Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-stepfunctions-tasks: state machine role is missing sagemaker:AddTags permission for SageMakerCreateTrainingJob task #32294

Closed
1 task
historyandfun opened this issue Nov 26, 2024 · 3 comments · Fixed by #32536
Closed
1 task

aws-stepfunctions-tasks: state machine role is missing sagemaker:AddTags permission for SageMakerCreateTrainingJob task #32294

historyandfun opened this issue Nov 26, 2024 · 3 comments · Fixed by #32536
Labels
@aws-cdk/aws-stepfunctions-tasks bug This issue is a bug. effort/small Small work item – less than a day of effort p2

Comments

@historyandfun
Copy link

historyandfun commented Nov 26, 2024
edited
Loading

Describe the bug

When a step function trigger a sagemaker training job, the step function fails with error is not authorized to perform: sagemaker:AddTags on resource: arn:aws:sagemaker:us-east-1:xxxx:training-job/xxxx because no identity-based policy allows the sagemaker:AddTags action. It could be a similar issue as #26012.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

If the permission is required, the step function should generate role with permission sagemaker:AddTags.

Current Behavior

The generated step function role for SageMakerCreateTrainingJob misses permission sagemaker:AddTags.

Reproduction Steps

const smStep = new tasks.SageMakerCreateTrainingJob(this, 'xxx', {
         integrationPattern: IntegrationPattern.RUN_JOB,
         ....
}

const stateMachine = new sfn.StateMachine(this, 'satemachine', {
            definition: smStep.next(xxx),
            ...
}

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.121.0

Framework Version

No response

Node.js Version

18

OS

linux

Language

TypeScript

Language Version

No response

Other information

No response
@historyandfun historyandfun added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 26, 2024
@ashishdhingra
Copy link
Contributor

Looking at high level, it appears to similar to issue #26012 (which was fixed via PR #27264). On the similar lines, we need to add permission in makePolicyStatements().

@ashishdhingra ashishdhingra added p2 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Nov 27, 2024
@github-actions github-actions bot mentioned this issue Dec 1, 2024
Closed
@phuhung273 phuhung273 mentioned this issue Dec 16, 2024
Merged
1 task
@mergify mergify bot closed this as completed in #32536 Feb 21, 2025
@mergify mergify bot closed this as completed in 3b07346 Feb 21, 2025
@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

1 similar comment
@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 21, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
@aws-cdk/aws-stepfunctions-tasks bug This issue is a bug. effort/small Small work item – less than a day of effort p2
Projects
None yet
Milestone
No milestone
2 participants
@ashishdhingra @historyandfun