En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Insufficient privilege when running AWS Backup from Step Function

0

I'm trying to start a backup job from a step function, but getting a Backup.BackupException, with this message:

Insufficient privileges to perform this action. (Service: Backup, Status Code: 403, Request ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

My state is very simple ($.table is the ARN of a dynamoDB table):

"StartBackupJob": {
  "Type": "Task",
  "Parameters": {
    "BackupVaultName": "my-vault",
    "IamRoleArn": "arn:aws:iam::xxxxxxxxxxxx:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup",
    "ResourceArn": "$.table"
  },
  "Resource": "arn:aws:states:::aws-sdk:backup:startBackupJob",
  "End": true
}

I even get this when the IAM role for the step function has full permissions. Also, if I assume this role, and use it to start a backup job from the AWS CLI with the same exact parameters, it succeeds.

Any idea what I'm doing wrong?

Sujets
Sans serveurIntégration d'applicationsStockage
Balises
Fonctions d’étapes AWSAWS Backup
Langue
English
Shahar
demandé il y a 2 ans3045 vues
1 réponse
0
Réponse acceptée

OK, I figured it out. This isn't really a permissions problem. I should have had ResourceArn.$, to make the step function parse the parameter.

Shahar
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents