issue to create volume from snapshot using in-build step function


using step functions "create volume" (arn:aws:states:::aws-sdk:ec2:createVolume.waitForTaskToken) I want to create a volume from encrypted snapshot, but step fucntion It never get resume or not throwing any error. It keep running for ever! I have already passed availability zone, kmskeyId, encrypt=true, snapshot id, size, type , but it keeps running for ever. I have also allowed full access of EC2 and also allowed full access of KMS to step function. but still it is not working.

已提問 14 天前檢視次數 22 次
2 個答案

One way to troubleshoot would be to build a test user in IAM with admin rights (Delete this user when done with the test)

Try your step function with these enhanced rights. If it now works . . .

Use IAM Acccess analyser to build a policy that has all the needed access.

profile picture
已回答 14 天前

I'm sorry to hear that this was confusing, but the feature is working as expected. Please see the help link below. The .waitForTaskToken integration pattern allows you to pass a token to a the target of a Task that you then need to call back to Step Functions with (using the SendTaskSuccess, SendTaskFailure, etc API Actions). In the meantime, the workflow execution will wait.

I believe what you expected was the behavior of the .sync / Run A Job integration pattern. Unfortunately, this is only available for a select set of API actions via Optimized Service Integrations.

Given we do not have such an optimized integration for ec2:createVolume, I suggest you consider using a job-poller-pattern to check for status and continue the workflow.

A handy approach is to encapsulate this in a separate state machine that can be called using the .sync service integration for Step Functions so you can reuse it in different workflows. You can see that approach in action in this blog post:

已回答 13 天前

您尚未登入。 登入 去張貼答案。