By using AWS re:Post, you agree to the Terms of Use
/Insufficient privilege when running AWS Backup from Step Function/

Insufficient privilege when running AWS Backup from Step Function


I'm trying to start a backup job from a step function, but getting a Backup.BackupException, with this message:

Insufficient privileges to perform this action. (Service: Backup, Status Code: 403, Request ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

My state is very simple ($.table is the ARN of a dynamoDB table):

"StartBackupJob": {
  "Type": "Task",
  "Parameters": {
    "BackupVaultName": "my-vault",
    "IamRoleArn": "arn:aws:iam::xxxxxxxxxxxx:role/aws-service-role/",
    "ResourceArn": "$.table"
  "Resource": "arn:aws:states:::aws-sdk:backup:startBackupJob",
  "End": true

I even get this when the IAM role for the step function has full permissions. Also, if I assume this role, and use it to start a backup job from the AWS CLI with the same exact parameters, it succeeds.

Any idea what I'm doing wrong?

1 Answers
Accepted Answer

OK, I figured it out. This isn't really a permissions problem. I should have had ResourceArn.$, to make the step function parse the parameter.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions