(stepfunctions): athena-start-query-execution tasks generate invalid S3 ARNs

[aaronatbissell]

Describe the bug

When using an athena start-query-execution task, the CDK generates a default policy including some permissions for the S3 buckets used as an output location. This S3 bucket policy includes the S3 bucket ARN as a resource, but the auto-generated ARN includes region and account ID as described here. When trying to deploy, you end up with an error that looks like this:

Error: The stack failed to deploy: UPDATE_ROLLBACK_COMPLETE: Resource arn:aws:s3:us-east-1:accountId:bucket/export can not contain region information.

I believe this bug was introduced in PR #22314

Expected Behavior

Auto-generated policy includes s3 bucket without region or account ID

Current Behavior

Deployment failure

Reproduction Steps

packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/start-query-execution.test.ts
Test Name: "bucket arn is formatted as expected in generated policy"

This test is currently incorrect. It includes the region and account ID on the S3 bucket ARN

Possible Solution

Revisit PR #22314

Additional Information/Context

No response

CDK CLI Version

2.43.0

Framework Version

No response

Node.js Version

16.15.1

OS

macOS 12.6

Language

Typescript

Language Version

4.7.3

Other information

No response

[kaizencc]

Thanks for the report, @aaronatbissell. Do you have time to contribute a fix for this?

Edit: actually, i think i can grab this real quick

[aaronatbissell]

OK - I can take a stab at it if you'd like. Just let me know!

[aaronatbissell]

@kaizencc - I created the PR, let me know what you think!

[TheRealAmazonKendra]

Looks like the fix for this was already merged.