Executing Step Functions workflows on a CloudWatch schedule
TypeScriptTo execute Step Functions workflows on a CloudWatch schedule, we'll use two main resources: an AWS Step Functions State Machine to define the workflow and an AWS CloudWatch Events Rule to trigger the workflow on a schedule.
We're going to:
- Define an AWS Step Functions state machine that encapsulates your workflow logic.
- Create a CloudWatch Events Rule that specifies when the workflow should be triggered.
- Add a target to the CloudWatch Rule that invokes your Step Functions state machine.
Let's break down the steps in code:
-
Define the Step Functions state machine: We use
aws.sfn.StateMachine
to create a new State Machine. Here, you would replacedefinition
with the actual JSON definition of your workflow. -
Create the CloudWatch Events Rule: With
aws.cloudwatch.EventRule
, we set up a rule with ascheduleExpression
that follows the cron or rate format to define when the workflow should be triggered. -
Target the Step Functions state machine: By using
aws.cloudwatch.EventTarget
, we connect the CloudWatch Events Rule to our State Machine. The ARN of the State Machine is used to set the target. -
Set permissions: An
aws.iam.Role
and anaws.iam.RolePolicyAttachment
are used to grant the necessary permissions for CloudWatch Events to start executions of the State Machine.
Below is the TypeScript program which accomplishes the setup described:
import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws"; // Define an AWS Step Functions State Machine to describe your workflow. const stateMachine = new aws.sfn.StateMachine("myStateMachine", { roleArn: "arn:aws:iam::123456789012:role/service-role/StepFunctions-myStateMachine-role-12345678", // Replace with the correct role ARN definition: `{ "Comment": "A simple minimal example of the States language", "StartAt": "HelloWorld", "States": { "HelloWorld": { "Type": "Pass", "Result": "Hello, World!", "End": true } } }` }); // Create a CloudWatch Events Rule to schedule when the workflow (Step Function) should be triggered. const scheduleRule = new aws.cloudwatch.EventRule("myScheduleRule", { scheduleExpression: "cron(0 20 * * ? *)", // Run at 20:00 UTC every day }); // Set the Step Functions state machine as the target of the CloudWatch Events Rule. const stateMachineTarget = new aws.cloudwatch.EventTarget("myStateMachineTarget", { rule: scheduleRule.name, arn: stateMachine.arn, // Define the JSON input for the workflow, if necessary. input: JSON.stringify({ "key1": "value1" }), }); // Create the necessary IAM Role and Attach policy to grant permissions required for this operation. const eventRole = new aws.iam.Role("myEventRole", { assumeRolePolicy: `{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Action": "sts:AssumeRole" }] }` }); // Attach policy to the role for CloudWatch Events to invoke the Step Functions state machine. const policyAttachment = new aws.iam.RolePolicyAttachment("myPolicyAttachment", { role: eventRole.name, policyArn: "arn:aws:iam::aws:policy/service-role/AWS_StepFunctions_FullAccess" }); // Allow CloudWatch Events to start the Step Functions Workflow. const permission = new aws.lambda.Permission("myPermission", { action: "lambda:InvokeFunction", principal: "events.amazonaws.com", sourceArn: scheduleRule.arn, function: stateMachine.arn, // You must set the role here to the one CloudWatch will assume role: eventRole.arn, }); // Export the name of the state machine and the CloudWatch event rule export const stateMachineName = stateMachine.name; export const scheduleRuleName = scheduleRule.name;
In this program, replace the
roleArn
with the ARN of the IAM Role that you have predefined for your Step Functions. This role should have the necessary permissions to execute your state machine.The
scheduleExpression
is set to trigger at 20:00 UTC every day; you can adjust it to match your scheduling needs. Thecron
expression here means: at 20:00 hours, every day.The
AWS_StepFunctions_FullAccess
policy is a managed policy that allows the execution of Step Functions. Depending on your use case, you might need to create and use a more restrictive policy.Remember to replace or define any placeholders with actual values specific to your environment or requirements, such as the
definition
of the state machine androleArn
.This pulumi program shows the minimum required to set up a CloudWatch scheduled event that triggers a Step Functions state machine. Modify the event pattern, input, and other resource attributes as necessary for your specific workflow.