',
        name='dev-hassan-pipeline-sf',
        input= json.dumps(returnVal)
    )

And I have created an IAM Role which has "AWSStepFunctionsFullAccess" policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "states:*",
            "Resource": "*"
        }
    ]
}

I assign this role to my Lambda, but when I run the lambda I get the following error

An error occurred (AccessDeniedException) when calling the StartExecution operation: User: arn:aws:sts::xxxxxxxx:assumed-role/dev-hassan-role1/dev-hassan-pipeline-lambda is not authorized to access this resource: ClientError

dev-hassan-pipeline-lambda is my Lambda's name and dev-hassan-role1 is my role name

Can some one help me out here, what am I doing wrong, why cant I invoke the step function from Lambda as I have given it the permissions it needs

Answer 1

So, I found the mistake, I was using the wrong ARN. The ARN I was using was for a specific execution of the step function The correct ARN to be used is

arn:aws:states:us-east-1:xxxxxxxx:stateMachine:dev-hassan-pipeline-sf

Its actually surprising, that I couldnt find the ARN for the state machine on the web ui. I figured out my mistake when looking at some sample codes, and I realized my ARN had execution in it and not statemachine.

I just realized, I did not even post the entire ARN in this question

Answer 2

You can fix the permissions in AWS's IAM. Create a role with the required permissions, and while creating the lambda function, you can refer to the above created IAM role when prompted.

Hope that solves your permissions issue :)

Cheers!

Answer 3

使用策略“AWSStepFunctionsFullAccess”或您需要的任何内容更新您的 IAM 角色