Description
This is a Feature Proposal (and PR)
Description
I want to be able to update data directly from a State Machine using AWS' DynamoDB Step Function integration and import the table name being updated from an external CloudFormation stack since that is where the table is defined, manged and exported, using Fn::ImportValue.
e.g.
name: example
definition:
StartAt: Update My Externally Managed Table
States:
Update My Externally Managed Table:
Type: Task
Resource: "arn:aws:states:::dynamodb:updateItem"
Parameters:
TableName:
Fn::ImportValue: MyExternalStack:Table:Name # <-- This
...Pull Request
I've already implemented this feature and manually tested it to verify it works correctly. I also added a unit test to verify the behaviour and prevent regression.
PR: #443
Testing
I did verify both in the IAM Web Console that the generated role was correct, as well as running my State Machines and seeing that the UpdateItem now succeeds whereas before it failed with insufficient permissions.
The generated IAM permission is as follows:
{
"Action": [
"dynamodb:UpdateItem"
],
"Resource": [
"arn:aws:dynamodb:us-west-2:1234567890:table/imported-table-name"
],
"Effect": "Allow"
}After that I created a unit test to prevent regression.