diff --git a/samtranslator/model/intrinsics.py b/samtranslator/model/intrinsics.py index 215353e7c2..e17c8968a1 100644 --- a/samtranslator/model/intrinsics.py +++ b/samtranslator/model/intrinsics.py @@ -217,9 +217,15 @@ def get_logical_id_from_intrinsic(input: Any) -> Optional[str]: if isinstance(v, str): return v - # !GetAtt . + # Fn::GetAtt: [, ] v = input.get("Fn::GetAtt") if isinstance(v, list) and len(v) == 2 and isinstance(v[0], str): return v[0] + # Fn::GetAtt: . + if isinstance(v, str): + tokens = v.split(".") + if len(tokens) == 2: + return tokens[0] + return None diff --git a/tests/test_intrinsics.py b/tests/test_intrinsics.py index d7d6325580..7639fedb7d 100644 --- a/tests/test_intrinsics.py +++ b/tests/test_intrinsics.py @@ -86,6 +86,7 @@ def test_validate_intrinsic_if_items_invalid(self): @parameterized.expand( [ ({"Fn::GetAtt": ["Foo", "Bar"]}, "Foo"), + ({"Fn::GetAtt": "Foo.Bar"}, "Foo"), ({"Ref": "Foo"}, "Foo"), ] ) @@ -95,12 +96,13 @@ def test_get_logical_id_from_intrinsic_success(self, input, expected): @parameterized.expand( [ (None,), - ("Foo"), + ("Foo",), ({"Ref": True}), ({"Fn::GetAtt": "Foo"}), ({"Fn::GetAtt": ["Foo"]}), ({"Fn::GetAtt": [42, "Arn"]}), ({"Fn::If": ["Foo", "Bar"]}), + ({"Fn::GetAtt": "Foo.Bar.WhatEverThisIs"},), ] ) def test_get_logical_id_from_intrinsic_error(self, input): diff --git a/tests/translator/input/connector_sfn_to_sfn.yaml b/tests/translator/input/connector_sfn_to_sfn.yaml index b8bb3f9210..88aee0b6f8 100644 --- a/tests/translator/input/connector_sfn_to_sfn.yaml +++ b/tests/translator/input/connector_sfn_to_sfn.yaml @@ -8,7 +8,7 @@ Resources: States: TryDoSomething: Type: Task - Resource: arn:aws:states:::states:startExecution.sync:2 + Resource: !Sub arn:${AWS::Partition}:states:::states:startExecution.sync:2 Parameters: StateMachineArn: !Ref MyStateMachine End: True @@ -39,3 +39,59 @@ Resources: Permissions: - Read - Write + + StateMachineRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Action: [ 'sts:AssumeRole' ] + Effect: Allow + Principal: + Service: [ states.amazonaws.com ] + + TriggerStateMachineWithoutRole: + Type: AWS::Serverless::StateMachine + Properties: + Name: TriggerStateMachineWithoutRole + Role: !GetAtt StateMachineRole.Arn + Definition: + StartAt: Success + States: + Success: + Type: Succeed + + TriggerStateMachineWithoutRole2: + Type: AWS::Serverless::StateMachine + Properties: + Name: TriggerStateMachineWithoutRole + Role: + Fn::GetAtt: StateMachineRole.Arn + Definition: + StartAt: Success + States: + Success: + Type: Succeed + + MyConnectorProvidingRole1: + Type: AWS::Serverless::Connector + Properties: + Source: + Id: TriggerStateMachineWithoutRole + Destination: + Id: MyStateMachine + Permissions: + - Write + - Read + + MyConnectorProvidingRole2: + Type: AWS::Serverless::Connector + Properties: + Source: + Id: TriggerStateMachineWithoutRole2 + Destination: + Id: MyStateMachine + Permissions: + - Write + - Read diff --git a/tests/translator/output/aws-cn/connector_sfn_to_sfn.json b/tests/translator/output/aws-cn/connector_sfn_to_sfn.json index d79e529b0d..206bb9e75b 100644 --- a/tests/translator/output/aws-cn/connector_sfn_to_sfn.json +++ b/tests/translator/output/aws-cn/connector_sfn_to_sfn.json @@ -103,6 +103,212 @@ }, "Type": "AWS::IAM::ManagedPolicy" }, + "MyConnectorProvidingRole1Policy": { + "Metadata": { + "aws:sam:connectors": { + "MyConnectorProvidingRole1": { + "Destination": { + "Type": "AWS::Serverless::StateMachine" + }, + "Source": { + "Type": "AWS::Serverless::StateMachine" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": [ + "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:${DestinationName}:*", + { + "DestinationName": { + "Fn::GetAtt": [ + "MyStateMachine", + "Name" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" + } + ] + }, + { + "Action": [ + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Ref": "MyStateMachine" + } + ] + }, + { + "Action": [ + "states:StopExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": [ + "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:${DestinationName}:*", + { + "DestinationName": { + "Fn::GetAtt": [ + "MyStateMachine", + "Name" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" + } + ] + } + ], + "Version": "2012-10-17" + }, + "Roles": [ + { + "Ref": "StateMachineRole" + } + ] + }, + "Type": "AWS::IAM::ManagedPolicy" + }, + "MyConnectorProvidingRole2Policy": { + "Metadata": { + "aws:sam:connectors": { + "MyConnectorProvidingRole2": { + "Destination": { + "Type": "AWS::Serverless::StateMachine" + }, + "Source": { + "Type": "AWS::Serverless::StateMachine" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": [ + "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:${DestinationName}:*", + { + "DestinationName": { + "Fn::GetAtt": [ + "MyStateMachine", + "Name" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" + } + ] + }, + { + "Action": [ + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Ref": "MyStateMachine" + } + ] + }, + { + "Action": [ + "states:StopExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": [ + "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:${DestinationName}:*", + { + "DestinationName": { + "Fn::GetAtt": [ + "MyStateMachine", + "Name" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" + } + ] + } + ], + "Version": "2012-10-17" + }, + "Roles": [ + { + "Ref": "StateMachineRole" + } + ] + }, + "Type": "AWS::IAM::ManagedPolicy" + }, "MyStateMachine": { "Properties": { "DefinitionString": { @@ -187,6 +393,27 @@ }, "Type": "AWS::IAM::Role" }, + "StateMachineRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "states.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + } + }, + "Type": "AWS::IAM::Role" + }, "TriggerStateMachine": { "DependsOn": [ "MyConnectorPolicy" @@ -204,7 +431,7 @@ " \"Parameters\": {", " \"StateMachineArn\": \"${definition_substitution_1}\"", " },", - " \"Resource\": \"arn:aws:states:::states:startExecution.sync:2\",", + " \"Resource\": \"${definition_substitution_2}\",", " \"Type\": \"Task\"", " }", " }", @@ -215,6 +442,9 @@ "DefinitionSubstitutions": { "definition_substitution_1": { "Ref": "MyStateMachine" + }, + "definition_substitution_2": { + "Fn::Sub": "arn:${AWS::Partition}:states:::states:startExecution.sync:2" } }, "RoleArn": { @@ -283,6 +513,75 @@ ] }, "Type": "AWS::IAM::Role" + }, + "TriggerStateMachineWithoutRole": { + "DependsOn": [ + "MyConnectorProvidingRole1Policy" + ], + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"Success\",", + " \"States\": {", + " \"Success\": {", + " \"Type\": \"Succeed\"", + " }", + " }", + "}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRole", + "Arn" + ] + }, + "StateMachineName": "TriggerStateMachineWithoutRole", + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::StepFunctions::StateMachine" + }, + "TriggerStateMachineWithoutRole2": { + "DependsOn": [ + "MyConnectorProvidingRole2Policy" + ], + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"Success\",", + " \"States\": {", + " \"Success\": {", + " \"Type\": \"Succeed\"", + " }", + " }", + "}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": "StateMachineRole.Arn" + }, + "StateMachineName": "TriggerStateMachineWithoutRole", + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::StepFunctions::StateMachine" } } } diff --git a/tests/translator/output/aws-us-gov/connector_sfn_to_sfn.json b/tests/translator/output/aws-us-gov/connector_sfn_to_sfn.json index d79e529b0d..206bb9e75b 100644 --- a/tests/translator/output/aws-us-gov/connector_sfn_to_sfn.json +++ b/tests/translator/output/aws-us-gov/connector_sfn_to_sfn.json @@ -103,6 +103,212 @@ }, "Type": "AWS::IAM::ManagedPolicy" }, + "MyConnectorProvidingRole1Policy": { + "Metadata": { + "aws:sam:connectors": { + "MyConnectorProvidingRole1": { + "Destination": { + "Type": "AWS::Serverless::StateMachine" + }, + "Source": { + "Type": "AWS::Serverless::StateMachine" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": [ + "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:${DestinationName}:*", + { + "DestinationName": { + "Fn::GetAtt": [ + "MyStateMachine", + "Name" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" + } + ] + }, + { + "Action": [ + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Ref": "MyStateMachine" + } + ] + }, + { + "Action": [ + "states:StopExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": [ + "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:${DestinationName}:*", + { + "DestinationName": { + "Fn::GetAtt": [ + "MyStateMachine", + "Name" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" + } + ] + } + ], + "Version": "2012-10-17" + }, + "Roles": [ + { + "Ref": "StateMachineRole" + } + ] + }, + "Type": "AWS::IAM::ManagedPolicy" + }, + "MyConnectorProvidingRole2Policy": { + "Metadata": { + "aws:sam:connectors": { + "MyConnectorProvidingRole2": { + "Destination": { + "Type": "AWS::Serverless::StateMachine" + }, + "Source": { + "Type": "AWS::Serverless::StateMachine" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": [ + "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:${DestinationName}:*", + { + "DestinationName": { + "Fn::GetAtt": [ + "MyStateMachine", + "Name" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" + } + ] + }, + { + "Action": [ + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Ref": "MyStateMachine" + } + ] + }, + { + "Action": [ + "states:StopExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": [ + "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:${DestinationName}:*", + { + "DestinationName": { + "Fn::GetAtt": [ + "MyStateMachine", + "Name" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" + } + ] + } + ], + "Version": "2012-10-17" + }, + "Roles": [ + { + "Ref": "StateMachineRole" + } + ] + }, + "Type": "AWS::IAM::ManagedPolicy" + }, "MyStateMachine": { "Properties": { "DefinitionString": { @@ -187,6 +393,27 @@ }, "Type": "AWS::IAM::Role" }, + "StateMachineRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "states.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + } + }, + "Type": "AWS::IAM::Role" + }, "TriggerStateMachine": { "DependsOn": [ "MyConnectorPolicy" @@ -204,7 +431,7 @@ " \"Parameters\": {", " \"StateMachineArn\": \"${definition_substitution_1}\"", " },", - " \"Resource\": \"arn:aws:states:::states:startExecution.sync:2\",", + " \"Resource\": \"${definition_substitution_2}\",", " \"Type\": \"Task\"", " }", " }", @@ -215,6 +442,9 @@ "DefinitionSubstitutions": { "definition_substitution_1": { "Ref": "MyStateMachine" + }, + "definition_substitution_2": { + "Fn::Sub": "arn:${AWS::Partition}:states:::states:startExecution.sync:2" } }, "RoleArn": { @@ -283,6 +513,75 @@ ] }, "Type": "AWS::IAM::Role" + }, + "TriggerStateMachineWithoutRole": { + "DependsOn": [ + "MyConnectorProvidingRole1Policy" + ], + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"Success\",", + " \"States\": {", + " \"Success\": {", + " \"Type\": \"Succeed\"", + " }", + " }", + "}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRole", + "Arn" + ] + }, + "StateMachineName": "TriggerStateMachineWithoutRole", + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::StepFunctions::StateMachine" + }, + "TriggerStateMachineWithoutRole2": { + "DependsOn": [ + "MyConnectorProvidingRole2Policy" + ], + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"Success\",", + " \"States\": {", + " \"Success\": {", + " \"Type\": \"Succeed\"", + " }", + " }", + "}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": "StateMachineRole.Arn" + }, + "StateMachineName": "TriggerStateMachineWithoutRole", + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::StepFunctions::StateMachine" } } } diff --git a/tests/translator/output/connector_sfn_to_sfn.json b/tests/translator/output/connector_sfn_to_sfn.json index d79e529b0d..206bb9e75b 100644 --- a/tests/translator/output/connector_sfn_to_sfn.json +++ b/tests/translator/output/connector_sfn_to_sfn.json @@ -103,6 +103,212 @@ }, "Type": "AWS::IAM::ManagedPolicy" }, + "MyConnectorProvidingRole1Policy": { + "Metadata": { + "aws:sam:connectors": { + "MyConnectorProvidingRole1": { + "Destination": { + "Type": "AWS::Serverless::StateMachine" + }, + "Source": { + "Type": "AWS::Serverless::StateMachine" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": [ + "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:${DestinationName}:*", + { + "DestinationName": { + "Fn::GetAtt": [ + "MyStateMachine", + "Name" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" + } + ] + }, + { + "Action": [ + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Ref": "MyStateMachine" + } + ] + }, + { + "Action": [ + "states:StopExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": [ + "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:${DestinationName}:*", + { + "DestinationName": { + "Fn::GetAtt": [ + "MyStateMachine", + "Name" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" + } + ] + } + ], + "Version": "2012-10-17" + }, + "Roles": [ + { + "Ref": "StateMachineRole" + } + ] + }, + "Type": "AWS::IAM::ManagedPolicy" + }, + "MyConnectorProvidingRole2Policy": { + "Metadata": { + "aws:sam:connectors": { + "MyConnectorProvidingRole2": { + "Destination": { + "Type": "AWS::Serverless::StateMachine" + }, + "Source": { + "Type": "AWS::Serverless::StateMachine" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": [ + "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:${DestinationName}:*", + { + "DestinationName": { + "Fn::GetAtt": [ + "MyStateMachine", + "Name" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" + } + ] + }, + { + "Action": [ + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Ref": "MyStateMachine" + } + ] + }, + { + "Action": [ + "states:StopExecution" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": [ + "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:execution:${DestinationName}:*", + { + "DestinationName": { + "Fn::GetAtt": [ + "MyStateMachine", + "Name" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Sub": "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule" + } + ] + } + ], + "Version": "2012-10-17" + }, + "Roles": [ + { + "Ref": "StateMachineRole" + } + ] + }, + "Type": "AWS::IAM::ManagedPolicy" + }, "MyStateMachine": { "Properties": { "DefinitionString": { @@ -187,6 +393,27 @@ }, "Type": "AWS::IAM::Role" }, + "StateMachineRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "states.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + } + }, + "Type": "AWS::IAM::Role" + }, "TriggerStateMachine": { "DependsOn": [ "MyConnectorPolicy" @@ -204,7 +431,7 @@ " \"Parameters\": {", " \"StateMachineArn\": \"${definition_substitution_1}\"", " },", - " \"Resource\": \"arn:aws:states:::states:startExecution.sync:2\",", + " \"Resource\": \"${definition_substitution_2}\",", " \"Type\": \"Task\"", " }", " }", @@ -215,6 +442,9 @@ "DefinitionSubstitutions": { "definition_substitution_1": { "Ref": "MyStateMachine" + }, + "definition_substitution_2": { + "Fn::Sub": "arn:${AWS::Partition}:states:::states:startExecution.sync:2" } }, "RoleArn": { @@ -283,6 +513,75 @@ ] }, "Type": "AWS::IAM::Role" + }, + "TriggerStateMachineWithoutRole": { + "DependsOn": [ + "MyConnectorProvidingRole1Policy" + ], + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"Success\",", + " \"States\": {", + " \"Success\": {", + " \"Type\": \"Succeed\"", + " }", + " }", + "}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRole", + "Arn" + ] + }, + "StateMachineName": "TriggerStateMachineWithoutRole", + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::StepFunctions::StateMachine" + }, + "TriggerStateMachineWithoutRole2": { + "DependsOn": [ + "MyConnectorProvidingRole2Policy" + ], + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"Success\",", + " \"States\": {", + " \"Success\": {", + " \"Type\": \"Succeed\"", + " }", + " }", + "}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": "StateMachineRole.Arn" + }, + "StateMachineName": "TriggerStateMachineWithoutRole", + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::StepFunctions::StateMachine" } } }