Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
IAM policies for Amazon Step Functions
For a state machine that calls StartExecution for a single nested workflow
execution, use an IAM policy that limits permissions to that state machine.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": [
"arn:aws-cn:states:[[region]]:[[accountId]]:stateMachine:[[stateMachineName]]"
]
}
]
}
For more information, see the following:
- Synchronous
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": [
"arn:aws-cn:states:[[region]]:[[accountId]]:stateMachine:[[stateMachineName]]"
]
},
{
"Effect": "Allow",
"Action": [
"states:DescribeExecution",
"states:StopExecution"
],
"Resource": [
"arn:aws-cn:states:[[region]]:[[accountId]]:execution:[[stateMachineName]]:*"
]
},
{
"Effect": "Allow",
"Action": [
"events:PutTargets",
"events:PutRule",
"events:DescribeRule"
],
"Resource": [
"arn:aws-cn:events:[[region]]:[[accountId]]:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"
]
}
]
}
- Asynchronous
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": [
"arn:aws-cn:states:[[region]]:[[accountId]]:stateMachine:[[stateMachineName]]"
]
}
]
}
For more information about nested workflow executions, see Start Workflow Executions from a Task State.