Questions tagged with AWS Step Functions

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Invalid security token error when executing nested step function on Step Functions Local

Are nested step functions supported on AWS Step Functions Local? I am trying to create 2 step functions, where the outer one executes the inner one. However, when trying to execute the outer step function, getting an error: "The security token included in the request is invalid". To reproduce, use the latest `amazon/aws-stepfunctions-local:1.10.1` Docker image. Launch the container with the following command: ```sh docker run -p 8083:8083 -e AWS_DEFAULT_REGION=us-east-1 -e AWS_ACCESS_KEY_ID=TESTID -e AWS_SECRET_ACCESS_KEY=TESTKEY amazon/aws-stepfunctions-local ``` Then create a simple HelloWorld _inner_ step function in the Step Functions Local container: ```sh aws stepfunctions --endpoint-url http://localhost:8083 create-state-machine --definition "{\ \"Comment\": \"A Hello World example of the Amazon States Language using a Pass state\",\ \"StartAt\": \"HelloWorld\",\ \"States\": {\ \"HelloWorld\": {\ \"Type\": \"Pass\",\ \"End\": true\ }\ }}" --name "HelloWorld" --role-arn "arn:aws:iam::012345678901:role/DummyRole" ``` Then add a simple _outer_ step function that executes the HelloWorld one: ```sh aws stepfunctions --endpoint-url http://localhost:8083 create-state-machine --definition "{\ \"Comment\": \"OuterTestComment\",\ \"StartAt\": \"InnerInvoke\",\ \"States\": {\ \"InnerInvoke\": {\ \"Type\": \"Task\",\ \"Resource\": \"arn:aws:states:::states:startExecution\",\ \"Parameters\": {\ \"StateMachineArn\": \"arn:aws:states:us-east-1:123456789012:stateMachine:HelloWorld\"\ },\ \"End\": true\ }\ }}" --name "HelloWorldOuter" --role-arn "arn:aws:iam::012345678901:role/DummyRole" ``` Finally, start execution of the outer Step Function: ```sh aws stepfunctions --endpoint-url http://localhost:8083 start-execution --state-machine-arn arn:aws:states:us-east-1:123456789012:stateMachine:HelloWorldOuter ``` The execution fails with the _The security token included in the request is invalid_ error in the logs: ``` arn:aws:states:us-east-1:123456789012:execution:HelloWorldOuter:b9627a1f-55ed-41a6-9702-43ffe1cacc2c : {"Type":"TaskSubmitFailed","PreviousEventId":4,"TaskSubmitFailedEventDetails":{"ResourceType":"states","Resource":"startExecution","Error":"StepFunctions.AWSStepFunctionsException","Cause":"The security token included in the request is invalid. (Service: AWSStepFunctions; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: ad8a51c0-b8bf-42a0-a78d-a24fea0b7823; Proxy: null)"}} ``` Am I doing something wrong? Is any additional configuration necessary?
1
answers
0
votes
167
views
asked 6 months ago

Failed to convert 'Body' to string S3.InvalidContent arn:aws:states:::aws-sdk:s3:getObject step function

I am a newbie so pardon my ignorance. I am writing a very simple step function state machine that uses the AWS SDK to retrieve a file from S3. Every time I run it the task that gets the file from S3 fails with an "S3.InvalidContent" error with "Failed to convert 'Body' to string" as the cause. The full definition of my state machine is: ``` { "Comment": "A description of my state machine", "StartAt": "GetAudioFile", "States": { "GetAudioFile": { "Type": "Task", "Parameters": { "Bucket": "11123", "Key": "test.wav" }, "Resource": "arn:aws:states:::aws-sdk:s3:getObject", "End": true } } } ``` The full text of the TaskFailed event is: ``` { "resourceType": "aws-sdk:s3", "resource": "getObject", "error": "S3.InvalidContent", "cause": "Failed to convert 'Body' to string" } ``` The full text of the CloudWatch log entry with the error is: ``` { "id": "5", "type": "TaskFailed", "details": { "cause": "Failed to convert 'Body' to string", "error": "S3.InvalidContent", "resource": "getObject", "resourceType": "aws-sdk:s3" }, "previous_event_id": "4", "event_timestamp": "1651894187569", "execution_arn": "arn:aws:states:us-east-1:601423303632:execution:test:44ae6102-b544-3cfa-e186-181cdf331493" } ``` 1. What am I doing wrong? 2. How do I fix it? 3. What additional information do you need from me? 4. Most importantly, where can I find answers to these stupid questions so I don't have to post these stupid questions on re:Post again? (I have spent nearly a day scouring AWS docs and Googling without finding anything.)
1
answers
0
votes
187
views
asked 7 months ago

Many AWS Step Functions events in CloudTrail are considered "Management Events", but should be "Data Events"

We use Step Functions pretty extensively in one of our applications. I noticed higher than expected costs in CloudTrail and GuardDuty which caused me to investigate. It looks like every call to StartExecution, SendTaskHeartbeat, StartExecution, SendTaskSuccess, SendTaskFailure, etc are all considered "Management Events" inside CloudTrail. Since all of these function are normal usage of the Step Functions service, I think they should be considered "Data Events" in the same way that regular "usage" of S3, Dynamo, and Lambda API calls are handled. By being considered "management events", they are causing a large number of events (and cost) in CloudTrail, and similar with GuardDuty. Below is a typical event caused by an API call to SendTaskHeartbeat, where you can see `"managementEvent": true` and ` "eventCategory": "Management"`. I believe this should be `"managementEvent": false` and ` "eventCategory": "Data"` ``` { "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "xxxxxxxxxxxxxx-04fe38ef50d84dad1", "arn": "arn:aws:sts::722537357562:assumed-role/my-role-name/i-x0x4xfxex3x8xex", "accountId": "999999999999", "accessKeyId": "ASIAXXXXXXXXXXXPB", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "AROxxxxxxxxxxxxAGI", "arn": "arn:aws:iam::999999999999:role/my-role-name", "accountId": "999999999999", "userName": "my-role-name" }, "webIdFederationData": {}, "attributes": { "creationDate": "2022-05-03T19:21:10Z", "mfaAuthenticated": "false" }, "ec2RoleDelivery": "2.0" } }, "eventTime": "2022-05-03T20:56:18Z", "eventSource": "states.amazonaws.com", "eventName": "SendTaskHeartbeat", "awsRegion": "us-east-1", "sourceIPAddress": "3.81.182.218", "userAgent": "aws-sdk-php/3.183.13 OS/Linux/5.4.0-1030-aws GuzzleHttp/6.5.5 curl/7.68.0 PHP/7.4.3", "requestParameters": { "taskToken": "AAAAKgAAAA......AqHoA+2qxXBI=" }, "responseElements": null, "requestID": "999999999-81de-40bf-8b77-7ccbf0db5fb4", "eventID": "999999999-2193-47dd-8e3d-10a5d9e6266d", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "999999999999", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "states.us-east-1.amazonaws.com" } }
0
answers
0
votes
34
views
asked 7 months ago