AWS Step Functions is the AWS serverless workflow orchestrator. Polysync uses the official AWS SDK for .NET v4 (AWSSDK.StepFunctions and AWSSDK.SecurityToken) to list state machines, start executions with a JSON input, poll execution status, parse output parameters from the execution result, and surface a direct link to the AWS Step Functions console for monitoring.
us-east-1, ap-southeast-2). All Step Functions API calls are region-scoped.sts:AssumeRoleWithWebIdentity. No long-lived secrets stored. Required attributes: Role ARN.
https://login.microsoftonline.com/<polysync-tenant-id>/v2.0) with audience sts.amazonaws.com.sts:AssumeRoleWithWebIdentity from that provider with a condition on the Polysync workload identity's sub/oid claim.sts:AssumeRole on the target role; the assumed role holds the Step Functions permissions.The role / user used to call Step Functions must hold (at minimum):
states:ListStateMachines — discover available state machines.states:DescribeStateMachine — read state machine metadata, including ARN, type, and execution role.states:StartExecution — start executions (scope to specific state-machine ARNs in production).states:DescribeExecution — poll execution status and read output.states:StopExecution — cancel running executions.Plus any IAM permissions the state machine's own execution role needs to call downstream services (defined on the state machine's role, not the Polysync caller).
Polysync calls ListStateMachines (paginated via NextToken) and for each entry calls DescribeStateMachine to capture metadata: the State Machine ARN, the Type (STANDARD or EXPRESS), and the execution role ARN. State machines are imported as Polysync Jobs identified by their ARN — Step Functions calls require the ARN (not the name).
State Functions has no formal input/output schema declaration, so Polysync imports no parameters by default. Users declare input and output parameters manually on the Job and tag each parameter's Direction (Input, Output, InputOutput).
StartExecution. The provider honours each parameter's declared data type (number, boolean, JSON object/array) when serialising. Parameters whose value is already a valid JSON object or array string are embedded as raw JSON, not strings.Output JSON once the execution reaches the terminal SUCCEEDED state. The provider parses the output and updates any parameter whose Direction is Output or Input&Output and whose name matches a top-level property of the output (case-insensitive).ExecutePipelineAsync builds the JSON input from input parameters, generates a unique 80-char execution name (Polysync-<guid>), and calls StartExecution(StateMachineArn, Name, Input, TraceHeader?).PipelineRun with the execution's ExecutionArn as the RunId — Step Functions accepts the ARN directly on follow-up calls, so no composite encoding is needed.GetPipelineRunStatusAsync calls DescribeExecution(ExecutionArn) and maps the status:
RUNNING / PENDING_REDRIVE → RunningSUCCEEDED → Success (Output JSON parsed for output parameters)FAILED / TIMED_OUT → Failed (Error + Cause surfaced on the run message)ABORTED → CancelledCancelPipelineRunAsync calls StopExecution(ExecutionArn, cause="Cancelled by Polysync", error="PolysyncCancellation").https://{region}.console.aws.amazon.com/states/home?region={region}#/v2/executions/details/{executionArn}
This deep-links into the AWS Step Functions console for the specific execution, showing the visual workflow, the per-state event history, and CloudWatch logs.
DescribeExecution, StopExecution) work normally.StartSyncExecution) are not used by this provider — Polysync uses the asynchronous StartExecution API for both Standard and Express, then polls with DescribeExecution. Note that Express executions may complete and become unqueryable before Polysync's next poll; in that case the provider relies on CloudWatch Logs for forensic detail.AccessDeniedException on StartExecution — the caller's IAM principal is missing states:StartExecution on arn:aws:states:{region}:{account}:stateMachine:{name}.StateMachineDoesNotExistException — confirm the state machine ARN is correct in the target region and the caller's IAM principal can DescribeStateMachine.InvalidExecutionInputException — the input payload is not valid JSON. Check that parameters declared with DataType=json contain well-formed JSON.ExecutionLimitExceeded — the account/region open-execution limit (default 1,000,000 for Standard, much higher for Express) has been reached.InvalidIdentityToken — check that the IAM Identity Provider's thumbprint matches login.microsoftonline.com, the audience is sts.amazonaws.com, and the role trust policy allows the Polysync workload identity's sub / oid.SUCCEEDED, the output is a valid JSON object (not a JSON string, number, or array at the root), the parameter's Direction is Output or Input&Output, and the parameter name matches a top-level property name in the output (case-insensitive).