skip to Main Content

I am trying to initiate a child step function from a parent, and am struggling with getting the execution ARN to be recognised by the child step function.

Have been following this guidance, as well as other posts on the subject in Stack Overflow.

The parent seems to execute and is passing the Execution ARN through:

  "Comment": "A description of my state machine",
  "StartAt": "List Accounts",
  "States": {
    "List Accounts": {
      "Type": "Task",
      "Resource": "arn:aws:states:::lambda:invoke",
      "OutputPath": "$.Payload",
      "Parameters": {
        "Payload.$": "$",
        "FunctionName": "arn:aws:lambda:eu-west-1:{MY-ACCOUNT}:function:ListAccounts-TEST:$LATEST"
      },
      "Retry": [
        {
          "ErrorEquals": [
            "Lambda.ServiceException",
            "Lambda.AWSLambdaException",
            "Lambda.SdkClientException",
            "Lambda.TooManyRequestsException"
          ],
          "IntervalSeconds": 2,
          "MaxAttempts": 6,
          "BackoffRate": 2
        }
      ],
      "Next": "Process Accounts"
    },
    "Process Accounts": {
      "Type": "Map",
      "ItemsPath": "$.Accounts",
      "ItemProcessor": {
        "ProcessorConfig": {
          "Mode": "INLINE"
        },
        "StartAt": "Start nested execution",
        "States": {
          "Start nested execution": {
            "Type": "Task",
            "Resource": "arn:aws:states:::aws-sdk:sfn:startExecution",
            "InputPath": "$",
            "Parameters": {
              "StateMachineArn": "arn:aws:states:eu-west-1:{MY-ACCOUNT}:stateMachine:AgedCreds-Test-Child-Function",
              "Input": {
                "AWS_STEP_FUNCTIONS_STARTED_BY_EXECUTION_ID.$": "$$.Execution.Id"
              }
            },
            "End": true,
            "ResultPath": "$.taskresult"
          }
        }
      },
      "Next": "SendSlackMessage",
      "InputPath": "$",
      "OutputPath": "$"
    },
    "SendSlackMessage": {
      "Type": "Task",
      "Resource": "arn:aws:states:::lambda:invoke",
      "OutputPath": "$.Payload",
      "Parameters": {
        "Payload.$": "$",
        "FunctionName": "arn:aws:lambda:eu-west-1:{MY-ACCOUNT}:function:SendSlackMessage:$LATEST"
      },
      "Retry": [
        {
          "ErrorEquals": [
            "Lambda.ServiceException",
            "Lambda.AWSLambdaException",
            "Lambda.SdkClientException",
            "Lambda.TooManyRequestsException"
          ],
          "IntervalSeconds": 2,
          "MaxAttempts": 6,
          "BackoffRate": 2
        }
      ],
      "End": true
    }
  }
}```

This results in:

```{
  "Id": "006629000000",
  "Arn": "arn:aws:organizations::{MY-ACCOUNT}:account/o-v5zfxxxxxx/006629000000",
  "Email": "account-email",
  "Name": "account-name",
  "Status": "ACTIVE",
  "JoinedMethod": "CREATED",
  "JoinedTimestamp": "11-May-2021 (14:54:08.265000)",
  "TribeTag": "TRIBE",
  "taskresult": {
    "ExecutionArn": "arn:aws:states:eu-west-1:{MY-ACCOUNT}:execution:AgedCreds-Test-Child-Function:{EXECUTION-ID-STRING}",
    "StartDate": "2023-06-22T10:01:08.504Z"
  }
}```

The child step function starts with a 'Start Step Function Execution', and looks like this:

