Module: step-functions
Terraform module to provision AWS Step Functions.
Usage
For a complete example, see examples/complete
For automated tests of the complete example using bats and Terratest (which tests and deploys the example on AWS), see test.
locals {
enabled = module.this.enabled
logging_configuration = {
include_execution_data = true
level = "ALL"
}
# https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html
# https://docs.aws.amazon.com/step-functions/latest/dg/connect-parameters.html
definition = {
"Comment" = "Test Step Function"
"StartAt" = "Hello"
"States" = {
"Hello" = {
"Type" = "Pass"
"Result" = "Hello"
"Next" = "World"
},
"World" = {
"Type" = "Pass"
"Result" = "World"
"Next" = "Send message to SQS"
},
# https://docs.aws.amazon.com/step-functions/latest/dg/connect-sqs.html
"Send message to SQS" = {
"Type" = "Task"
"Resource" = "arn:aws:states:::sqs:sendMessage"
"Parameters" = {
"QueueUrl" = local.enabled ? aws_sqs_queue.default[0].url : ""
"MessageBody" = "Hello World"
}
"Next" = "Publish to SNS"
}
# https://docs.aws.amazon.com/step-functions/latest/dg/connect-sns.html
"Publish to SNS" = {
"Type" = "Task",
"Resource" = "arn:aws:states:::sns:publish"
"Parameters" = {
"TopicArn" = module.sns.sns_topic_arn
"Message" = "Hello World"
}
"End" = true
}
}
}
iam_policies = {
# https://docs.aws.amazon.com/step-functions/latest/dg/sns-iam.html
"SnsAllowPublish" = {
effect = "Allow"
actions = [
"sns:Publish"
]
resources = [
module.sns.sns_topic_arn
]
}
# https://docs.aws.amazon.com/step-functions/latest/dg/sqs-iam.html
"SqsAllowSendMessage" = {
effect = "Allow"
actions = [
"sqs:SendMessage"
]
resources = [
local.enabled ? aws_sqs_queue.default[0].arn : ""
]
}
}
}
module "step_function" {
source = "cloudposse/step-functions/aws"
# Cloud Posse recommends pinning every module to a specific version
version = "x.x.x"
type = "EXPRESS"
tracing_enabled = true
logging_configuration = local.logging_configuration
definition = local.definition
iam_policies = local.iam_policies
context = module.this.context
}
module "sns" {
source = "cloudposse/sns-topic/aws"
version = "0.20.2"
sqs_dlq_enabled = true
fifo_topic = true
fifo_queue_enabled = true
context = module.this.context
}
resource "aws_sqs_queue" "default" {
count = local.enabled ? 1 : 0
name = module.this.id
fifo_queue = false
visibility_timeout_seconds = 30
message_retention_seconds = 86400
max_message_size = 2048
delay_seconds = 90
receive_wait_time_seconds = 10
tags = module.this.tags
}
Variables
Required Variables
definition
(any
) requiredThe Amazon States Language definition for the Step Function. Refer to https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html for more details
Optional Variables
cloudwatch_log_group_kms_key_id
(string
) optionalThe ARN of the KMS Key to use when encrypting log data
Default value:
null
cloudwatch_log_group_name
(string
) optionalName of Cloudwatch Logs Group to use. If not provided, a name will be generated from the context
Default value:
null
cloudwatch_log_group_retention_in_days
(number
) optionalSpecifies the number of days to retain log events in the Log Group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653
Default value:
null
existing_aws_cloudwatch_log_group_arn
(string
) optionalThe Amazon Resource Name (ARN) of the existing CloudWatch Log Group to use for the Step Function. If not provided, a new CloudWatch Log Group will be created
Default value:
null
existing_iam_role_arn
(string
) optionalThe Amazon Resource Name (ARN) of the existing IAM role to use for the Step Function. If not provided, a new IAM role will be created
Default value:
null
iam_policies
optionalIAM policies to attach to the created IAM role for the Step Function. The map keys will be used as the policy SIDs
Type:
map(object({
effect = string
actions = optional(list(string))
not_actions = optional(list(string))
resources = optional(list(string))
not_resources = optional(list(string))
principals = optional(list(object({
type = string
identifiers = list(string)
})))
not_principals = optional(list(object({
type = string
identifiers = list(string)
})))
condition = optional(list(object({
test = string
variable = string
values = list(string)
})))
}))Default value:
{ }
logging_configuration
optionalDefines what execution history events are logged and where they are logged
Type:
object({
log_destination = optional(string)
include_execution_data = bool
level = string
})Default value:
{
"include_execution_data": false,
"level": "OFF"
}role_description
(string
) optionalDescription of the created IAM role
Default value:
null
role_force_detach_policies
(bool
) optionalSpecifies to force detaching any policies the created IAM role has before destroying it
Default value:
true
role_name
(string
) optionalName of the created IAM role. If not provided, a name will be generated from the context
Default value:
null
role_path
(string
) optionalPath of the created IAM role
Default value:
null
role_permissions_boundary
(string
) optionalThe ARN of the policy that is used to set the permissions boundary for the created IAM role
Default value:
null
step_function_name
(string
) optionalThe name of the Step Function. If not provided, a name will be generated from the context
Default value:
null
tracing_enabled
(bool
) optionalWhen set to true, AWS X-Ray tracing is enabled. Make sure the State Machine has the correct IAM policies for logging
Default value:
false
type
(string
) optionalDetermines whether a Standard or Express state machine is created. The default is STANDARD. Valid Values: STANDARD, EXPRESS
Default value:
"STANDARD"
Context Variables
The following variables are defined in the context.tf
file of this module and part of the terraform-null-label pattern.
context.tf
file of this module and part of the terraform-null-label pattern.Outputs
role_arn
The ARN of the IAM role created for the Step Function
role_name
The name of the IAM role created for the Step Function
state_machine_arn
State machine ARN
state_machine_creation_date
State machine creation date
state_machine_id
State machine ID
state_machine_status
State machine status
Dependencies
Requirements
terraform
, version:>= 1.3.0
aws
, version:>= 4.0
Providers
aws
, version:>= 4.0
Modules
Name | Version | Source | Description |
---|---|---|---|
logs_label | 0.25.0 | cloudposse/label/null | n/a |
this | 0.25.0 | cloudposse/label/null | n/a |
Resources
The following resources are used by this module:
aws_cloudwatch_log_group.logs
(resource)aws_iam_policy.default
(resource)aws_iam_policy.logs
(resource)aws_iam_policy_attachment.default
(resource)aws_iam_policy_attachment.logs
(resource)aws_iam_role.default
(resource)aws_sfn_state_machine.default
(resource)
Data Sources
The following data sources are used by this module:
aws_iam_policy_document.assume_role
(data source)aws_iam_policy_document.default
(data source)aws_iam_policy_document.logs
(data source)aws_region.current
(data source)