aws
awsstepfunctionstasks: Start a Child Step Function using its ARN
Describe the feature
Allow StepFunctionsStartExecutionProps to take an ARN to the child step function as well as the actual Step Function.
Use Case
I have a Step Function which can discover Child Step Functions through ARN's registered in the Parameter Store.
However, currently the only way to call the child - is to explicitly create it and pass to StepFunctionsStartExecutionProps - This means every time a new Child Step function is added (in its own Repo) - The parent Step Function has to be modified and redeployed.
Proposed Solution
Allow StepFunctionsStartExecutionProps to take a ARN for the child Step Function (passed in as a parameter through JSONPath or JSONata)
Other Information
No response
Acknowledgements
- [ ] I may be able to implement this feature request
- [ ] This feature might incur a breaking change
AWS CDK Library version (aws-cdk-lib)
empty
AWS CDK CLI version
2.1018.0 (build e629e30)
Environment details (OS name and version, etc.)
macOS Sequoia 15.5
Hi @heathedavid,
Thank you for the feature request! However, the functionality you're looking for already exists in the CDK.
You can use StateMachine.fromStateMachineArn() to create an IStateMachine from an ARN string, which can then be used with StepFunctionsStartExecution. This allows you to achieve the exact workflow you described:
import as sfn from 'aws-cdk-lib/aws-stepfunctions';
import as sfnTasks from 'aws-cdk-lib/aws-stepfunctions-tasks';
import as ssm from 'aws-cdk-lib/aws-ssm';
// Get ARN from Parameter Store
const childStateMachineArn = ssm.StringParameter.valueFromLookup(
this,
'/my/child-stepfunction/arn'
);
// Create IStateMachine reference from ARN
const childStateMachine = sfn.StateMachine.fromStateMachineArn(
this,
'ChildStateMachine',
childStateMachineArn
);
// Use with StepFunctionsStartExecution
const startChildTask = new sfnTasks.StepFunctionsStartExecution(this, 'StartChild', {
stateMachine: childStateMachine,
input: sfn.TaskInput.fromJsonPathAt('$'),
// ... other props
});
This approach provides:
- ✅ Dynamic discovery of child Step Functions via Parameter Store
- ✅ No need to modify parent Step Function when adding new children
- ✅ Proper IAM permission generation
- ✅ Type safety through the
IStateMachineinterface
The pattern you're looking for is already supported! I'm closing this as the functionality exists through the existing fromStateMachineArn() method.
If you have any questions about implementing this pattern, please feel free to ask!
Pahud,
Thank you for your quick response!
I had thought the pattern you suggested should work - however when I tried it I got an error, hence why I made the request.
I think the problem is, I want the Key to the parameter store to be an input to the Step Function (As I do not know them explicitly, just look for patterns at runtime). From various iterations, it seems it wants to create permission for an exact Child Step Function, rather then just "*"
I am using Go - The error I get is:
panic: ValidationError: Unable to determine ARN separator for SSM parameter since the parameter name is an unresolved token. Use "fromAttributes" and specify "simpleName" explicitly
And the code is:
package main
import (
"github.com/aws/aws-cdk-go/awscdk/v2"
"github.com/aws/aws-cdk-go/awscdk/v2/awsssm"
"github.com/aws/aws-cdk-go/awscdk/v2/awsstepfunctions"
"github.com/aws/aws-cdk-go/awscdk/v2/awsstepfunctionstasks"
"github.com/aws/jsii-runtime-go"
)
func topLevelStepFunction(stack awscdk.Stack) awsstepfunctions.StateMachine {
// The key to the SSM Parameter Store - it is an input to the Step
Function
key := awsstepfunctions.JsonPath_StringAt(jsii.String(
"$.input.stateMachineArn"))
// Get the ARN of the Child Step Function from the SSM Parameter Store
childARN := awsssm.StringParameter_FromStringParameterName(stack,
jsii.String("ARNFromKey"), key).StringValue()
// Create a Step Function task to invoke the Child Step Function
sfChild := awsstepfunctions.StateMachine_FromStateMachineArn(stack,
jsii.String("ChildStateMachine"), childARN)
// Create a Step Function task to invoke the Child Step Function
invokeSF := awsstepfunctionstasks.NewStepFunctionsStartExecution(stack,
jsii.String("InvokeStepFunction2"),
&awsstepfunctionstasks.StepFunctionsStartExecutionProps{
StateName: jsii.String("InvokeStepFunction2"),
IntegrationPattern: awsstepfunctions.IntegrationPattern_RUN_JOB,
Input: awsstepfunctions.TaskInput_FromObject(&map[string]
interface{}{
"info": awsstepfunctions.JsonPath_ObjectAt(jsii.String("$.
input.info")),
}),
ResultPath: jsii.String("$.output.info"),
StateMachine: sfChild,
Comment: jsii.String("Invoke the Child Step Function to
convert the format"),
})
// Initialize the Step Function - this will ensure all inputs are
available
initMainComment := "Initialize the Step Function"
initMain := awsstepfunctions.NewPass(stack, jsii.String("InitMainChild"
),
&awsstepfunctions.PassProps{
Comment: jsii.String(initMainComment),
StateName: jsii.String("Initialize Top Level"),
Parameters: &map[string]any{
"input": map[string]any{
"info": awsstepfunctions.JsonPath_ObjectAt(
jsii.String("$.info")),
"stateMachineArn": awsstepfunctions.JsonPath_StringAt(
jsii.String("$.stateMachineArn")),
},
},
}).Next(invokeSF)
sf := awsstepfunctions.NewStateMachine(stack,
jsii.String("deh-test-deploy-dev"),
&awsstepfunctions.StateMachineProps{
StateMachineName: jsii.String("deh-test-deploy-dev"),
StateMachineType: awsstepfunctions.StateMachineType_STANDARD,
DefinitionBody: awsstepfunctions.DefinitionBody_FromChainable(
initMain),
})
return sf
}
I appreciate any help you are able to give to get this working.
