在Step Functions本地环境中执行嵌套步骤函数时,出现Invalid security token错误。

0

【以下的问题经过翻译处理】 AWS Step Functions Local支持嵌套步骤函数吗?我正在尝试创建2个step functions,其中一个外部function执行一个内部function。但是,在尝试执行外部步骤函数时,会收到“请求中包含的安全令牌无效”的错误。

要重现,请使用最新的amazon / aws-stepfunctions-local:1.10.1 Docker映像。使用以下命令启动容器:

docker run -p 8083:8083 -e AWS_DEFAULT_REGION=us-east-1 -e AWS_ACCESS_KEY_ID=TESTID -e AWS_SECRET_ACCESS_KEY=TESTKEY amazon/aws-stepfunctions-local

然后在Step Functions Local容器中创建一个简单的HelloWorld 内部步骤函数:

aws stepfunctions --endpoint-url http://localhost:8083 create-state-machine --definition "{\
\"Comment\": \"A Hello World example of the Amazon States Language using a Pass state\",\
\"StartAt\": \"HelloWorld\",\
\"States\": {\
    \"HelloWorld\": {\
    \"Type\": \"Pass\",\
    \"End\": true\
    }\
}}" --name "HelloWorld" --role-arn "arn:aws:iam::012345678901:role/DummyRole"

然后添加一个简单的外部步骤函数,该函数执行HelloWorld:

aws stepfunctions --endpoint-url http://localhost:8083 create-state-machine --definition "{\
\"Comment\": \"OuterTestComment\",\
\"StartAt\": \"InnerInvoke\",\
\"States\": {\
    \"InnerInvoke\": {\
    \"Type\": \"Task\",\
    \"Resource\": \"arn:aws:states:::states:startExecution\",\
    \"Parameters\": {\
        \"StateMachineArn\": \"arn:aws:states:us-east-1:123456789012:stateMachine:HelloWorld\"\
    },\
    \"End\": true\
    }\
}}" --name "HelloWorldOuter" --role-arn "arn:aws:iam::012345678901:role/DummyRole"

最后,启动外部Step Function的执行:

aws stepfunctions --endpoint-url http://localhost:8083 start-execution --state-machine-arn arn:aws:states:us-east-1:123456789012:stateMachine:HelloWorldOuter

执行失败,日志中出现请求中包含的安全令牌无效错误:

arn:aws:states:us-east-1:123456789012:execution:HelloWorldOuter:b9627a1f-55ed-41a6-9702-43ffe1cacc2c : {"Type":"TaskSubmitFailed","PreviousEventId":4,"TaskSubmitFailedEventDetails":{"ResourceType":"states","Resource":"startExecution","Error":"StepFunctions.AWSStepFunctionsException","Cause":"The security token included in the request is invalid. (Service: AWSStepFunctions; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: ad8a51c0-b8bf-42a0-a78d-a24fea0b7823; Proxy: null)"}}

我做错什么了吗?是否需要任何额外的配置?

profile picture
专家
已提问 8 个月前27 查看次数
1 回答
0

【以下的回答经过翻译处理】 你好,Andrius,

我已经能够重现你的测试案例,并更新为一个可用的示例:

docker run -p 8083:8083 -e AWS_DEFAULT_REGION=xx-yyyy-1 -e AWS_ACCESS_KEY_ID=TESTID -e AWS_SECRET_ACCESS_KEY=TESTKEY -e STEP_FUNCTIONS_ENDPOINT=http://localhost:8083 amazon/aws-stepfunctions-local:1.10.1

(与你的示例相比,做了两个更改:第一、地域故意设为无效;第二、真正有效的解决方案是:定义' STEP_FUNCTIONS_ENDPOINT '环境变量为服务本身)

然后,你的示例能够运行,只需要根据所在地区进行调整:

aws stepfunctions --endpoint-url http://localhost:8083 create-state-machine --definition "{\
\"Comment\": \"A Hello World example of the Amazon States Language using a Pass state\",\
\"StartAt\": \"HelloWorld\",\
\"States\": {\
    \"HelloWorld\": {\
    \"Type\": \"Pass\",\
    \"End\": true\
    }\
}}" --name "HelloWorld" --role-arn "arn:aws:iam::012345678901:role/DummyRole"

aws stepfunctions --endpoint-url http://localhost:8083 create-state-machine --definition "{\
\"Comment\": \"OuterTestComment\",\
\"StartAt\": \"InnerInvoke\",\
\"States\": {\
    \"InnerInvoke\": {\
    \"Type\": \"Task\",\
    \"Resource\": \"arn:aws:states:::states:startExecution\",\
    \"Parameters\": {\
        \"StateMachineArn\": \"arn:aws:states:xx-yyyy-1:123456789012:stateMachine:HelloWorld\"\
    },\
    \"End\": true\
    }\
}}" --name "HelloWorldOuter" --role-arn "arn:aws:iam::012345678901:role/DummyRole"
aws stepfunctions --endpoint-url http://localhost:8083 start-execution --state-machine-arn arn:aws:states:xx-yyyy-1:123456789012:stateMachine:HelloWorldOuter

现在查看执行内容:

aws stepfunctions --endpoint-url http://localhost:8083 list-executions --state-machine-arn arn:aws:states:xx-yyyy-1:123456789012:stateMachine:HelloWorldOuter
{
    "executions": [
        {
            "executionArn": "arn:aws:states:xx-yyyy-1:123456789012:execution:HelloWorldOuter:f2b0c4aa-1b38-4da2-a219-b81b3a40e92e",
            "stateMachineArn": "arn:aws:states:xx-yyyy-1:123456789012:stateMachine:HelloWorldOuter",
            "name": "f2b0c4aa-1b38-4da2-a219-b81b3a40e92e",
            "status": "SUCCEEDED",
            "startDate": 1653908224.187,
            "stopDate": 1653908224.3
        }
    ]
}
 aws stepfunctions --endpoint-url http://localhost:8083 list-executions --state-machine-arn arn:aws:states:xx-yyyy-1:123456789012:stateMachine:HelloWorld
{
    "executions": [
        {
            "executionArn": "arn:aws:states:xx-yyyy-1:123456789012:execution:HelloWorld:5f9e4d20-cbf1-4051-93fd-6c108356d657",
            "stateMachineArn": "arn:aws:states:xx-yyyy-1:123456789012:stateMachine:HelloWorld",
            "name": "5f9e4d20-cbf1-4051-93fd-6c108356d657",
            "status": "SUCCEEDED",
            "startDate": 1653908224.284,
            "stopDate": 1653908224.286
        }
    ]
}

我们可以观察到,内部执行包含在外部执行中。

profile picture
专家
已回答 8 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则