如何解决从 Step Function 错误启动 Codebuild 作业:....“无权创建托管规则”
我正在研究 Step Function,其中一项任务是启动 Codebuild 作业:
"initiate_dbt_run": {
"Type": "Task","Next": "EndState","Resource": "arn:aws:states:::codebuild:startBuild.sync","Parameters": {
"ProjectName": "${Environment}-cbr-delivery-Dbt","EnvironmentvariablesOverride": [
{
"Name": "MODEL","Type": "PLAINTEXT","Value": "+tag:utc_10"
}
]
}
},我向状态机 ARN 授予了以下权限:
- Sid: CodebuildAccess
Effect: Allow
Action:
- codebuild:StartBuild
- codebuild:StopBuild
- codebuild:BatchGetBuilds
Resource:
- !Sub "arn:aws:codebuild:*:${AWS::AccountId}:project/${Environment}-cbr-delivery-Dbt"
- Sid: AllowCloudwatchEvents
Effect: Allow
Action:
- events:PutTargets
- events:PutRule
- events:DescribeRule
Resource:
- !Sub "arn:aws:events:*:${AWS::AccountId}:rule:/StepFunctionsGetEventForCodeBuildStartbuildrule"
此外,我不确定是否需要这样做,但通过故障排除,我将这些权限授予了 Codebuild ARN
- PolicyName: statemachines
PolicyDocument:
Version: 2012-10-17
Statement:
- Resource:
- !Sub "arn:aws:states:*:${AWS::AccountId}:stateMachine:fivetranSyncStateMachine-*"
Effect: "Allow"
Action:
- states:StartExecution
- states:StopExecution
- states:DescribeExecution
Resource handler returned message: "'arn:aws:iam::546291546746:role/sam-extract-load-fivetranSyncStateMachineRole-1GNR4UITB9 4K0' is not authorized to create managed-rule. Service:AWsstepFunctions;Status Code: 400;
除了这个 SO 问题 (Nested Step Function in a Step Function: Unknown Error: "...not authorized to create managed-rule") 之外,谷歌搜索授予创建 managed-rule 的授权并没有产生太多结果,这导致我将 Cloudwatch Events perms 添加到 step function arn。不知道还能尝试什么...
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。