fix(stepfunctions-tasks): jobQueueArn support JsonPath or JSONata

[phuhung273]

Issue # (if applicable)

Closes #33580

Reason for this change

Incorrect IAM Policy for jobQueueArn when using JsonPath or JSONata

Description of changes

For JsonPath or JSONata jobQueueArn, IAM Policy use wildcard (*)

Describe any new or updated permissions being added

For JsonPath or JSONata jobQueueArn, IAM Policy use wildcard (*)

Description of how you validated changes

Unit test

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

(This review is outdated)

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.38%. Comparing base (fada917) to head (5b056a2).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #33670   +/-   ##
=======================================
  Coverage   82.38%   82.38%           
=======================================
  Files         120      120           
  Lines        6937     6937           
  Branches     1170     1170           
=======================================
  Hits         5715     5715           
  Misses       1119     1119           
  Partials      103      103           

Flag	Coverage Δ
suite.unit	82.38% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
packages/aws-cdk	∅ <ø> (∅)
packages/aws-cdk-lib/core	82.38% <ø> (ø)

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[scorbiere]

Can you clarify the motivation for this change?

[phuhung273]

Yes sure. The context is:

• Back in the day, Lambda image behaviour was like executing a job: run and exit
• Now, all Lambda image act like a backend server: keep running forever

When I tried the old Dockerfile, StateMachine execution never escape RUNNING state as ECS serve the image as a server.

So I decided to use the plain python image.

One weird thing is although there is a test using the changed Dockerfile, no snapshot change was detected. So I only ran my new test file.

[scorbiere]

One weird thing is although there is a test using the changed Dockerfile, no snapshot change was detected. So I only ran my new test file.

After checking the implementation of DockerImageAsset I don't see any logic which use the docker file's content to compute asset's hash.

[scorbiere]

Hi @phuhung273, thank you for this PR. I am good with the changes, and I can approve after you answer my comment.

[aws-cdk-automation]

(This review is outdated)

[scorbiere]

Also adding some useful links:

• https://docs.aws.amazon.com/step-functions/latest/dg/service-integration-iam-templates.html#connect-iam-dynamic-static
• https://docs.aws.amazon.com/step-functions/latest/dg/connect-batch.html#batch-iam

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 5b056a2
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.