Serverless Framework - Cannot generate IAM policy statement for Task state-CodePudding

I'm trying to use serverless framework to deploy a step function that calls a couple of lambdas. Here's my serverless.yml:

    org: bizrob
    app: flexipod-2-queue
    service: flexipod-2-queue
    
    frameworkVersion: "2 || 3"
    
    custom:
      region: eu-west-1
    
    provider:
      name: aws
      runtime: nodejs14.x
    
    plugins:
      - serverless-step-functions
    
    functions:
      pullSqlSvr:
        handler: flexipod-2-queue/pullSqlSvrData.pullSqlSvr
        environment:
          REGION: ${self:custom.region}
          API_VERSION_S3: "2006-03-01"
          API_VERSION_SQS: "2012-11-05"
          SQS_QUEUE_URL: !Ref "MyQueue"
      sendToDataLake:
        handler: queue-2-datalake/sendToDataLake.sendBatchToQueue
        environment:
          REGION: ${self:custom.region}
          API_VERSION_S3: "2006-03-01"
          API_VERSION_SQS: "2012-11-05"
    
    stepFunctions:
      stateMachines:
        flexipodFlow:
          name: flexipodFlow
          definition:
            StartAt: pullSqlSvr
            States:
              pullSqlSvr:
                Type: Task
                Resource:
                  Fn::GetAtt:[pullSqlSvr, Arn]
                Next: sendToDataLake
              sendToDataLake:
                Type: Task
                Resource:
                  Fn::GetAtt:[sendToDataLake, Arn]
                End: true
    
    resources:
      Resources:
        MyQueue:
          Type: "AWS::SQS::Queue"
          Properties:
            QueueName: "flexipod"

When I run serverless deploy I see the following error:

Deploying flexipod-2-queue to stage dev (us-east-1, "serverless-admin-2" provider) Cannot generate IAM policy statement for Task state { Type: 'Task', Resource: 'Fn::GetAtt:[pullSqlSvr, Arn]', Next: 'sendToDataLake' } Cannot generate IAM policy statement for Task state { Type: 'Task', Resource: 'Fn::GetAtt:[sendToDataLake, Arn]', End: true }

× Stack flexipod-2-queue-dev failed to deploy (72s) Environment: win32, node 16.1.0, framework 3.0.0, plugin 6.0.0, SDK 4.3.0 Credentials: Serverless Dashboard, "serverless-admin-2" provider (https://app.serverless.com/bizrob/apps/flexipod-2-queue/flexipod-2-queue/dev/us-east-1/providers) Docs: docs.serverless.com Support: forum.serverless.com Bugs: github.com/serverless/serverless/issues

Error: CREATE_FAILED: FlexipodFlow (AWS::StepFunctions::StateMachine) Resource handler returned message: "Invalid State Machine Definition: 'SCHEMA_VALIDATION_FAILED: Value is not a valid resource ARN at /States/pullSqlSvr/Resource, SCHEMA_VALIDATION_FAILED: Value is not a valid resource ARN at /States/sendToDataLake/Resource' (Service: AWSStepFunctions; Status Code: 400; Error Code: InvalidDefinition

Any advice on how to solve please?

CodePudding user response：

It's a YAML syntax problem. Fn::GetAtt:[pullSqlSvr, Arn] is being parsed as a string, not a key-value pair. Add a space after the last colon, or use the !GetAtt shortcut.

Resource:
  Fn::GetAtt:[pullSqlSvr, Arn] # string :(
  Fn::GetAtt: [pullSqlSvr, Arn] # key-value :)
  !GetAtt pullSqlSvr.Arn # alternative shorthand intrinsic function :)

CodePudding user response：

In my experience serverless-step-functions fails to deploy properly if any keys in the Steps block begin with a lowercase letter. Changing it to the seemingly case-sensitive equivalents, like the following, and redeploying may do the trick:

States:
  PullSqlSvr:
    Type: Task
    Resource:
      Fn::GetAtt:[pullSqlSvr, Arn]
    Next: sendToDataLake
  SendToDataLake:
    Type: Task
    Resource:
      Fn::GetAtt:[sendToDataLake, Arn]
    End: true

(I just converted the pullSqlSvr and sendToDataLake to their PascalCase equivalents PullSqlSvr and SendToDataLake.)