serverless-step-functions icon indicating copy to clipboard operation
serverless-step-functions copied to clipboard

Published 20 hours ago verified publisher icon serverless-operations

IAM role generated for the state machine fails to create.

Open shanab opened this issue 3 years ago • 0 comments

This is a Bug Report

Description

IAM role generated for the state machine fails at creation time. The state machine looks like this:

stepFunctions:
  stateMachines:
    eventGenerator:
      type: EXPRESS
      events:
        - schedule:
            rate: rate(1 minute)
      name: ${self:custom.stateMachine.name}
      definition:
        StartAt: PassLoopItems
        States:
          PassLoopItems:
            Type: Pass
            Next: Loop
            Result:
              items: [ 0, 1, 2, 3, 4, 5 ]
          Loop:
            Type: Map
            MaxConcurrency: 1
            ItemsPath: "$.items"
            Iterator:
              StartAt: EveryTenSeconds
              States:
                EveryTenSeconds:
                  Type: Wait
                  Seconds: 10
                  Next: InvokeLambda
                InvokeLambda:
                  Type: Task
                  Resource: "arn:aws:states:::lambda:invoke"
                  Parameters:
                    FunctionName: !GetAtt generate_event.arn
                  End: true
            End: true
  • What stacktrace or error message from your provider did you see? CloudFormation fails at creating the generated role with the following reason: The following resource(s) failed to create: [EventGeneratorRole]
Click to see the generated IAM role 
    "EventGeneratorRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": "states.eu-west-1.amazonaws.com"
              },
              "Action": "sts:AssumeRole"
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "dev-eu-west-1-event-generator-statemachine",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "lambda:InvokeFunction"
                  ],
                  "Resource": [
                    {
                      "Fn::GetAtt": [
                        "GenerateUnderscoreeventLambdaFunction",
                        "arn"
                      ]
                    },
                    {
                      "Fn::Sub": [
                        "${functionArn}:*",
                        {
                          "functionArn": {
                            "Fn::GetAtt": [
                              "GenerateUnderscoreeventLambdaFunction",
                              "arn"
                            ]
                          }
                        }
                      ]
                    }
                  ]
                }
              ]
            }
          }
        ]
      }
    }

Additional Data

  • Serverless Framework Core Version you're using: 2.64.1
  • The Plugin Version you're using: 3.1.1
  • Operating System: Mac
  • Stack Trace:
  • Provider Error messages: Unfortunately couldn't dig deeper as to why the IAM role failed to create.

shanab avatar Nov 08 '21 08:11 shanab