Integrate AWS Lambda in a Step Functions state machine with Amazon SQS and Amazon SNS
This sample project demonstrates how to integrate AWS Lambda functions in Step Functions state machines.
In this project, Step Functions uses Lambda functions to check a stock price and determine a buy or sell trading recommendation. The user is then provided this recommendation and can choose whether to buy or sell the stock. The result of the trade is returned using an SNS topic.
For more information about Step Functions service integrations, see the following:
-
IAM policies for:
Note
This sample project may incur charges.
For new AWS users, a free usage tier is available. On this tier, services are free below
a certain level of usage. For more information about AWS costs and the free tier, see Pricing
Step 1: Create the state machine
-
Open the Step Functions console
and choose Create state machine. -
Type
Orchestrate Lambda functionsin the search box, and then choose Orchestrate Lambda functions from the search results that are returned. -
Choose Next to continue.
-
Choose Run a demo to create a read-only and ready-to-deploy workflow, or choose Build on it to create an editable state machine definition that you can build on and later deploy.
This sample project deploys the following resources:
-
Five Lambda functions
-
An Amazon Simple Queue Service queue
-
An Amazon Simple Notification Service topic
-
An AWS Step Functions state machine
-
Related AWS Identity and Access Management (IAM) roles
The following image shows the workflow graph for the Orchestrate Lambda functions sample project:
-
-
Choose Use template to continue with your selection.
Next steps depend on your previous choice:
-
Run a demo – You can review the state machine before you create a read-only project with resources deployed by AWS CloudFormation to your AWS account.
You can view the state machine definition, and when you are ready, choose Deploy and run to deploy the project and create the resources.
Deploying can take up to 10 minutes to create resources and permissions. You can use the Stack ID link to monitor progress in AWS CloudFormation.
After deploy completes, you should see your new state machine in the console.
-
Build on it – You can review and edit the workflow definition. You might need to set values for placeholders in the sample project before attemping to run your custom workflow.
Note
Standard charges might apply for services deployed to your account.
Step 2: Run the state machine
After all the resources are provisioned and deployed, the Start execution dialog box is displayed.
-
On the State machines page, choose your sample project.
-
On the sample project page, choose Start execution.
-
In the Start execution dialog box, do the following:
-
(Optional) Enter a custom execution name to override the generated default.
Non-ASCII names and logging
Step Functions accepts names for state machines, executions, activities, and labels that contain non-ASCII characters. Because such characters will not work with Amazon CloudWatch, we recommend using only ASCII characters so you can track metrics in CloudWatch.
-
(Optional) In the Input box, enter input values as JSON. You can skip this step if you are running a demo.
-
Choose Start execution.
The Step Functions console will direct you to an Execution Details page where you can choose states in the Graph view to explore related information in the Step details pane.
-
About the state machine and its execution
The state machine in this sample project integrates with AWS Lambda by passing parameters directly to those resources, uses an Amazon SQS queue to manage the request for human approval, and uses an Amazon SNS topic to return the results of the query.
A Step Functions execution receives a JSON text as input and passes that input to the first state in the workflow. Individual states receive JSON data as input and usually pass JSON data as output to the next state. In this sample project, the output of each step is passed as input to the next step in the workflow. For example, the Generate Buy/Sell recommendation step receives the output of the Check Stock Price step as input. Further, the output of the Generate Buy/Sell recommendation step is passed as input to the next step, Request Human Approval, which mimics a human approval step.
Note
To view the output returned by a step and the input passed on to a step, open the Execution Details page for your workflow execution. In the Step details section, view the input and output for each step you select in the View mode.
To implement a human approval step, you typically pause the workflow execution until a task token is returned. In this sample project, a message is passed to an
Amazon SQS queue, which is used as a trigger to the Lambda function defined to handle callback functionality. The message contains a task token and the output returned by the
preceding step. The Lambda function is invoked with the payload of the message. The workflow execution is paused until it receives the task token back with a
SendTaskSuccess API call. For more information about task tokens, see
Wait for a Callback with Task Token.
