2

I have a Lambda function defined in CDK. I'm using this Lambda to invoke a State Machine and for that I would need to provide it some Policies. The way I tried was the following:

const stepFunctionsPolicy = new PolicyStatement({
      effect: Effect.ALLOW,
      actions: ["states:*"],
      resources: ['*']
})

MachineLambda.addToRolePolicy(stepFunctionsPolicy) //Added the Policy to the Lambda's Role

This is a workaround, but ideally, I would like to provide AWS Managed Policies, instead of manually defining each policy, to this Lambda function (specifically the AWSStepFunctionsFullAccess)?

fedonev
  • 20,327
  • 2
  • 25
  • 34
ReactNewbie123
  • 143
  • 6
  • hi, might be of interest https://docs.aws.amazon.com/step-functions/latest/dg/procedure-create-iam-role.html https://stackoverflow.com/questions/66915029/how-to-call-a-step-funtion-from-node-js-lambda-function – jspcal Jan 26 '23 at 18:14
  • @jspcal yea I did look over those but you definitely need a Policy attached to the Lambda function (my lambda function works totally fine and I can even call my Step Function), but the thing is I don't want to define multiple custom defined policies, I'd rather use AWS managed policies but assign it to Lambda with just CDK – ReactNewbie123 Jan 26 '23 at 18:17

1 Answers1

1

The question specifically asks how to add the AWSStepFunctionsFullAccess managed policy to the Lambda's role. This allows the Lambda to perform CRUD operations on all step functions:

machineLambda.role?.addManagedPolicy(
   iam.ManagedPolicy.fromAwsManagedPolicyName("AWSStepFunctionsFullAccess")
);

Consider granting the Lambda narrow permissions instead, following the IAM least privilege permissions security best practice:

myStateMachine.grantExecution(machineLambda);
fedonev
  • 20,327
  • 2
  • 25
  • 34
  • Exactly what I was looking for, thank you so much for the help! I will give my Lambda least permissions possible (by providing a grantExecution) – ReactNewbie123 Jan 26 '23 at 20:06