[Docs]: aws_sfn_state_machine logging_configuration has incorrect information

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.

Mozilla Public License 2.0

9.61k stars 9k forks source link

Documentation Link

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sfn_state_machine#logging_configuration-configuration-block

Description

In documentation, logging_configuration of aws_sfn_state_machine states that logging is only supported by EXPRESS workflows:

The logging_configuration parameter is only valid when type is set to EXPRESS.

This is not true (at least not anymore), standard workflows support logging as well. There are no limitations specified in LoggingConfiguration section of CreateStateMachine. I have also deployed a state machine using below template, and logging was properly configured for a standard workflow:

  name     = "my-state-machine"
  role_arn = "arn:aws:iam::123456789012:role/mystatemachinerole"

  definition = <<EOF
{
  "Comment": "A Hello World example of the Amazon States Language using an AWS Lambda Function",
  "StartAt": "HelloWorld",
  "States": {
    "HelloWorld": {
      "Type": "Task",
      "Resource": "arn:aws:lambda:us-east-1:123456789012:myfunction",
      "End": true
    }
  }
}
EOF

  logging_configuration {
    log_destination        = "arn:aws:logs:us-east-1:123456789012:log-group:/aws/statemachine/mystatemachine:*"
    include_execution_data = true
    level                  = "ERROR"
  }
}

References

No response

Would you like to implement a fix?

None

Community Note

Voting for Prioritization

Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.

Please see our prioritization guide for information on how we prioritize.

Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

If you are interested in working on this issue, please leave a comment.

If this would be your first contribution, please review the contribution guide.

h2. AWS Logging Documentation for Step Functions

When you create a Standard Workflow using the Step Functions console, it will not be configured to enable logging to CloudWatch Logs. An Express Workflow created using the Step Functions console will by default be configured to enable logging to CloudWatch Logs.

For Express workflows, Step Functions can create a role with the necessary AWS Identity and Access Management (IAM) policy for CloudWatch Logs. If you create a Standard Workflow, or an Express Workflow using the API, CLI, or AWS CloudFormation, Step Functions will not enable logging by default, and you will need ensure your role has the necessary permissions.

https://docs.aws.amazon.com/step-functions/latest/dg/cw-logs.html

hashicorp / terraform-provider-aws