嵌套工作流 - 请求中包含的安全令牌无效

编程问答 2022-05-30

问题描述

我使用 local docker StepFunctions setup 并尝试使用 syncwaitForTaskToken 在 StateMachine(嵌套工作流)中调用 StateMachine。但是有这个错误(见下文)。

有人知道这是什么意思吗?是不是因为本地 StepFunctions 服务不允许 StateMachine 调用一个 StateMachine?


2021-01-15 02:11:03.336: arn:aws:states:us-east-1:123456789012:execution:Foobar-Dev:6bae52c1-3562-44a5-88fd-68a533f054bf : 
{
    "Type":"TaskFailed","PrevIoUsEventId":29,"TaskFailedEventDetails":{
        "ResourceType":"states","Resource":"startExecution.sync","Error":"StepFunctions-AWsstepFunctionsException","Cause":"The security token included in the request is invalid. (Service: AWsstepFunctions; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: ca3a983d-3496-4d48-854a-1bb803a44f2a; Proxy: null)"
    }
}

主要工作流定义:


    "FoobarWorkflow": {
      "Type": "Task","Resource": "arn:aws:states:::states:startExecution.sync","Parameters": {
        "StateMachineArn": "arn:aws:states:us-east-1:123456789012:stateMachine:Foobar-Dev","Input": {
          "NeedCallback": false,"AWS_STEP_FUNCTIONS_STARTED_BY_EXECUTION_ID.$": "$$.Execution.Id"
        }
      },

子工作流定义:


{
    "Comment": "Foobar-Dev","StartAt": "Screening","Version": "1.0","TimeoutSeconds": 480,"States": {
        "Screening": {
            "Type": "Task","Resource": "arn:aws:states:us-east-1:123456789012:activity:ScreeningActivity-Dev","Next": "ScreeningChoiceState","Retry": [
              {
                "ErrorEquals": [
                  "States.TaskFailed","States.Runtime"
                ],"IntervalSeconds": 3,"MaxAttempts": 3,"BackoffRate": 2
              }
            ],"Catch": [
              {
                "ErrorEquals": [
                  "States.TaskFailed","Next": "DefaultSystemFailure","ResultPath": "$.error"
              },{
                "ErrorEquals": [
                  "States.ALL"
                ],"ResultPath": "$.error"
              }
            ]
        },...
 "ScreeningFinalDecision": {
            "Type": "Task","Resource": "arn:aws:states:us-east-1:123456789012:activity:ScreeningFinalDecision-Dev","End": true
        }

解决方法

经过一番挖掘,似乎对于本地 StepFunction docker 设置,我们需要为 access_key_idsecret_access_key 传递额外的环境变量以启用嵌套工作流。

文档谈到了这个here

要为 Docker 配置 Step Functions Local,请创建以下内容 文件:aws-stepfunctions-local-credentials.txt

此文件包含您的凭据和其他配置选项, 如下所示。

AWS_DEFAULT_REGION=AWS_REGION_OF_YOUR_AWS_RESOURCES
AWS_ACCESS_KEY_ID=YOUR_AWS_ACCESS_KEY
AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_KEY

一旦您在 aws-stepfunctions-local-credentials.txt,用 以下命令。

docker run -p 8083:8083 --env-file aws-stepfunctions-local-credentials.txt amazon/aws-stepfunctions-local
amazon-web-servicesaws-step-functions