Skip to content

Latest commit

 

History

History
147 lines (127 loc) · 12.7 KB

README.md

File metadata and controls

147 lines (127 loc) · 12.7 KB

terraform-aws-step-functions

Usage

module "state_machine" {
  source = "git::ssh://git@github.com/oozou/terraform-aws-step-functions.git?ref=<version>"

  prefix      = "oozou"
  environment = "dev"
  name        = "schedule"

  # IAM
  is_create_role             = true
  exists_role_arn            = ""  # Ignore if is_create_role is `true`
  additional_role_policy_arn = {}

  # State machine settings
  type       = "STANDARD"  # Or EXPRESS is allowed
  ## Recommendation use this; copy definition and insert here or using templatefile function
  ## https://ap-southeast-1.console.aws.amazon.com/states/home?region=ap-southeast-1#/homepage
  definition = <<EOF
{
  "Comment": "A description of my state machine",
  "StartAt": "LambdaInvoke",
  "States": {
    "LambdaInvoke": {
      "Type": "Task",
      "Resource": "arn:aws:states:::lambda:invoke",
      "OutputPath": "$.Payload",
      "Parameters": {
        "Payload.$": "$",
        "FunctionName": "${module.lambda.function_arn}"
      },
      "Next": "CheckStatusCode"
    },
    "CheckStatusCode": {
      "Type": "Choice",
      "InputPath": "$",
      "Choices": [
        {
          "Variable": "$.statusCode",
          "NumericEquals": 500,
          "Next": "Wait"
        }
      ],
      "Default": "SuccessState"
    },
    "Wait": {
      "Type": "Wait",
      "OutputPath": "$.event",
      "Seconds": 10,
      "Next": "LambdaInvoke"
    },
    "SuccessState": {
      "Type": "Succeed"
    }
  }
}
EOF

  # Auto generate policy related to this resource
  service_integrations = {
    lambda = {
      lambda = ["<arn_of_lambda_function>*"]
    }
  }

  # Logging 
  is_create_cloudwatch_log_group   = true
  log_include_execution_data       = null
  log_level                        = "ALL"
  cloudwatch_log_retention_in_days = 30

  tags = { "Workspace" = "xxx-yyy-zzz" }
}

Requirements

Name Version
terraform >= 1.0.0
aws >= 4.00

Providers

Name Version
aws 4.19.0

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.this resource
aws_iam_policy.log_access_policy resource
aws_iam_policy.service resource
aws_iam_role.this resource
aws_iam_role_policy_attachment.log_acces resource
aws_iam_role_policy_attachment.service resource
aws_iam_role_policy_attachment.this resource
aws_sfn_state_machine.this resource
aws_caller_identity.this data source
aws_iam_policy_document.assume_role data source
aws_iam_policy_document.log_access_policy data source
aws_iam_policy_document.service data source
aws_region.this data source

Inputs

Name Description Type Default Required
additional_role_policy_arn Map of policies ARNs to attach to the lambda map(string) {} no
attach_policies_for_integrations Whether to attach AWS Service policies to IAM role bool true no
cloudwatch_log_retention_in_days Retention day for cloudwatch log group number 90 no
definition The Amazon States Language definition of the Step Function string n/a yes
environment Environment Variable used as a prefix string n/a yes
exists_role_arn The exist role arn for step functions string "" no
is_create_cloudwatch_log_group Whether to create cloudwatch log group or not bool true no
is_create_role Whether to create step function roles or not bool true no
kms_key_id The ARN for the KMS encryption key. Leave this default if account_mode is hub. If account_mode is spoke, please provide centrailize kms key arn (hub). string "" no
log_include_execution_data (Optional) Determines whether execution data is included in your log. When set to false, data is excluded. bool null no
log_level (Optional) Defines which category of execution history events are logged. Valid values: ALL, ERROR, FATAL, OFF string "OFF" no
name Name of the ECS cluster to create string n/a yes
prefix The prefix name of customer to be displayed in AWS console and resource string n/a yes
service_integrations Map of AWS service integrations to allow in IAM role policy any {} no
tags Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys map(any) {} no
trusted_entities Step Function additional trusted entities for assuming roles (trust relationship) list(string) [] no
type Determines whether a Standard or Express state machine is created. The default is STANDARD. Valid Values: STANDARD | EXPRESS string "STANDARD" no

Outputs

Name Description
role_arn The ARN of the IAM role created for the Step Function
role_name The name of the IAM role created for the Step Function
state_machine_arn The ARN of the Step Function
state_machine_creation_date The date the Step Function was created
state_machine_id The ARN of the Step Function
state_machine_status The current status of the Step Function