AWS Step Functions
Developer Guide

Handling Error Conditions Using a State Machine

In this tutorial, you create an AWS Step Functions state machine with a Catch field which uses an AWS Lambda function to respond with conditional logic based on error message type, a method called function error handling. For more information, see Function Error Handling in the AWS Lambda Developer Guide.


You can also create state machines that Retry on timeouts or those that use Catch to transition to a specific state when an error or timeout occurs. For examples of these error handling techniques, see Examples Using Retry and Using Catch.

Step 1: Creating an IAM Role for Lambda

Both Lambda and Step Functions can execute code and access AWS resources (for example, data stored in Amazon S3 buckets). To maintain security, you must grant Lambda and Step Functions access to these resources.

Lambda requires you to assign an IAM role when you create a Lambda function in the same way Step Functions requires you to assign an IAM role when you create a state machine.

To create a role for Lambda

  1. Sign in to the IAM console and choose Roles, Create role.

  2. On the Select type of trusted entity page, under AWS service, select Lambda from the list, and then choose Next: Permissions.


    The role is automatically provided with a trust relationship that allows Lambda to use the role.

  3. On the Attach permissions policy page, choose Next: Review.

  4. On the Review page, type MyLambdaRole for Role Name, and then choose Create role.

The IAM role appears in the list of roles.

Step 2: Creating a Lambda Function That Fails

Use a Lambda function to simulate an error condition.


Ensure that your Lambda function is under the same AWS account and region as your state machine.

To create a Lambda function that fails

  1. Log in to the Lambda console and choose Create a function.

  2. In the Blueprints section, type step-functions into the filter, and then choose the step-functions-error blueprint.

  3. In the Basic information section, configure your Lambda function:

    1. For Name, type FailFunction.

    2. For Role, select Choose an existing role.

    3. For Existing role, select the Lambda role that you created earlier.


      If the IAM role that you created doesn't appear in the list, the role might still need a few minutes to propagate to Lambda.

  4. The following code is displayed in the Lambda function code pane:

    'use strict'; exports.handler = (event, context, callback) => { function CustomError(message) { = 'CustomError'; this.message = message; } CustomError.prototype = new Error(); const error = new CustomError('This is a custom error!'); callback(error); };

    The context object returns the error message This is a custom error!.

  5. Choose Create function.

    When your Lambda function is created, note its Amazon Resource Name (ARN) in the upper-right corner of the page. For example:


Step 3: Testing the Lambda Function

Test your Lambda function to see it in operation.

To test your Lambda function

  1. On the FailFunction page, choose Test.

  2. On the Configure test event dialog box, type FailFunction for Event name, and then choose Create.

  3. On the FailFunction page, Test your Lambda function.

    The results of the test (the simulated error) are displayed at the bottom of the page.

Step 4: Creating a State Machine with a Catch Field

Use the Step Functions console to create a state machine that uses a Task state with a Catch field. Add a reference to your Lambda function in the Task state. The Lambda function is invoked and fails during execution. Step Functions retries the function twice using exponential backoff between retries.

To create the state machine

  1. Log in to the Step Functions console and choose Create state machine.

  2. On the Create a state machine page, select Templates and choose Catch failure.

  3. Name your state machine, for example Catchfailure.


    State machine, execution, and activity names must be 1–80 characters in length, must be unique for your account and region, and must not contain any of the following:

    • Whitespace

    • Wildcard characters (? *)

    • Bracket characters (< > { } [ ])

    • Special characters (: ; , \ | ^ ~ $ # % & ` ")

    • Control characters (\\u0000 - \\u001f or \\u007f - \\u009f).

    Step Functions allows you to create state machine, execution, and activity names that contain non-ASCII characters. These non-ASCII names don't work with Amazon CloudWatch. To ensure that you can track CloudWatch metrics, choose a name that uses only ASCII characters.

  4. In the Code pane, add the ARN of the Lambda function that you created earlier to the Resource field, for example:

    { "Comment": "A Catch example of the Amazon States Language using an AWS Lambda function", "StartAt": "CreateAccount", "States": { "CreateAccount": { "Type": "Task", "Resource": "arn:aws:lambda:us-east-1:123456789012:function:FailFunction", "Catch": [ { "ErrorEquals": ["CustomError"], "Next": "CustomErrorFallback" }, { "ErrorEquals": ["States.TaskFailed"], "Next": "ReservedTypeFallback" }, { "ErrorEquals": ["States.ALL"], "Next": "CatchAllFallback" } ], "End": true }, "CustomErrorFallback": { "Type": "Pass", "Result": "This is a fallback from a custom Lambda function exception", "End": true }, "ReservedTypeFallback": { "Type": "Pass", "Result": "This is a fallback from a reserved error code", "End": true }, "CatchAllFallback": { "Type": "Pass", "Result": "This is a fallback from any error code", "End": true } } }

    This is a description of your state machine using the Amazon States Language. It defines a single Task state named CreateAccount. For more information, see State Machine Structure.

    For more information about the syntax of the Retry field, see Retrying After an Error.


    Unhandled errors in Lambda are reported as Lambda.Unknown in the error output. These include out-of-memory errors, function timeouts, and hitting the concurrent Lambda invoke limit. You can match on Lambda.Unknown, States.ALL, or States.TaskFailed to handle these errors. For more information about Lambda Handled and Unhandled errors, see FunctionError in the AWS Lambda Developer Guide.

  5. Use the graph in the Visual Workflow pane to check that your Amazon States Language code describes your state machine correctly.

    If you don't see the graph, choose 
    in the Visual Workflow pane.

  6. Choose Next.

  7. Create or enter an IAM role.

    • To create a new IAM role for Step Functions, select Create an IAM role for me, and enter a Name for your role.

    • If you have previously created an IAM role with the correct permissions for your state machine, select Choose an existing IAM role. Select a role from the drop-down, or provide an ARN for that role.


    If you delete the IAM role that Step Functions creates, Step Functions can't recreate it later. Similarly, if you modify the role (for example, by removing Step Functions from the principals in the IAM policy), Step Functions can't restore its original settings later.

  8. Select Create state machine.

Step 5: Starting a New Execution

After you create your state machine, you can start an execution.

To start a new execution

  1. On the CatchStateMachine page, choose New execution.

    The New execution page is displayed.

  2. (Optional) To help identify your execution, you can specify an ID for it in the Enter an execution name box. If you don't enter an ID, Step Functions generates a unique ID automatically.


    Step Functions allows you to create state machine, execution, and activity names that contain non-ASCII characters. These non-ASCII names don't work with Amazon CloudWatch. To ensure that you can track CloudWatch metrics, choose a name that uses only ASCII characters.

  3. Choose Start Execution.

    A new execution of your state machine starts, and a new page showing your running execution is displayed.

  4. In the Execution Details section, expand the Output section to view the output of your workflow.

                            Execution output
  5. To view your custom error message, select CreateAccount in the Visual workflow and expand the Output section.

                            Error output


    You can preserve the state input along with the error by using ResultPath. See Use ResultPath to Include Both Error and Input in a Catch