AWS Step Functions - AWS Step Functions

AWS Step Functions

For a state machine that calls StartExecution for a single nested workflow execution, use an IAM policy that limits permissions to that state machine.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "states:StartExecution" ], "Resource": [ "arn:aws:states:[[region]]:[[accountId]]:stateMachine:[[stateMachineName]]" ] } ] }

For more information, see the following:

Synchronous
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "states:StartExecution" ], "Resource": [ "arn:aws:states:[[region]]:[[accountId]]:stateMachine:[[stateMachineName]]" ] }, { "Effect": "Allow", "Action": [ "states:DescribeExecution", "states:StopExecution" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "events:PutTargets", "events:PutRule", "events:DescribeRule" ], "Resource": [ "arn:aws:events:[[region]]:[[accountId]]:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" ] } ] }
Asynchronous
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "states:StartExecution" ], "Resource": [ "arn:aws:states:[[region]]:[[accountId]]:stateMachine:[[stateMachineName]]" ] } ] }

For more information about nested workflow executions, see Start Workflow Executions from a Task State.