You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Under the section Starting workflows from an S3 trigger, the provided sample code for the Lambda function does not work with IAM roles.
After uploading a video file in the S3 bucket, the Lambda function get triggered and send a request to the Workflow API. The error "The security token included in the request is invalid" is returned.
When using IAM roles, the SigV4 process requires to include the session token.
To Reproduce
Set up S3 trigger as included in the documentation
Do not replace values for variables access_key and secret_key in the Lambda code.
Upload file in S3.
Expected behavior
Workflow to be started.
Please complete the following information about the solution:
Version: [e.g. v1.0.0]
To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0021) - Video On Demand workflow with AWS Step Functions, MediaConvert, MediaPackage, S3, CloudFront and DynamoDB. Version v5.0.0". If the description does not contain the version information, you can look at the mappings section of the template:
@giusedroid and I were having a look at this, trying to trigger the Lambda function when uploading a file the the S3 bucket. We found that you need to add x-amz-security-token to the canonical headers, the signed headers and then the headers that are part of the request, looking something like this:
The main reason for this is that using the temporary credentials of the execution role of the Lambda function requires you to provide the security token as those credentials are part of AWS STS. Link
Yup, this was quite a headache to debug :P
If you're an amazon employee, we have an internal sample that we're looking to opensource in the next month or so: feel free to reach out on slack (gbatt) if you want access to a wokring example.
Describe the bug
Under the section Starting workflows from an S3 trigger, the provided sample code for the Lambda function does not work with IAM roles.
After uploading a video file in the S3 bucket, the Lambda function get triggered and send a request to the Workflow API. The error "The security token included in the request is invalid" is returned.
When using IAM roles, the SigV4 process requires to include the session token.
To Reproduce
access_key
andsecret_key
in the Lambda code.Expected behavior
Workflow to be started.
Please complete the following information about the solution:
To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0021) - Video On Demand workflow with AWS Step Functions, MediaConvert, MediaPackage, S3, CloudFront and DynamoDB. Version v5.0.0". If the description does not contain the version information, you can look at the mappings section of the template:
The text was updated successfully, but these errors were encountered: