By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

The security token included in the request is invalid

0

Hi, I have nested workflow for Step Functions where the outer state machine awaits for the inner state machine to return task token. Definitions: Outer State machine:

{
  "Comment": "A description of my state machine",
  "StartAt": "ChildProcessing",
  "States": {
    "ChildProcessing": {
      "Type": "Task",
      "Resource": "arn:aws:states:::states:startExecution.waitForTaskToken",
      "Parameters": {
        "StateMachineArn": "arn:aws:states:us-east-1:123456789012:stateMachine:child",
        "Input": {
          "parentTaskToken.$": "$$.Task.Token",
          "AWS_STEP_FUNCTIONS_STARTED_BY_EXECUTION_ID.$": "$$.Execution.Id"
        }
      },
      "ResultPath": "$.output",
      "Next": "PostJobSuccess"
    },
    "PostJobFailure": {
      "Type": "Task",
      "Resource": "arn:aws:states:::sqs:sendMessage",
      "Parameters": {
        "MessageBody.$": "$$.Execution.Input",
        "QueueUrl": "http://queueurl"
      },
      "End": true
    },
    "PostJobSuccess": {
      "Type": "Task",
      "Resource": "arn:aws:states:::sqs:sendMessage",
      "Parameters": {
        "MessageBody.$": "$$.Execution.Input",
        "QueueUrl": "http://queueurl"
      },
      "End": true
    }
  }
}

Inner State machine:

{
  "Comment": "Child processing.",
  "StartAt": "GetJobStatus",
  "States": {
    "GetJobStatus": {
      "Type": "Task",
      "Resource": "arn:aws:states:::sqs:sendMessage.waitForTaskToken",
      "TimeoutSeconds": 120,
      "Parameters": {
        "QueueUrl": "http://childqueueurl",
        "MessageAttributes": {
          "jobName": {
            "DataType": "String",
            "StringValue": "AsyncProcessingJob"
          }
        },
        "MessageBody": {
          "taskToken.$": "$$.Task.Token",
          "machineExecutionId.$": "$$.Execution.Id"
        }
      },
      "ResultSelector": {
        "input.$": "$$.Execution.Input.input",
        "parentTaskToken.$": "$$.Execution.Input.parentTaskToken"
      },
      "Next": "CheckJobStatus"
    },
    "CheckJobStatus": {
      "Type": "Choice",
      "Choices": [
        {
          "Variable": "$.jobStatus",
          "StringMatches": "finished",
          "Next": "SendTaskSuccess"
        },
        {
          "Variable": "$.jobStatus",
          "StringMatches": "failed",
          "Next": "SendTaskFailure"
        }
      ]
    },
    "SendTaskFailure": {
      "Type": "Task",
      "Parameters": {
        "TaskToken.$": "$$.Execution.Input.parentTaskToken"
      },
      "Resource": "arn:aws:states:::aws-sdk:sfn:sendTaskFailure",
      "End": true
    },
    "SendTaskSuccess": {
      "Type": "Task",
      "Parameters": {
        "Output.$": "$.input",
        "TaskToken.$": "$$.Execution.Input.parentTaskToken"
      },
      "Resource": "arn:aws:states:::aws-sdk:sfn:sendTaskSuccess",
      "End": true
    }
  }
}

Here is my aws-stepfunctions-local-credentials.txt with fake credentials and setting STEP_FUNCTIONS_ENDPOINT to http://localhost:8083

AWS_DEFAULT_REGION=us-east-1
AWS_ACCESS_KEY_ID=test
AWS_SECRET_ACCESS_KEY=test
AWS_SESSION_TOKEN=test
STEPFUNCTIONS_PORT=8083
STEP_FUNCTIONS_ENDPOINT=http://localhost:8083
STEPFUNCTIONS_HOST=stepfunctions-local

While executing this nested workflow, I am getting the error:

 {"Type":"TaskSubmitFailed","PreviousEventId":22,"TaskSubmitFailedEventDetails":{"ResourceType":"aws-sdk","Resource":"sfn:sendTaskSuccess","Error":"Sfn.SfnException","Cause":"software.amazon.awssdk.services.sfn.model.SfnException: The security token included in the request is invalid. (Service: Sfn, Status Code: 400, Request ID: 864f4abc-6e26-4ce7-9cfa-63ade13dd6ca)"}}

Has anyone come across similar issue and found solution?

Topics
ServerlessApplication Integration
Tags
AWS Step Functions
Language
English
gamathur
asked 2 years ago998 views
3 Answers
0

Hello,

Thanks for reaching out, Tim here with Support Engineering.

When you started step function local did you use the JAR method or the docker method?

When you started it up, did you run into any of the following error messages?

2022-07-20 16:33:28.828: Failed to load credentials from environment because Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY))
2022-07-20 16:33:28.865: Failed to load credentials from profile: default because profile file cannot be null
2022-07-20 16:33:28.865: Failed to load credentials from system properties because Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey)
2022-07-20 16:33:28.865: Failed to load credentials, default to dummy credentials, so any connection to AWS services will not work, connections to local endpoints are not affected.

If you did, did you follow the documentation at these steps (one is for the JAR method to provide credentials and the other is for docker):

JAR - https://docs.aws.amazon.com/step-functions/latest/dg/sfn-local-jar.html Docker - https://docs.aws.amazon.com/step-functions/latest/dg/sfn-local-config-options.html#docker-credentials

to provide credentials into the system?

Could you also try to perform this test on the cloud resources and not local? That would potentially give us an idea with some execution logs as to what is occurring and isolate if it's a step function local, docker, or state machine item and helps chops up and pinpoint the issue a bit more.

AWS
SUPPORT ENGINEER
Tim_P
answered 2 years ago
0

Hi Tim, thank you for the response. Here are the answers to your queries:

  • We use docker for setting up Step Function locally
  • No I do not see any of the errors mentioned while setting up locally
  • Yes, I have aws-stepfunctions-local-credentials.txt file which looks like this:
AWS_DEFAULT_REGION=us-east-1
AWS_ACCESS_KEY_ID=test
AWS_SECRET_ACCESS_KEY=test
STEPFUNCTIONS_PORT=8083
STEP_FUNCTIONS_ENDPOINT=http://localhost:8083/

I have also tried putting AWS_SESSION_TOKEN=test to the above file, but no luck.

  • I have tried a similar nested workflow in the testing AWS environment and the entire workflow finishes successfully.
gamathur
answered 2 years ago
0

Thanks for following up!

Could you share the command you're using to start step function local?

AWS
SUPPORT ENGINEER
Tim_P
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content