2

I have been struggling with AWS Step Functions for hours now. The use case is quite simple as I want to get gradually familiar with AWS Step Functions. However, I think I do not understand how they handle errors that come back from a failed lambda function.

My State Machine

Here is the corresponding code:

{ "Comment": "A simple AWS Step Functions for managing users with in the context of the AWS Training Initiative at AXA.", "StartAt": "Process-All-Deletion", "States": { "Process-All-Deletion": { "Type": "Map", "InputPath": "$", "ItemsPath": "$.Users", "MaxConcurrency": 0, "Iterator": { "StartAt": "DeleteAccessKeys", "States": { "DeleteAccessKeys": { "Type": "Task", "Resource": "arn:aws:lambda:eu-central-1:###:function:listUserAccessKeys", "Next": "DetachUserPolicy", "Catch": [ { "ErrorEquals": ["NoSuchEntityException"], "ResultPath": "$.DeleteAccessKeysError", "Next": "CatchDeleteAccessKeysError" } ] }, "DetachUserPolicy": { "Type": "Task", "Resource": "arn:aws:lambda:eu-central-1:###:function:detachUserPolicy", "Next": "DeleteIamUser", "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "ResultPath": "$.ErrorDescription", "Next": "CatchDeleteUserPolicyError" } ] }, "DeleteIamUser": { "Type": "Task", "Resource": "arn:aws:lambda:eu-central-1:###:function:deleteIamUser", "End": true, "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "ResultPath": "$.ErrorDescription", "Next": "CatchDeleteIamUserError" } ] }, "CatchDeleteIamUserError": { "Type": "Task", "Resource": "arn:aws:lambda:eu-central-1:###:function:errorHandler", "End": true }, "CatchDeleteAccessKeysError": { "Type": "Task", "Resource": "arn:aws:lambda:eu-central-1:###:function:errorHandler", "Next": "DetachUserPolicy" }, "CatchDeleteUserPolicyError": { "Type": "Task", "Resource": "arn:aws:lambda:eu-central-1:###:function:errorHandler", "Next": "DeleteIamUser" } } }, "ResultPath": "$.Result", "End": true } } }

So basically the state machine should catch the error properly and the status should be orange respectively 'caught error' in 'DeleteAccessKeys'. Instead it turns into green.

This is the code of my lambda function:

 import boto3 import botocore print('Loading deleteUserAccessKeys function...') def deleteUserAccessKeys(message, context): # Get IAM client client = boto3.client('iam') item = message['Name'] try: # List all keys associated with the user result = client.list_access_keys(UserName=item) accessKeyIds = [accessKeyId for element['AccessKeyId'] in result['AccessKeyMetadata']] # Exit if there are no access keys if not accessKeyIds: return message # Delete all keys associated with the user for element in accessKeyIds: client.delete_access_key( UserName=item, AccessKeyId=element ) message['DeletedAccessKeys']=len(accessKeyIds) print(message) return message except botocore.exceptions.ClientError as error: print(error.response) if error.response['Error']['Code'] == 'NoSuchEntity': print('Entity not found exception') raise error else: raise Exception("Failed! Check the error!")

What might be the issue or what did I wrongly configure?

Improve this question
1
  • It seems to me that it is caught correctly since its in Outputs. Don't know why console shows its as green. Maybe some strange display bug?. More importantly, does your machine works as expected, regardless of what the console shows? Commented May 17, 2020 at 11:05

2 Answers 2

Reset to default
3

You need to check the exact exception name returned from your lambda. Check lambda's log to confirm this.

In case you want to quickly check if thats the problem, change the catch attribute under DeleteAccessKeys to States.All. This is the superclass of all named exceptions.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I found the reason by myself. I removed the the type "Map". I tried it then with just one single input without any iteration.

{ "Comment": "A simple AWS Step Functions for managing users with in the context of the AWS Training Initiative at AXA.", "StartAt": "DeleteAccessKeys", "States": { "DeleteAccessKeys": { "Type": "Task", "InputPath": "$.Users", "Resource": "arn:aws:lambda:eu-central-1:####:function:listUserAccessKeys", "End": true, "Catch": [ { "ErrorEquals": [ "NoSuchEntityException" ], "ResultPath": "$.DeleteAccessKeysError", "Next": "CatchDeleteAccessKeysError" } ] }, "CatchDeleteAccessKeysError": { "Type": "Task", "Resource": "arn:aws:lambda:eu-central-1:####:function:errorHandler", "End": true } } }

In the Web GUI it is then correctly displayed as "Caught Error" if e.g. the entity (NoSuchEntityException) does not exist.

Caught Error Example

If you iterate over input values as in my example in my first post caught errors will always be displayed as "Succeeded".

Improve this answer

1 Comment

Hi, I am struggling too with AWS Step functions error handling. Is there a way to directly catch the ClientError? I am having a catch block that has "States.ALL" specified in "ErrorEquals". The catch block and invokes an error handler function defined in a task state. However, the error passed to this handler is a dict and not of type "ClientError". Is there any way to do this?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.