Fix Step Functions IAM Role Permissions for Log Destination Access #661
Description
During the CloudFormation deployment of GenAIChatBotStack, the creation of Step Functions state machines is failing due to insufficient IAM permissions. Specifically, the IAM roles used by the Step Functions cannot access the configured Log Destination, resulting in deployment failure and stack rollback
CREATE_FAILED | AWS::StepFunctions::StateMachine | RagEngines/DataImp...ImportStateMachine
Resource handler returned message: "The state machine IAM Role is not authorized to access the Log
CREATE_FAILED | AWS::StepFunctions::StateMachine | RagEngines/DataImp...ow/WebsiteCrawling
Resource handler returned message: "The state machine IAM Role is not authorized to access the Log Destination
The deployment fails and triggers a rollback of the entire stack, affecting multiple components including:
Data import workflows
Website crawling functionality
RSS subscription handlers
API resolvers
User interface components