Closed5
【AWS】StepFunctionsを試す
not75743なに
フローを視覚的に管理できるツール。
複数のAWSサービス間でのタスクの自動化や連携を簡単に設計、実行、管理することができる
ユースケース
エラー処理が便利そう
not75743以下が初心者に優しそうなので参考にさせていただく
not75743メモ
not75743ステートマシン①
{
"Comment": "Sample AWS Step functions flow",
"StartAt": "TaskSampleCall",
"States": {
"TaskSampleCall": {
"Comment": "SampleCallの呼び出し",
"Type": "Task",
"Resource": "arn:aws:lambda:ap-northeast-1:(AWSユーザーID):function:SampleCall",
"InputPath": "$",
"ResultPath": "$.SampleCallResult",
"OutputPath": "$",
"End": true
}
}
}
-
type:ステートマシンによって実行される単一の作業単位を表す。Taskの場合LambdaだったりAWSサービスを実行可能 -
InputPath:タスクに渡す入力データのJSONパスを指定。"$"は全ての入力データをそのままタスクに渡すことを意味する。- OutputPathも同様の考え
not75743飽きた...
すぐに戻ってこれるようにterraformコードに起こした
副産物のLambdaモジュールは複数Lambdaを立ち上げることが出来て便利
Lambdaモジュール
階層
階層
├── lambda_function
│ ├── lambda1
│ │ └── lambda1.py
│ ├── lambda2
│ │ └── lambda2.py
│ └── lambda3
│ └── lambda3.py
├── lambda.tf
└── variables.tf
lambda.tf
lambda.tf
data "archive_file" "lambda" {
type = "zip"
source_dir = "${path.module}/lambda_function/${var.lambda_env}"
output_path = "${path.module}/${var.lambda_env}.zip"
}
resource "aws_lambda_function" "lambda" {
function_name = var.lambda_env
handler = "${var.lambda_env}.lambda_handler"
runtime = "python3.11"
filename = data.archive_file.lambda.output_path
source_code_hash = filebase64sha256(data.archive_file.lambda.output_path)
role = aws_iam_role.lambda.arn
}
resource "aws_iam_role" "lambda" {
name = "${var.lambda_env}-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_iam_policy" "lambda" {
name = "${var.lambda_env}-policy"
description = "IAM policy for the ${var.lambda_env}"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
Resource = [
aws_cloudwatch_log_group.lambda.arn,
"${aws_cloudwatch_log_group.lambda.arn}:*"
]
}
]
})
}
resource "aws_iam_role_policy_attachment" "lambda" {
role = aws_iam_role.lambda.name
policy_arn = aws_iam_policy.lambda.arn
}
resource "aws_cloudwatch_log_group" "lambda" {
name = "/aws/lambda/${aws_lambda_function.lambda.function_name}"
retention_in_days = 1
}
main.tf
module "test-multi-lambda" {
for_each = toset(["lambda1", "lambda2", "lambda3"])
source = "./modules/test-multi-lambda"
env = var.env
lambda_env = each.key
}
step functions
stepfunctions
main.tf
### IAM周り
resource "aws_iam_role" "step_functions" {
name = "StepFunctionsLambdaExecRole"
assume_role_policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Action = "sts:AssumeRole",
Effect = "Allow",
Principal = {
Service = "states.amazonaws.com"
}
},
]
})
}
resource "aws_iam_role_policy" "step_functions" {
name = "StepFunctionsLambdaPolicy"
role = aws_iam_role.step_functions.id
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Action = [
"lambda:InvokeFunction"
],
Effect = "Allow",
Resource = [
"*"
]
},
]
})
}
### state machine
resource "aws_sfn_state_machine" "step_functions" {
name = "SampleCalculationFlow"
role_arn = aws_iam_role.step_functions.arn
definition = <<EOF
{
"Comment": "Sample Calculation flow",
"StartAt": "TaskInitialSetting",
"States": {
"TaskInitialSetting": {
"Comment": "初期の値を設定します",
"Type": "Task",
"Resource": "arn:aws:lambda:ap-northeast-1:${local.account_id}:function:lambda1",
"InputPath": "$",
"ResultPath": "$.SettingResult",
"OutputPath": "$",
"Next": "TaskAddition"
},
"TaskAddition": {
"Comment": "足し算をおこないます",
"Type": "Task",
"Resource": "arn:aws:lambda:ap-northeast-1:${local.account_id}:function:lambda2",
"InputPath": "$",
"ResultPath": "$.AdditionResult",
"OutputPath": "$",
"Next": "TaskMultiply"
},
"TaskMultiply": {
"Comment": "掛け算をおこないます",
"Type": "Task",
"Resource": "arn:aws:lambda:ap-northeast-1:${local.account_id}:function:lambda3",
"InputPath": "$",
"ResultPath": "$.MultiplyResult",
"OutputPath": "$",
"End": true
}
}
}
EOF
}
このスクラップは5ヶ月前にクローズされました