David
On Sun, Jun 8, 2025 at 2:50 PM Pahud Hsieh @.***> wrote:
pahud left a comment (aws/aws-cdk#34650) https://github.com/aws/aws-cdk/issues/34650#issuecomment-2954223601
Hi @heathedavid https://github.com/heathedavid,
Thank you for the feature request! However, the functionality you're looking for already exists in the CDK.
You can use StateMachine.fromStateMachineArn() https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts#L179 to create an IStateMachine from an ARN string, which can then be used with StepFunctionsStartExecution. This allows you to achieve the exact workflow you described:
import as sfn from 'aws-cdk-lib/aws-stepfunctions';import as sfnTasks from 'aws-cdk-lib/aws-stepfunctions-tasks';import as ssm from 'aws-cdk-lib/aws-ssm'; // Get ARN from Parameter Storeconst childStateMachineArn = ssm.StringParameter.valueFromLookup( this, '/my/child-stepfunction/arn'); // Create IStateMachine reference from ARNconst childStateMachine = sfn.StateMachine.fromStateMachineArn( this, 'ChildStateMachine', childStateMachineArn); // Use with StepFunctionsStartExecutionconst startChildTask = new sfnTasks.StepFunctionsStartExecution(this, 'StartChild', { stateMachine: childStateMachine, input: sfn.TaskInput.fromJsonPathAt('$'), // ... other props});
This approach provides:
- ✅ Dynamic discovery of child Step Functions via Parameter Store
- ✅ No need to modify parent Step Function when adding new children
- ✅ Proper IAM permission generation
- ✅ Type safety through the IStateMachine interface
The pattern you're looking for is already supported! I'm closing this as the functionality exists through the existing fromStateMachineArn() method.
If you have any questions about implementing this pattern, please feel free to ask!
— Reply to this email directly, view it on GitHub https://github.com/aws/aws-cdk/issues/34650#issuecomment-2954223601, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEE4HUYIL3ISZY3G5ZTWTXL3CSAY3AVCNFSM6AAAAAB63GQJWKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDSNJUGIZDGNRQGE . You are receiving this because you were mentioned.Message ID: @.***>
I did also try:
childARN := awsssm.StringParameter_FromStringParameterAttributes(stack, jsii.String("ARNFromKey"), &awsssm.StringParameterAttributes{ ParameterName: key, SimpleName: jsii.Bool(true), }).StringValue()
In this case I get:
deh-test-deploy-dev failed: ValidationError: Unable to fetch parameters [$.input.stateMachineArn] from parameter store for this account.
Finally, I tried passing the ARN as a parameter (the way I would really like to do things, namely, resolve the ARN external to the Step Function and pass in) - As the ARN is only known at runtime:
childARN := awsstepfunctions.JsonPath_StringAt(jsii.String("$.input.stateMachineArn"))
In this case I get:
deh-test-deploy-dev failed: ValidationError: Template error: Fn::Select cannot select nonexistent value at index 6
Which I suspect is from, trying to get the following resource:
arn:aws:states:us-east-1:772933491746:execution:{"Fn::Select":[6,"{"Fn::Split":[":","$.input.stateMachineArn"]}"]}*
As the Child Step Function ARN is not known until Runtime - It seems the permission should be
arn:aws:states:us-east-1:772933491746:execution:*
But I see no way to configure it to be that.
I think this is the same as the issue: https://github.com/aws/aws-cdk/issues/6023
I was trying to find this again yesterday and only just discovered it
@pahud have you had a chance to see my comments above - The workflow I requested, does not seem to be supported, as my ARN is not known until runtime (when I look them up dynamically).
So, I assume this is still an enhancement request? Or have you already closed it?
Hi @heathedavid,
Thanks for opening this issue! After reviewing the details, we found some other discussions that may be duplicates or closely related:
Potential Duplicate Issues
- #6023: Both issues involve the inability to use dynamic ARNs for child Step Functions in StepFunctionsStartExecution tasks. The current issue describes discovering Child Step Functions through ARNs in Parameter Store, while #6023 describes using a JSONPath query to set the StateMachineArn. Both have the same root cause: the CDK fails to properly generate IAM policies when the ARN is determined dynamically at runtime rather than at deployment time. The current issue shows error messages like "Unable to determine ARN separator" and "Fn::Select cannot select nonexistent value" when trying to use dynamic ARNs, which directly relates to the policy generation issues described in #6023.
Related Issues
- #23658: Both issues involve the same core problem of CDK not properly handling dynamic ARNs in Step Function tasks, but with different resources. The current issue involves StepFunctionsStartExecution failing to handle dynamic Step Function ARNs, while #23658 involves LambdaInvoke failing to handle dynamic Lambda function ARNs. Both issues show the same pattern where CDK tries to use the JSONPath expression as a literal ARN in IAM policy generation, resulting in deployment failures. The underlying need is identical: being able to resolve resource ARNs dynamically at runtime in Step Functions workflows.
This message was generated automatically to help connect related conversations and improve discoverability.
If you feel this issue brings new or distinct information, feel free to add a comment to keep it open. Otherwise, we'll close this issue in 7 days if we don't receive a response to help keep discussions consolidated.
Please react with 👍 or 👎 to let us know if this response was helpful!
Thank you for helping improve CDK! 🙌
![related-issues-bot-for-aws[bot] avatar](https://avatars.githubusercontent.com/u/2232217?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}