The following code for the StepFunctionsSample-HelloLambda-ApproveSqsLambda function shows how it is defined to automatically approve any tasks submitted
by the Amazon SQS queue through the Step Functions state machine.
exports.lambdaHandler = (event, context, callback) => {
const stepfunctions = new aws.StepFunctions();
// For every record in sqs queue
for (const record of event.Records) {
const messageBody = JSON.parse(record.body);
const taskToken = messageBody.TaskToken;
const params = {
output: "\"approved\"",
taskToken: taskToken
};
console.log(`Calling Step Functions to complete callback task with params ${JSON.stringify(params)}`);
// Approve
stepfunctions.sendTaskSuccess(params, (err, data) => {
if (err) {
console.error(err.message);
callback(err.message);
return;
}
console.log(data);
callback(null);
});
}
};Browse through this example state machine to see how Step Functions controls Lambda and Amazon SQS.
For more information about how AWS Step Functions can control other AWS services, see Integrating services with Step Functions.
{
"StartAt": "Check Stock Price",
"States": {
"Check Stock Price": {
"Type": "Task",
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-HelloLam-CheckStockPriceLambda-444455556666",
"Next": "Generate Buy/Sell recommendation"
},
"Generate Buy/Sell recommendation": {
"Type": "Task",
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-Hello-GenerateBuySellRecommend-123456789012",
"ResultPath": "$.recommended_type",
"Next": "Request Human Approval"
},
"Request Human Approval": {
"Type": "Task",
"Resource": "arn:aws:states:::sqs:sendMessage.waitForTaskToken",
"Parameters": {
"QueueUrl": "https://sqs.us-west-1.amazonaws.com/111122223333/StepFunctionsSample-HelloLambda4444-5555-6666-RequestHumanApprovalSqs-777788889999",
"MessageBody": {
"Input.$": "$",
"TaskToken.$": "$$.Task.Token"
}
},
"ResultPath": null,
"Next": "Buy or Sell?"
},
"Buy or Sell?": {
"Type": "Choice",
"Choices": [
{
"Variable": "$.recommended_type",
"StringEquals": "buy",
"Next": "Buy Stock"
},
{
"Variable": "$.recommended_type",
"StringEquals": "sell",
"Next": "Sell Stock"
}
]
},
"Buy Stock": {
"Type": "Task",
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-HelloLambda-BuyStockLambda-000000000000",
"Next": "Report Result"
},
"Sell Stock": {
"Type": "Task",
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-HelloLambda-SellStockLambda-111111111111",
"Next": "Report Result"
},
"Report Result": {
"Type": "Task",
"Resource": "arn:aws:states:::sns:publish",
"Parameters": {
"TopicArn": "arn:aws:sns:us-west-1:111122223333:StepFunctionsSample-HelloLambda1111-2222-3333-ReportResultSnsTopic-222222222222",
"Message": {
"Input.$": "$"
}
},
"End": true
}
}
}For information about how to configure IAM when using Step Functions with other AWS services, see How Step Functions generates IAM policies for integrated services.
IAM Examples
These example AWS Identity and Access Management (IAM) policies generated by the sample project include the least privilege necessary to execute the state machine and related resources. We recommend that you include only those permissions that are necessary in your IAM policies.
{
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-HelloLam-CheckStockPriceLambda-444455556666",
"Effect": "Allow"
}
]
}{
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-Hello-GenerateBuySellRecommend-123456789012",
"Effect": "Allow"
}
]
}{
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-HelloLambda-BuyStockLambda-777788889999",
"Effect": "Allow"
}
]
}{
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-HelloLambda-SellStockLambda-000000000000",
"Effect": "Allow"
}
]
}{
"Statement": [
{
"Action": [
"sqs:SendMessage*"
],
"Resource": "arn:aws:sqs:us-west-1:111122223333:StepFunctionsSample-HelloLambda4444-5555-6666-RequestHumanApprovalSqs-111111111111",
"Effect": "Allow"
}
]
}{
"Statement": [
{
"Action": [
"sns:Publish"
],
"Resource": "arn:aws:sns:us-west-1:111122223333:StepFunctionsSample-HelloLambda1111-2222-3333-ReportResultSnsTopic-222222222222",
"Effect": "Allow"
}
]
}For information about how to configure IAM when using Step Functions with other AWS services, see How Step Functions generates IAM policies for integrated services.
