I'm trying to create a state machine that can invoke another state machine. I tried to use following approach to get ARN. However this returns error Arn is not a valid property, which stack is being created.
ParentStateMachine:
Type: "AWS::StepFunctions::StateMachine"
Properties:
StateMachineName: !Sub "ParentStateMachine"
DefinitionString:
Fn::Sub:
- |-
{
"Comment": "...",
"StartAt": "State1",
"States": {
"State1": {
"Type": "Task",
"Resource": "arn:aws:states:::states:startExecution.sync",
"Parameters": {
"StateMachineArn": "${ChildStateMachineArn}",
"Input": {
"StatePayload": {
"datasetDate.$": "$.datasetDate"
},
"AWS_STEP_FUNCTIONS_STARTED_BY_EXECUTION_ID.$": "$$.Execution.Id"
}
},
"End": true
}
}
}
- {
ChildStateMachineArn:
Fn::GetAtt:
- ChildStateMachine
- Arn
}
RoleArn:
Fn::GetAtt:
- StatesExecutionRole
- Arn
I've also tried to generate ARN by using this string.
arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:ChildStateMachine
However, this gave error
Failed to call Step Functions for request: 'com.amazonaws.services.stepfunctions.model.CreateStateMachineRequest'. (Service: null; Status Code: 500; Error Code: null; Request ID: null)
I'm able to create other type of state machines using cloud formation. Only when I'm trying to create one that executes a child workflow is not working. When I go to cloud trail, the CreateStateMachineEvent has an error code of Access Denied. I've given Admin Access to the role. Did anyone face this issue and found a solution?
For States using the "Wait For callback" patterns (those ending in .sync or .waitForTaskToken) you need special policies, as mentioned here.
Specifically in your case, in addition to the Standard states:StartEecution policy you need to add event-related policies:
And policies dedicated to the Description and Stopping of the execution:
Details can be found here
For simplicity, most of the time I use the next policies:
- PolicyName: StatesStartExecutionPolicy
- PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "states:*"
Resource: "*"
- PolicyName: StatesAccessEventsPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "events:*"
Resource: "*"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With