By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Insufficient privilege when running AWS Backup from Step Function

0

I'm trying to start a backup job from a step function, but getting a Backup.BackupException, with this message:

Insufficient privileges to perform this action. (Service: Backup, Status Code: 403, Request ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

My state is very simple ($.table is the ARN of a dynamoDB table):

"StartBackupJob": {
  "Type": "Task",
  "Parameters": {
    "BackupVaultName": "my-vault",
    "IamRoleArn": "arn:aws:iam::xxxxxxxxxxxx:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup",
    "ResourceArn": "$.table"
  },
  "Resource": "arn:aws:states:::aws-sdk:backup:startBackupJob",
  "End": true
}

I even get this when the IAM role for the step function has full permissions. Also, if I assume this role, and use it to start a backup job from the AWS CLI with the same exact parameters, it succeeds.

Any idea what I'm doing wrong?

Topics
ServerlessApplication IntegrationStorage
Tags
AWS Step FunctionsAWS Backup
Language
English
Shahar
asked 2 years ago3025 views
1 Answer
0
Accepted Answer

OK, I figured it out. This isn't really a permissions problem. I should have had ResourceArn.$, to make the step function parse the parameter.

Shahar
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content