小编viv*_*dha的帖子

AWS步骤功能部署日志访问问题

我遇到了一些我无法弄清楚的权限问题。

由于错误，步骤函数部署失败：

Error: AccessDeniedException: The state machine IAM Role is not authorized to access the Log Destination
10:12:19    status code: 400, request id: ff46f8c0-fcc8-4190-ba6a-13f5ab617c78
10:12:19  
10:12:19    on step_function.tf line 1, in resource "aws_sfn_state_machine" "oss_integration_data_process_sf":
10:12:19     1: resource "aws_sfn_state_machine" "os_int_data_process_sf" {

Run Code Online (Sandbox Code Playgroud)

有趣的是，它只发生在一个 lambda 上，而所有 lambda 都有相同的前缀，并且我们有步骤函数授予权限：

            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:AssociateKmsKey",
                "logs:CreateLogDelivery",
                "logs:GetLogDelivery",
                "logs:UpdateLogDelivery",
                "logs:DeleteLogDelivery",
                "logs:ListLogDeliveries",
                "logs:PutResourcePolicy",
                "logs:DescribeResourcePolicies",
                "logs:DescribeLogGroups"
            ],
            "Resource": [
                "arn:aws:logs:us-east-1:XXXX:log-group:*/*"
            ],
            "Effect": "Allow"
        }```

I can run the lambda after deployment and see CW log stream with …

Run Code Online (Sandbox Code Playgroud)

amazon-web-services aws-lambda aws-step-functions

viv*_*dha

2023 07-27

9
推荐指数

2
解决办法

1万
查看次数

标签统计

amazon-web-services ×1

aws-lambda ×1

aws-step-functions ×1

AWS步骤功能部署日志访问问题

标签 统计

小编viv_dha的帖子

标签统计