aws-stepfunctions-tasks: CallAwsService for elasticloadbalancingv2 produces invalid IAM role policies #32417
Description
Describe the bug
sfn.StateMachine with tasks.CallAwsService helps to setup an IAM role by scanning the task definition.
When the task definition contains CallAwsService with service: 'elasticloadbalancingv2',
the state machine's IAM role has a policy like this:
"Action": "elasticloadbalancingv2:describeTargetGroups",
However, elasticloadbalancingv2 is invalid in IAM actions. It should be elasticloadbalancing.
Regression Issue
- Select this option if this issue appears to be a regression.
Last Known Working CDK Version
No response
Expected Behavior
It produces IAM role policy like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "elasticloadbalancing:describeTargetGroups",
"Resource": "*",
"Effect": "Allow"
}
]
}
Current Behavior
It produces IAM role policy like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "elasticloadbalancingv2:describeTargetGroups",
"Resource": "*",
"Effect": "Allow"
}
]
}
Reproduction Steps
Include this state machine declaration in a stack.
new sfn.StateMachine(this, 'BugReportSample1', {
definition: new tasks.CallAwsService(this, 'GetTargetGroups', {
service: 'elasticloadbalancingv2',
action: 'describeTargetGroups',
resultPath: '$.targetGroups',
iamResources: ['*'],
}),
});
Possible Solution
Add some conversion here: https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/aws-sdk/call-aws-service.ts#L116
Additional Information/Context
No response
CDK CLI Version
2.172.0 (build 0f666c5)
Framework Version
No response
Node.js Version
v20.12.2
OS
Fedora release 38 (Thirty Eight)
Language
TypeScript
Language Version
5.6.3
Other information
No response