How to invoke step function from a lambda which is inside a vpc?

Question

I am trying to invoke a step function from a lambda which is inside a VPC. I get exception that HTTP request timed out.

Is it possible to access step function from a lambda in a vpc?

Thanks,

Answer 1

It is possible but depends on how you are trying to access step functions. If you are using the AWS SDK then it should take care of any http security issues, otherwise if you are executing raw HTTP commands you will need to mess around with AWS headers.

The other thing you will need to look at is the role that lambda is executing. Without seeing how you have things configure I can only suggest to you things I encountered; you may need to adjust your policies so the role can have the action: sts:AssumeRole, another possibility is adding the action: iam:PassRole to the same execution role.

The easiest solution is to grant your execution role administrator privileges, test it out then work backwards to lock down your role access. Remember to treat your lambda function like another API user account and set privileges appropriately.

Answer 2

If your lambda function is running inside a VPC, you need to add a VPC endpoint for step functions.

In the VPC console : Endpoints : Create Endpoint, the service name for step functions is com.amazonaws.us-east-1.states (the region name may vary).

Took me a while to find this in the documentation.