Skip to content

aws_stepfunctions_tasks : Generates wrong action in role policy #27573

Closed
#27623
Closed
aws_stepfunctions_tasks : Generates wrong action in role policy#27573
#27623
Labels
@aws-cdk/aws-stepfunctions-tasksbugThis issue is a bug.p2
@Smotrov

Description

@Smotrov
Smotrov
opened on Oct 17, 2023

Describe the bug

Following code is properly creates a step in the Step Function

  // Create log stream step  using arn:aws:states:::aws-sdk:cloudwatchlogs:createLogStream
  const createLogStream = new tasks.CallAwsService(scope, 'Create log stream', {
    service: 'cloudwatchlogs',
    action: 'createLogStream',
    parameters: {
      LogGroupName: myLogGroup.logGroupName,
      LogStreamName: sfn.JsonPath.stringAt('$$.Execution.Name'),
    },
    resultPath: sfn.JsonPath.DISCARD,
    iamResources: [myLogGroup.logGroupArn],
  });

However, it creates wrong statement in the role action

{
 "Action": "cloudwatchlogs:createLogStream",
 "Resource": "arn:aws:logs:eu-west-1:408064982279:log-group:some_name:*",
 "Effect": "Allow"
},

Expected Behavior

action should be logs:CreateLogStream

Current Behavior

Action is cloudwatchlogs:createLogStream

Reproduction Steps

Create a step function with provided code.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

v2.101.1

Framework Version

No response

Node.js Version

v18.16.0

OS

MacOS

Language

TypeScript

Language Version

No response

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-stepfunctions-tasksbugThis issue is a bug.p2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions