I want my step function to be triggered whenever there are updates to the secret values. To achieve this, I have created an event bridge rule with a condition that specifies the invocation of the step function when PutSecretValue events occur. However, the step function is not being invoked even though the rule got triggered. In cloudwatch, I noticed that the rule is triggered, but it fails - "FailedInvocation" metric captured in the CloudWatch. I found in a post that it should be due to a permission issue and the eventbridge rule needs a permission to execute the stepfunction so created a role as they suggested and assigned it in the eventbridge rule target following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "StartStateMachine",
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": [
"arn:aws:states:*:*:stateMachine:TVP*"
]
}
]
}
But the invocation still fails, and I'm unable to determine the exact cause of the failure. I would greatly appreciate any assistance or guidance in resolving this issue.
Use AWS CloudTrail to filter the events related with step functions, then check the ones with an error associated, somewhere you will find the root cause for your issues.
Finally you can adapt your execution role permissions accordingly, instead of blindly trying to fix it.