AWS Step Functions
开发人员指南
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

Amazon Elastic Container Service/AWS Fargate

These example templates show how AWS Step Functions generates IAM policies based on the resources in your state machine definition. For more information, see:

由于在提交任务之前 TaskId 的值始终未知,因此 Step Functions 会创建具有更高特权的 "Resource": "*" 策略。

注意

尽管采用了 "*" IAM 策略,您仍然可以停止 Step Functions 启动的 Amazon ECS 任务。

SynchronousAsynchronous
Synchronous

静态资源

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:RunTask" ], "Resource": [ "arn:aws:ecs:[[region]]: [[accountId]]:task-definition/[[taskDefinition]]" ] }, { "Effect": "Allow", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "events:PutTargets", "events:PutRule", "events:DescribeRule" ], "Resource": [ "arn:aws:events:[[region]]: [[accountID]]:rule/StepFunctionsGetEventsForECSTaskRule" ] } ] }

动态资源

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:RunTask", "ecs:StopTask", "ecs:DescribeTasks" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "events:PutTargets", "events:PutRule", "events:DescribeRule" ], "Resource": [ "arn:aws:events:[[region]]: [[accountId]]:rule/StepFunctionsGetEventsForECSTaskRule" ] } ] }
Asynchronous

静态资源

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:RunTask" ], "Resource": [ "arn:aws:ecs:[[region]]: [[accountID]]:task-definition/[[taskDefinition]]" ] } ] }

动态资源

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:RunTask" ], "Resource": "*" } ] }