Issue:
1) I create new AWS State Machine with "Hello World" blueprint
2) click on create state machine button
3) it opens a dialog box and choose iam roles dropdown is empty and is not showing list of existing iam roles associated with my aws account
Debugging:
I found that it throws following JS error while loading dashboard itself before doing anything else.
JS Error:grapheneConsole_prod_963c8da….gz.js:110 POST https://us-west-2.console.aws.amazon.com/states/service/iam/createrole 403 (Forbidden)
So i think it assumes the user to have "create role" permission which i don't have.
If anyone faced this before and solved it. Please help me.
Some extra info: I am using a corporate aws account which is what is assigned to all developers. Also for lambda or any other AWS resources we have been given specific dev role we are supposed to use and i have successfully used that with everything else along with creating lambda. I would have chosen the same iam role if it would have shown me the list
Under the AWS Management Console section, choose the role you want to view. On the Selected role page, under Manage users and groups for this role, you can view the users and groups assigned to the role.
The activity worker polls Step Functions for work, takes any inputs from Step Functions, performs the work using your code, and returns results.
Open the Step Functions console and choose Create state machine. Ensure that your state machine is under the same AWS account and Region as the Lambda function you created earlier. On the Choose authoring method page, choose Design your workflow visually. For Type, retain the default selection, that is, Standard.
You can give AWS Step Functions initial input data by passing it to a StartExecution action when you start an execution, or by passing initial data using the Step Functions console . Initial data is passed to the state machine's StartAt state. If no input is provided, the default is an empty object ( {} ).
I posted about my issue to AWS support.
They have provided the justification of why it is happening. In my opinion it is more of a limitation.
So dropdown to select an IAM role in Step Functions works differently compared to our other services. Only IAM roles that have trust relationship allowing Step Functions service in the region to assume the role will show up in the dropdown unlike our other services. So i need to have at least one IAM role in my account with below trust policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "states.<region>.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
I hope this helps to anyone having similar issue. It took me few days to reach an answer.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With