If in case you have ever acquired the next error shouldn't be licensed to create managed-rule when operating a Step Perform by Terraform’s AWS Supplier, then you will have jumped by many various hoops attempting to determine what was improper.
What’s the Fast Repair?
Open the position in IAM and fix the CloudWatchEventsFullAccess AWS managed coverage to the permissions insurance policies.
Want Extra Info?
IAM Position Principal Coverage required to AssumeRole
{
"Model" : "2012-10-17",
"Assertion" : [
{
"Effect" : "Allow",
"Principal" : {
"Service" : "states.amazonaws.com"
},
"Action" : "sts:AssumeRole"
}
]
}
IAM Position Coverage GetEvents For StepFunctions Execution Rule
{
"Impact": "Permit",
"Motion": [
"events:PutTargets",
"events:PutRule",
"events:DescribeRule"
],
"Useful resource": [
"arn:aws:events:[[region]]:[[account]]:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"
]
}
IAM Position Coverage beneath StepFunctions CloudFormation
- Impact: Permit
Motion:
- occasions:PutTargets
- occasions:PutRule
- occasions:DescribeRule
Useful resource:
- !Sub arn:${AWS::Partition}:occasions:${AWS::Area}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule
If you’ll want to restrict it to a useful resource, then StepFunctionsGetEventsForStepFunctionsExecutionRule is the one you’re in search of!
