Amazon web services AWS StepFunctions:通过lambda使用AWS-SDK创建状态机时出错
我正在尝试使用AWS sdk在AWS步骤函数中创建状态机,例如Amazon web services AWS StepFunctions:通过lambda使用AWS-SDK创建状态机时出错,amazon-web-services,aws-lambda,aws-step-functions,aws-iam,amazon-iam,Amazon Web Services,Aws Lambda,Aws Step Functions,Aws Iam,Amazon Iam,我正在尝试使用AWS sdk在AWS步骤函数中创建状态机,例如 stepfunctions.createStateMachine(params, function(err, data)... 我在AWS控制台中创建了一个lambda,并添加了创建状态机的代码。我还为角色提供了执行此lambda和创建状态机的权限。我还使用模拟器验证了角色权限,这很好(允许)。但是当我执行lambda时,我得到了AccessDeniedException errorMessage": "User: arn:
stepfunctions.createStateMachine(params, function(err, data)...
我在AWS控制台中创建了一个lambda,并添加了创建状态机的代码。我还为角色提供了执行此lambda和创建状态机的权限。我还使用模拟器验证了角色权限,这很好(允许)。但是当我执行lambda时,我得到了AccessDeniedException
errorMessage": "User: arn:aws:sts::555555555:assumed-role/SFN_API_role/SFAPITest is not authorized to perform: states:CreateStateMachine on resource: arn:aws:states:us-east-1:555555555:stateMachine:*",
"errorType": "AccessDeniedException
“SFN_API_角色”是角色,“SFAPIEST”是lambda。
以下是定义的策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:ListStateMachines",
"states:ListActivities",
"states:CreateStateMachine",
"states:CreateActivity"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"lambda:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"states:DescribeStateMachine",
"states:StartExecution",
"states:DeleteStateMachine",
"states:ListExecutions"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"states:DescribeExecution",
"states:GetExecutionHistory",
"states:StopExecution"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"states:DescribeActivity",
"states:DeleteActivity",
"states:GetActivityTask",
"states:SendTaskSuccess",
"states:SendTaskFailure",
"states:SendTaskHeartbeat"
],
"Resource": [
"*"
]
}
]
}
任何指点都很感激 您使用的是“资源”:[“*”]
而不是“资源”:“*”
。只需将策略的第一部分更改为以下内容:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:ListStateMachines",
"states:ListActivities",
"states:CreateStateMachine",
"states:CreateActivity"
],
"Resource": "*"
},
...
我认为日志足够清楚-拒绝访问异常,这意味着您假定的角色没有创建状态机的权限