```{
  "Comment": "A description of my state machine",
  "StartAt": "Step Functions StartExecution",
  "States": {
    "Step Functions StartExecution": {
      "Type": "Task",
      "Resource": "arn:aws:states:::states:startExecution.sync:2",
      "Parameters": {
        "StateMachineArn": "arn:aws:states:eu-west-1:{MY-ACCOUNT}:execution:ParentStateMachine-Aged-Credentials",
        "Input": {
          "StatePayload": "$$.Execution.Id",
          "AWS_STEP_FUNCTIONS_STARTED_BY_EXECUTION_ID.$": "$$.Execution.Id"
        }
      },
      "Next": "GenerateReport"
    },```

But am receiving the following error, despite the payload appearing with the execution ARN:

```Invalid Arn: 'Resource type not valid in this context: execution' (Service: AWSStepFunctions; Status Code: 400; Error Code: InvalidArn; Request ID: EXECUTION-ID-STRING; Proxy: null)```

Appreciate the help!

Have played around with Task Tokens but am getting no further. The way I have set up the Parent step function appears to be the only way I've found for it to pass without errors. Anything obvious I am missing here?

My permissions are fine, as per the guidance on ensuring Events, and State policies are included in the roles/policies.

2

Answers


  1. It appears you are using an Amazon Resource Name (ARN) for a [Step Functions][1] Execution resource: arn:aws:states:eu-west-1:{MY-ACCOUNT}:execution:ParentStateMachine-Aged-Credentials. The [StartExecution API Action][2] requires an ARN for a State Machine resource. Likely arn:aws:states:eu-west-1:{MY-ACCOUNT}:statemachine:ParentStateMachine-Aged-Credentials

    This is the snipped of Amazon States Language where I noticed this apparent error.

    {
      "Comment": "A description of my state machine",
      "StartAt": "Step Functions StartExecution",
      "States": {
        "Step Functions StartExecution": {
          "Type": "Task",
          "Resource": "arn:aws:states:::states:startExecution.sync:2",
          "Parameters": {
            "StateMachineArn": "arn:aws:states:eu-west-1:{MY-ACCOUNT}:execution:ParentStateMachine-Aged-Credentials",
            "Input": {
              "StatePayload": "$$.Execution.Id",
              "AWS_STEP_FUNCTIONS_STARTED_BY_EXECUTION_ID.$": "$$.Execution.Id"
            }
          },
          "Next": "GenerateReport"
        }
    ...
    }
    
    
      [1]: https://aws.amazon.com/step-functions/
      [2]: https://docs.aws.amazon.com/step-functions/latest/apireference/API_StartExecution.html
    
    Login or Signup to reply.
  2. I’m not sure the answer by @justin-callison is entirely correct/clear…

    If i understand your example correctly, there are actually 3 step functions involved in your example:

    Parent sfn (a) calls -> child sfn (b) calls -> grandchild sfn (c)

    its unclear however which sfn the output or error message are coming from.

    The main issue I see is that you’re using different service integration TYPES (sdk and optimized) which can be seen by looking at the format of each tasks Resource key.

    In Parent sfn (a) you have the task "Start nested execution" defined with an sdk integration

    {
      "Resource": "arn:aws:states:::aws-sdk:sfn:startExecution",
       ...
       "Parameters": {
         "StateMachineArn": "arn:aws:states:eu-west-1:{MY-ACCOUNT}:stateMachine:AgedCreds-Test-Child-Function",
         "Input": {
            "AWS_STEP_FUNCTIONS_STARTED_BY_EXECUTION_ID.$": "$$.Execution.Id"
          }
        },
        ...
    }
    

    but in child sfn (b) "Step Functions StartExecution" you have an optimized integration with an invalid statemachinearn parameter:

    # this isn't a valid arn
    arn:aws:states:eu-west-1:{MY-ACCOUNT}:execution:ParentStateMachine-Aged-Credentials
                                         ^^^^^^^^^^^
    
    {
       "Resource": "arn:aws:states:::states:startExecution.sync:2",
       "Parameters": {
          "StateMachineArn": "arn:aws:states:eu-west-1:{MY-ACCOUNT}:execution:ParentStateMachine-Aged-Credentials" , 
          "Input": {
              ...
           }
        }
       ...
    }
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search