'invoke stepfunction' 角色(从 cloudwatch 事件控制台创建)有什么权限?
What permissions does the 'invoke stepfunction' role (created from cloudwatch events console) have?
我正在按照这篇文章完成有关如何在 AWS 控制台中设置 cloudwatch 规则以触发 StepFunction 状态机的步骤,link:https://blog.shikisoft.com/3-ways-to-schedule-aws-lambda-and-step-functions-state-machines/
其中一个步骤,它可以在控制台中创建一个新角色来授予 cloudwatch events 触发状态机的权限,由于某种原因我在尝试此步骤时遇到权限问题,有人可以尝试此过程并复制 permission/policy 对我来说这个新角色?这样我就可以在 Terraform 定义中使用它。
希望这是有道理的,谢谢。
此角色让 Cloudwatch Events(未更名为 EventBridge)承担您的角色,然后开始执行状态机。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [ "states:StartExecution" ],
"Resource": [ "arn:aws:states:*:*:stateMachine:*" ]
}
]
}
开启
for some reason I have permission issue when trying this step
您可能没有创建目标或 IAM 角色的权限。我建议检查您在控制台中使用的角色的权限。
我建议您声明一个 IAM 角色并将其 link 加入您的“事件规则”,就像在这个 CloudFormation 示例中一样,它 监听 S3 中的更改桶:
S3EventRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- events.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: CallStepFunctions
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- states:StartExecution
Resource:
- !Ref MainFlow
## Event Rule
S3EventRule:
Type: AWS::Events::Rule
Properties:
Name: your-S3EventRule
Targets:
- Id: event_from_S3EventRule
Arn: your-stepfunctions-arn
RoleArn: !GetAtt S3EventRole.Arn
EventPattern:
source:
- aws.s3
detail-type:
- Object Created
- Object Deleted
detail:
bucket:
name:
- your-bucket
我正在按照这篇文章完成有关如何在 AWS 控制台中设置 cloudwatch 规则以触发 StepFunction 状态机的步骤,link:https://blog.shikisoft.com/3-ways-to-schedule-aws-lambda-and-step-functions-state-machines/
其中一个步骤,它可以在控制台中创建一个新角色来授予 cloudwatch events 触发状态机的权限,由于某种原因我在尝试此步骤时遇到权限问题,有人可以尝试此过程并复制 permission/policy 对我来说这个新角色?这样我就可以在 Terraform 定义中使用它。 希望这是有道理的,谢谢。
此角色让 Cloudwatch Events(未更名为 EventBridge)承担您的角色,然后开始执行状态机。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [ "states:StartExecution" ],
"Resource": [ "arn:aws:states:*:*:stateMachine:*" ]
}
]
}
开启
for some reason I have permission issue when trying this step
您可能没有创建目标或 IAM 角色的权限。我建议检查您在控制台中使用的角色的权限。
我建议您声明一个 IAM 角色并将其 link 加入您的“事件规则”,就像在这个 CloudFormation 示例中一样,它 监听 S3 中的更改桶:
S3EventRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- events.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: CallStepFunctions
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- states:StartExecution
Resource:
- !Ref MainFlow
## Event Rule
S3EventRule:
Type: AWS::Events::Rule
Properties:
Name: your-S3EventRule
Targets:
- Id: event_from_S3EventRule
Arn: your-stepfunctions-arn
RoleArn: !GetAtt S3EventRole.Arn
EventPattern:
source:
- aws.s3
detail-type:
- Object Created
- Object Deleted
detail:
bucket:
name:
- your-bucket