Menu
I'm writing the terraform for creating an IAM role for AWS StepFunctions. What should be the value for Principal in assume_role_policy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "stepfunctions.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
I'm getting the error
Error: Error creating IAM Role my_utility_sfn: MalformedPolicyDocument: Invalid principal in policy: "SERVICE":"stepfunctions.amazonaws.com"
977
A service principal is an identifier for a service. IAM roles that can be assumed by an AWS service are called service roles. Service roles must include a trust policy. Trust policies are resource-based policies attached to a role that defines which principals can assume the role.
AWS Step Functions is a low-code, visual workflow service that developers use to build distributed applications, automate IT and business processes, and build data and machine learning pipelines using AWS services.
Step Functions is a serverless orchestration service that lets you easily coordinate multiple Lambda functions into flexible workflows that are easy to debug and easy to change. Step Functions will keep your Lambda functions free of additional logic by triggering and tracking each step of your application for you.
You sign in to the Step Functions console, where you create a state machine that uses two Pass states. You then start a new execution and review the execution details. You then change one of the Pass state's result and view the changes. Finally, you perform a clean-up step, where you delete your state machine.
The AWS documentation for service endpoints should hold the answer.
Looks like it is states.<region>.amazonaws.com
109
The principal is states.<region>.amazonaws.com :
https://docs.aws.amazon.com/step-functions/latest/dg/tutorial-lambda-state-machine-cloudformation.html#lambda-state-machine-cfn-create-role
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
