-
Notifications
You must be signed in to change notification settings - Fork 4
/
template.yaml
154 lines (143 loc) · 4.75 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Description: |
Sample stack featuring a Step Functions workflow iterating over a list of
objects and modifying them in place.
Resources:
ProcessExecute:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub "${AWS::StackName}-ProcessExecute"
Description: Executes the processing workflow.
Role: !GetAtt ProcessWorkflowRole.Arn
Handler: "process-execute"
Runtime: go1.x
Timeout: 5
CodeUri: cmd/process-execute/
Environment:
Variables:
STATE_MACHINE_ARN: !Join ["", ["arn:aws:states:", Ref: "AWS::Region", ":", Ref: "AWS::AccountId", ":stateMachine:", Ref: "AWS::StackName","-Process"]]
ProcessMoveToEnd:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub "${AWS::StackName}-ProcessMoveToEnd"
Role: !GetAtt ProcessWorkflowRole.Arn
Handler: move-to-end
Runtime: go1.x
Timeout: 5
CodeUri: cmd/move-to-end/
ProcessWorkflowRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: !Sub "${AWS::StackName}-ProcessWorkflowRole"
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Sid: AllowLambdaServiceToAssumeRole
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Policies:
-
PolicyName: !Sub "${AWS::StackName}-ProcessWorkflowRole"
PolicyDocument:
Statement:
-
Effect: Allow
Action:
- states:StartExecution
Resource:
- !Join ["", ["arn:aws:states:", Ref: "AWS::Region", ":", Ref: "AWS::AccountId", ":stateMachine:", Ref: "AWS::StackName","-Process"]]
-
Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- !Join ["", ["arn:aws:logs:", Ref: "AWS::Region", ":", Ref: "AWS::AccountId", ":log-group:/aws/lambda/*"]]
StepFunctionsServiceRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: !Sub "${AWS::StackName}-StepFunctionsServiceRole"
Path: "/"
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: "Allow"
Sid: AllowStepFunctionsServiceToAssumeRole
Principal:
Service:
- !Sub states.${AWS::Region}.amazonaws.com
Action: "sts:AssumeRole"
Policies:
-
PolicyName: !Sub "${AWS::StackName}-StepFunctionsServiceRole"
PolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Action:
- lambda:InvokeFunction
Resource:
- !Join ["", ["arn:aws:lambda:", Ref: "AWS::Region", ":", Ref: "AWS::AccountId", ":", "function:*" ]]
ProcessWorkflow:
Type: "AWS::StepFunctions::StateMachine"
Properties:
StateMachineName: !Sub "${AWS::StackName}-Process"
DefinitionString: !Sub |
{
"Comment": "Processes an arbitrary list of jobs.",
"StartAt": "ProcessFirstPass",
"States": {
"ProcessFirstPass": {
"Type": "Pass",
"Result": "success",
"ResultPath": "$.jobs[0].firstResult",
"Next": "ProcessSecondPass"
},
"ProcessSecondPass": {
"Type": "Pass",
"Result": "success",
"ResultPath": "$.jobs[0].secondResult",
"Next": "MarkAsDone"
},
"MarkAsDone": {
"Type": "Pass",
"ResultPath": "$.jobs[0].done",
"Result": true,
"Next": "MoveToEnd"
},
"MoveToEnd": {
"Type": "Task",
"Comment": "Moves the currently processed job to the end of the array",
"InputPath": "$.jobs",
"ResultPath": "$.jobs",
"Resource": "${ProcessMoveToEnd.Arn}",
"Next": "AllDone"
},
"AllDone": {
"Type": "Choice",
"Choices": [
{
"Variable": "$.jobs[0].done",
"BooleanEquals": true,
"Next": "Done"
}
],
"Default": "ProcessFirstPass"
},
"Done": {
"Type": "Pass",
"End": true
}
}
}
RoleArn: !GetAtt StepFunctionsServiceRole.Arn