Invoking AWS Step function from Lambda in python

18,838

So, I found the mistake, I was using the wrong ARN. The ARN I was using was for a specific execution of the step function The correct ARN to be used is

arn:aws:states:us-east-1:xxxxxxxx:stateMachine:dev-hassan-pipeline-sf

Its actually surprising, that I couldnt find the ARN for the state machine on the web ui. I figured out my mistake when looking at some sample codes, and I realized my ARN had execution in it and not statemachine.

I just realized, I did not even post the entire ARN in this question

Share:
18,838

Related videos on Youtube

Hassan Jalil
Author by

Hassan Jalil

Masters in Computer Science at Vrije Universiteit Amsterdam Specialization in High Performance Computing

Updated on June 04, 2022

Comments

  • Hassan Jalil
    Hassan Jalil over 1 year

    So I am trying to invoke a simple step function I wrote using a Lambda in python. I am using boto3 for this purpose

    client = boto3.client('stepfunctions')
        response = client.start_execution(
            stateMachineArn='aws:states:.......',
            name='dev-hassan-pipeline-sf',
            input= json.dumps(returnVal)
        )
    

    And I have created an IAM Role which has "AWSStepFunctionsFullAccess" policy

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": "states:*",
                "Resource": "*"
            }
        ]
    }
    

    I assign this role to my Lambda, but when I run the lambda I get the following error

    An error occurred (AccessDeniedException) when calling the StartExecution operation: User: arn:aws:sts::xxxxxxxx:assumed-role/dev-hassan-role1/dev-hassan-pipeline-lambda is not authorized to access this resource: ClientError
    

    dev-hassan-pipeline-lambda is my Lambda's name and dev-hassan-role1 is my role name

    Can some one help me out here, what am I doing wrong, why cant I invoke the step function from Lambda as I have given it the permissions it needs

  • Hassan Jalil
    Hassan Jalil over 6 years
    I have already created the role with required permission and assigned it. I have mentioned the role in the question