RagePwn
Reputation: 421
State Machine role failing to create using SAM template
I'm trying to build a nested stack, but right now I just want to get this singular template working. Not sure why the role is failing to create, as I have all the necessary values filled out. I tried commenting on the extra policies, after reading that can cause interference, but have run this with those commented sections uncommented.
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Parameters:
SourceBucketName:
Type: String
Description: Name of the bucket used to store the repo.
GlueAssetsBucketName:
Type: String
Description: Name of the bucket used to store glue runtime logs, temp files, etc
SaphanaGlueConnection:
Type: String
Description: Connection from glue to SAP HANA
GlueJobRoleArn:
Type: String
Description: ARN of the IAM Role for Glue Jobs
# StateMachineExecutionRoleArn:
# Type: String
# Description: ARN of the IAM Role for Step Function execution
Resources:
StateMachineExecutionRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: !Sub 'SMExecutionRole-${AWS::StackName}'
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Principal:
Service: 'states.amazonaws.com'
Action: 'sts:AssumeRole'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess'
# - 'arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole'
# Policies:
# - PolicyName: !Sub '${AWS::StackName}-StepFunctionPolicy'
# PolicyDocument:
# Version: '2012-10-17'
# Statement:
# - Effect: 'Allow'
# Action:
# - 'glue:StartJobRun'
# - 'glue:GetJobRun'
# - 'glue:GetJobRuns'
# - 'glue:BatchStopJobRun'
# Resource: '*'
DevHanaS3GoldTdpAllSalesOpenperiodsGlueJob:
Type: 'AWS::Glue::Job'
Properties:
Name: !Sub 'dev-hana-s3-gold-tdp-all-sales-openperiods-${AWS::StackName}'
Role: !Ref GlueJobRoleArn
Command:
Name: 'glueetl'
ScriptLocation: !Sub 's3://${SourceBucketName}/TDP/jobs/tdp-all-sales/glue/dev-hana-s3-gold-tdp-all-sales-openperiods.py'
PythonVersion: '3'
DefaultArguments:
"--enable-metrics": "true"
"--enable-spark-ui": "true"
"--spark-event-logs-path": !Sub "s3://${GlueAssetsBucketName}/sparkHistoryLogs-${AWS::StackName}/"
"--enable-job-insights": "false"
"--enable-observability-metrics": "true"
"--enable-glue-datacatalog": "true"
"--enable-continuous-cloudwatch-log": "true"
"--job-bookmark-option": "job-bookmark-disable"
"--job-language": "python"
"--TempDir": !Sub "s3://${GlueAssetsBucketName}/temporary-${AWS::StackName}/"
Connections:
Connections:
- !Ref SaphanaGlueConnection
MaxRetries: 0
Timeout: 2880
WorkerType: 'G.1X'
NumberOfWorkers: 10
GlueVersion: '4.0'
ExecutionClass: 'STANDARD'
DevS3RedshiftGoldTdpAllSalesOpenperiodsGlueJob:
Type: 'AWS::Glue::Job'
Properties:
Name: !Sub 'dev-s3-redshift-gold-tdp-all-sales-openperiods-${AWS::StackName}'
Role: !Ref GlueJobRoleArn
Command:
Name: 'glueetl'
ScriptLocation: !Sub 's3://${SourceBucketName}/TDP/jobs/tdp-all-sales/glue/dev-s3-redshift-gold-tdp-all-sales-openperiods.py'
PythonVersion: '3'
DefaultArguments:
"--enable-metrics": "true"
"--enable-spark-ui": "true"
"--spark-event-logs-path": !Sub "s3://${GlueAssetsBucketName}/sparkHistoryLogs-${AWS::StackName}/"
"--enable-job-insights": "false"
"--enable-observability-metrics": "true"
"--enable-glue-datacatalog": "true"
"--enable-continuous-cloudwatch-log": "true"
"--job-bookmark-option": "job-bookmark-disable"
"--job-language": "python"
"--TempDir": !Sub "s3://${GlueAssetsBucketName}/temporary-${AWS::StackName}/"
Connections:
Connections:
- !Ref SaphanaGlueConnection
MaxRetries: 0
Timeout: 2880
WorkerType: 'G.1X'
NumberOfWorkers: 10
GlueVersion: '4.0'
ExecutionClass: 'STANDARD'
############### STEP FUNCTIONS ###############
GoldTdpAllSalesDailyStepFunction:
Type: AWS::Serverless::StateMachine
Properties:
Name: !Sub 'gold-tdp-all-sales-daily-${AWS::StackName}'
DefinitionUri:
Bucket: !Ref SourceBucketName
Key: 'TDP/jobs/tdp-all-sales/step_functions/gold-tdp-all-sales-daily.json'
DefinitionSubstitutions:
DevHanaS3GoldTdpAllSalesOpenperiodsJob: !Ref DevHanaS3GoldTdpAllSalesOpenperiodsGlueJob
DevS3RedshiftGoldTdpAllSalesOpenperiodsJob: !Ref DevS3RedshiftGoldTdpAllSalesOpenperiodsGlueJob
Events:
ScheduledExecution:
Type: Schedule
Properties:
Description: "Schedule for running the gold-tdp-all-sales-daily Step Function"
Schedule: "cron(0 6 * * ? *)"
Enabled: true
Name: !Sub 'gold-tdp-all-sales-daily-${AWS::StackName}'
Role: !GetAtt StateMachineExecutionRole.Arn
Type: STANDARD
Logging:
Level: "OFF"
IncludeExecutionData: false
Tracing:
Enabled: false
Tags:
StackName: !Ref AWS::StackName
Outputs:
DevHanaS3GoldTdpAllSalesOpenperiodsJobName:
Description: "Name of the Dev HANA to S3 Gold TDP All Sales Openperiods Glue Job"
Value: !Ref DevHanaS3GoldTdpAllSalesOpenperiodsGlueJob
DevS3RedshiftGoldTdpAllSalesOpenperiodsJobName:
Description: "Name of the Dev S3 to Redshift Gold TDP All Sales Openperiods Glue Job"
Value: !Ref DevS3RedshiftGoldTdpAllSalesOpenperiodsGlueJob
GoldTdpAllSalesDailyStepFunctionArn:
Description: "ARN of the Gold TDP All Sales Daily Step Function"
Value: !Ref GoldTdpAllSalesDailyStepFunction
Upvotes: 1
Views: 47
Answers (1)
RagePwn
Reputation: 421
Then Name was too long. Wasn't seeing in the git workflow console, but it was showing up in the CloudFormation console.
Upvotes: 0
Related Questions
- AWS SAM YAML template - Unknown Tag !Ref
- How do you create a Resource for a Step Function StateMachine using YAML?
- Difference between SAM template and Cloudformation template
- AWS-backup: The provided policy document does not meet the requirements of the specified policy type
- using !Ref in second argument in SAM template
- Create IAM role from template in SAM
- cnf-init throws Python error on ubuntu ami
- CloudFormation target group health checks are inconsistent
- SAM Deployment failed Error- Waiter StackCreateComplete failed: Waiter encountered a terminal failure state