When you have ever obtained the next error shouldn't be approved to create managed-rule when operating a Step Perform by way of Terraform’s AWS Supplier, then you’ll have jumped by way of many alternative hoops making an attempt to determine what was mistaken.
What’s the Fast Repair?
Open the function in IAM and connect the CloudWatchEventsFullAccess AWS managed coverage to the permissions insurance policies.
Want Extra Info?
IAM Function Principal Coverage required to AssumeRole
{
"Model" : "2012-10-17",
"Assertion" : [
{
"Effect" : "Allow",
"Principal" : {
"Service" : "states.amazonaws.com"
},
"Action" : "sts:AssumeRole"
}
]
}
IAM Function Coverage GetEvents For StepFunctions Execution Rule
{
"Impact": "Enable",
"Motion": [
"events:PutTargets",
"events:PutRule",
"events:DescribeRule"
],
"Useful resource": [
"arn:aws:events:[[region]]:[[account]]:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"
]
}
IAM Function Coverage underneath StepFunctions CloudFormation
- Impact: Enable
Motion:
- occasions:PutTargets
- occasions:PutRule
- occasions:DescribeRule
Useful resource:
- !Sub arn:${AWS::Partition}:occasions:${AWS::Area}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule
If it is advisable to restrict it to a useful resource, then StepFunctionsGetEventsForStepFunctionsExecutionRule is the one you’re in search of!
