Last active
April 14, 2024 07:26
-
-
Save toddlers/996a5bf1ad15583d169a68ee5d013764 to your computer and use it in GitHub Desktop.
aws api gateway with step function execution
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: 2010-09-09 | |
Description: My API Gateway and Lambda function | |
Parameters: | |
apiGatewayName: | |
Type: String | |
Default: my-api | |
apiGatewayStageName: | |
Type: String | |
AllowedPattern: "[a-z0-9]+" | |
Default: call | |
apiGatewayHTTPMethod: | |
Type: String | |
Default: POST | |
Resources: | |
apiGateway: | |
Type: AWS::ApiGateway::RestApi | |
Properties: | |
Description: Example API Gateway | |
EndpointConfiguration: | |
Types: | |
- REGIONAL | |
Name: !Ref apiGatewayName | |
apiGatewayRootMethod: | |
Type: "AWS::ApiGateway::Method" | |
DependsOn: | |
- SPIStateMachine | |
Properties: | |
ResourceId: !GetAtt apiGateway.RootResourceId | |
RestApiId: !Ref apiGateway | |
AuthorizationType: "NONE" | |
HttpMethod: "POST" | |
Integration: | |
Credentials: !GetAtt ApiGatewayStepFunctionsRole.Arn | |
IntegrationHttpMethod: "POST" | |
PassthroughBehavior: "NEVER" | |
IntegrationResponses: | |
- StatusCode: '200' | |
ResponseTemplates: | |
application/json: | | |
{ "executionId": "$input.json('executionArn').split(':').get(7) } | |
RequestTemplates: | |
application/json: | |
Fn::Sub: | |
- '{"input": "$util.escapeJavaScript($input.json(''$''))","stateMachineArn":"${arn}"}' | |
- arn: | |
Ref: SPIStateMachine | |
Type: "AWS" | |
Uri: | |
Fn::Join: | |
- '' | |
- - 'arn:aws:apigateway:' | |
- Ref: AWS::Region | |
- ":states:action/StartExecution" | |
apiGatewayDeployment: | |
Type: AWS::ApiGateway::Deployment | |
DependsOn: | |
- apiGatewayRootMethod | |
Properties: | |
RestApiId: !Ref apiGateway | |
StageName: !Ref apiGatewayStageName | |
ApiGatewayStepFunctionsRole: | |
Type: AWS::IAM::Role | |
Properties: | |
Path: !Join ["", ["/", !Ref "AWS::StackName", "/"]] | |
AssumeRolePolicyDocument: | |
Version: 2012-10-17 | |
Statement: | |
- Sid: AllowApiGatewayServiceToAssumeRole | |
Effect: Allow | |
Action: | |
- 'sts:AssumeRole' | |
Principal: | |
Service: | |
- apigateway.amazonaws.com | |
Policies: | |
- PolicyName: CallStepFunctions | |
PolicyDocument: | |
Version: 2012-10-17 | |
Statement: | |
- Effect: Allow | |
Action: | |
- 'states:StartExecution' | |
Resource: !Ref SPIStateMachine | |
- PolicyName: DescribeStepFunctionExecutions | |
PolicyDocument: | |
Version: 2012-10-17 | |
Statement: | |
- Effect: Allow | |
Action: | |
- 'states:DescribeExecution' | |
Resource: "*" | |
StateExecutionRole: | |
Type: AWS::IAM::Role | |
Properties: | |
AssumeRolePolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: | |
- !Sub states.${AWS::Region}.amazonaws.com | |
Action: | |
- 'sts:AssumeRole' | |
Policies: | |
- PolicyName: "StatesExecutionPolicy" | |
PolicyDocument: | |
Version: "2012-10-17" | |
Statement: | |
- Effect: "Allow" | |
Action: "lambda:InvokeFunction" | |
Resource: | |
- !GetAtt lambdaFunction.Arn | |
lambdaFunction: | |
Type: AWS::Lambda::Function | |
Properties: | |
Code: | |
ZipFile: | | |
def handler(event,context): | |
return { | |
'body': 'Hello there {0}'.format(event['requestContext']['identity']['sourceIp']), | |
'headers': { | |
'Content-Type': 'text/plain' | |
}, | |
'statusCode': 200 | |
} | |
Description: Example Lambda function | |
FunctionName: "myfunction" | |
Handler: index.handler | |
MemorySize: 128 | |
Role: !GetAtt LambdaRoleForRuleExecution.Arn | |
Runtime: python3.8 | |
LambdaRoleForRuleExecution: | |
Type: AWS::IAM::Role | |
Properties: | |
RoleName: !Sub ${AWS::StackName}-lambda-role | |
AssumeRolePolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Action: 'sts:AssumeRole' | |
Principal: | |
Service: lambda.amazonaws.com | |
Policies: | |
- PolicyName: WriteCloudWatchLogs | |
PolicyDocument: | |
Version: 2012-10-17 | |
Statement: | |
- Effect: Allow | |
Action: | |
- 'logs:CreateLogGroup' | |
- 'logs:CreateLogStream' | |
- 'logs:PutLogEvents' | |
Resource: 'arn:aws:logs:*:*:*' | |
PolicyName: lambda | |
SPIStateMachine: | |
Type: "AWS::StepFunctions::StateMachine" | |
Properties: | |
StateMachineName: "my-state-machine" | |
RoleArn: !GetAtt StateExecutionRole.Arn | |
DefinitionString: | |
Fn::Sub: | |
- '{"Comment":"A Hello World example of the Amazon States Language using an AWS Lambda function","StartAt":"HelloWorld","States":{"HelloWorld":{"Type":"Task","Resource":"${functionarn}","End":true}}}' | |
- functionarn: !GetAtt lambdaFunction.Arn | |
Outputs: | |
apiGatewayInvokeURL: | |
Value: !Sub https://${apiGateway}.execute-api.${AWS::Region}.amazonaws.com/${apiGatewayStageName} | |
lambdaArn: | |
Value: !GetAtt lambdaFunction.Arn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"stateMachineArn": "arn:aws:states:us-east-1:123456789:stateMachine:my-state-machine" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
NOTE: Lambda needs to be patched for the necessary return and corresponding
IAM Roles
needs to be trimmed down. I just wanted to make it execute it via CFN first that's all, rest of the stuff is trivial.