IAM policies for AWS Elemental MediaConvert calls in Step Functions - Amazon Step Functions
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

IAM policies for AWS Elemental MediaConvert calls in Step Functions

The following example templates show how Amazon Step Functions requires you to set up your IAM policies based on the resources in your state machine definition. You can use the IAM console to add any missing role policies. For more information, see How Step Functions generates IAM policies for integrated services and Discover service integration patterns in Step Functions.

Because MediaConvert provides partial support for resource-level access control, you must use "Resource": "*".

Run a Job (.sync)
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*" }, { "Effect": "Allow", "Action": [ "mediaconvert:CreateJob", "mediaconvert:GetJob", "mediaconvert:CancelJob" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "events:PutTargets", "events:PutRule", "events:DescribeRule" ], "Resource": [ "arn:aws:events:[[region]]:[[accountId]]:rule/StepFunctionsGetEventsForMediaConvertJobRule" ] } ] }
Request Response
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*" }, { "Effect": "Allow", "Action": [ "mediaconvert:CreateJob" ], "Resource": "*" } ] }