1. Executing Step Functions workflows on a CloudWatch schedule

    TypeScript

    To execute Step Functions workflows on a CloudWatch schedule, we'll use two main resources: an AWS Step Functions State Machine to define the workflow and an AWS CloudWatch Events Rule to trigger the workflow on a schedule.

    We're going to:

    1. Define an AWS Step Functions state machine that encapsulates your workflow logic.
    2. Create a CloudWatch Events Rule that specifies when the workflow should be triggered.
    3. Add a target to the CloudWatch Rule that invokes your Step Functions state machine.

    Let's break down the steps in code:

    1. Define the Step Functions state machine: We use aws.sfn.StateMachine to create a new State Machine. Here, you would replace definition with the actual JSON definition of your workflow.

    2. Create the CloudWatch Events Rule: With aws.cloudwatch.EventRule, we set up a rule with a scheduleExpression that follows the cron or rate format to define when the workflow should be triggered.

    3. Target the Step Functions state machine: By using aws.cloudwatch.EventTarget, we connect the CloudWatch Events Rule to our State Machine. The ARN of the State Machine is used to set the target.

    4. Set permissions: An aws.iam.Role and an aws.iam.RolePolicyAttachment are used to grant the necessary permissions for CloudWatch Events to start executions of the State Machine.

    Below is the TypeScript program which accomplishes the setup described:

    import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws"; // Define an AWS Step Functions State Machine to describe your workflow. const stateMachine = new aws.sfn.StateMachine("myStateMachine", { roleArn: "arn:aws:iam::123456789012:role/service-role/StepFunctions-myStateMachine-role-12345678", // Replace with the correct role ARN definition: `{ "Comment": "A simple minimal example of the States language", "StartAt": "HelloWorld", "States": { "HelloWorld": { "Type": "Pass", "Result": "Hello, World!", "End": true } } }` }); // Create a CloudWatch Events Rule to schedule when the workflow (Step Function) should be triggered. const scheduleRule = new aws.cloudwatch.EventRule("myScheduleRule", { scheduleExpression: "cron(0 20 * * ? *)", // Run at 20:00 UTC every day }); // Set the Step Functions state machine as the target of the CloudWatch Events Rule. const stateMachineTarget = new aws.cloudwatch.EventTarget("myStateMachineTarget", { rule: scheduleRule.name, arn: stateMachine.arn, // Define the JSON input for the workflow, if necessary. input: JSON.stringify({ "key1": "value1" }), }); // Create the necessary IAM Role and Attach policy to grant permissions required for this operation. const eventRole = new aws.iam.Role("myEventRole", { assumeRolePolicy: `{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Action": "sts:AssumeRole" }] }` }); // Attach policy to the role for CloudWatch Events to invoke the Step Functions state machine. const policyAttachment = new aws.iam.RolePolicyAttachment("myPolicyAttachment", { role: eventRole.name, policyArn: "arn:aws:iam::aws:policy/service-role/AWS_StepFunctions_FullAccess" }); // Allow CloudWatch Events to start the Step Functions Workflow. const permission = new aws.lambda.Permission("myPermission", { action: "lambda:InvokeFunction", principal: "events.amazonaws.com", sourceArn: scheduleRule.arn, function: stateMachine.arn, // You must set the role here to the one CloudWatch will assume role: eventRole.arn, }); // Export the name of the state machine and the CloudWatch event rule export const stateMachineName = stateMachine.name; export const scheduleRuleName = scheduleRule.name;

    In this program, replace the roleArn with the ARN of the IAM Role that you have predefined for your Step Functions. This role should have the necessary permissions to execute your state machine.

    The scheduleExpression is set to trigger at 20:00 UTC every day; you can adjust it to match your scheduling needs. The cron expression here means: at 20:00 hours, every day.

    The AWS_StepFunctions_FullAccess policy is a managed policy that allows the execution of Step Functions. Depending on your use case, you might need to create and use a more restrictive policy.

    Remember to replace or define any placeholders with actual values specific to your environment or requirements, such as the definition of the state machine and roleArn.

    This pulumi program shows the minimum required to set up a CloudWatch scheduled event that triggers a Step Functions state machine. Modify the event pattern, input, and other resource attributes as necessary for your specific workflow.