IAM policies for Amazon Lambda - Amazon Step Functions
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

IAM policies for Amazon Lambda

The following example templates show how Amazon Step Functions generates IAM policies based on the resources in your state machine definition. For more information, see IAM Policies for integrated services and Service integration patterns.

Amazon Step Functions generates an IAM policy based on your state machine definition. For a state machine with two Amazon Lambda task states that call function1 and function2, a policy with lambda:Invoke permissions for the two functions must be used.

This is shown in the following example.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "lambda:InvokeFunction"
            ],
            "Resource": [
                "arn:aws:lambda:[[region]]:[[accountId]]:function:[[function1]]",
                "arn:aws:lambda:[[region]]:[[accountId]]:function:[[function2]]"
            ]
        }
    ]
}