The following example templates show how AWS Step Functions requires you to set up your IAM policies based on the resources in your state machine definition. You can use the IAM console to add any missing role policies. For more information, see IAM Policies for integrated
services and Service integration patterns.
Because MediaConvert provides partial support for resource-level access control, you must use "Resource": "*"
.
- Run a Job (.sync)
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mediaconvert:CreateJob",
"mediaconvert:GetJob",
"mediaconvert:CancelJob"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"events:PutTargets",
"events:PutRule",
"events:DescribeRule"
],
"Resource": [
"arn:aws:events:[[region]]
:[[accountId]]
:rule/StepFunctionsGetEventsForMediaConvertJobRule"
]
}
]
}
- Request Response
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mediaconvert:CreateJob"
],
"Resource": "*"
}
]
}