Lambda orchestration example
This sample project demonstrates how to integrate AWS Lambda functions in Step Functions state machines. This sample project creates the following resources:
-
Five Lambda functions
-
An Amazon Simple Queue Service queue
-
An Amazon Simple Notification Service topic
-
Related AWS Identity and Access Management (IAM) roles
In this project, Step Functions uses Lambda functions to check a stock price and determine a buy or sell trading recommendation. The user is then provided this recommendation and can choose whether to buy or sell the stock. The result of the trade is returned using an SNS topic.
For more information about Step Functions service integrations, see the following:
-
IAM policies for:
Note
This sample project may incur charges.
For new AWS users, a free usage tier is available. On this tier, services are free below
a certain level of usage. For more information about AWS costs and the free tier, see Pricing
Create the State Machine and Provision Resources
-
Open the Step Functions console
and choose Create state machine. -
On the Define state machine page, choose Run a sample project.
-
Choose Orchestrate Lambda functions.
The state machine Definition and Visual Workflow are displayed.
-
Choose Next.
The Deploy resources page is displayed, listing the resources that will be created. For this sample project, the resources include:
-
A state machine
-
An Amazon SQS queue
-
Five Lambda functions
-
An Amazon SNS topic
-
Related IAM roles
-
-
Choose Deploy Resources.
Note
It can take up to 10 minutes for these resources and related IAM permissions to be created. While the Deploy resources page is displayed, you can open the Stack ID link to see which resources are being provisioned.
Start a New Execution
After all the resources are provisioned and deployed, the Start execution dialog box is displayed.
-
(Optional) To identify your execution, you can specify a name for it in the Name box. By default, Step Functions generates a unique execution name automatically.
Note
Step Functions allows you to create state machine, execution, and activity names that contain non-ASCII characters. These non-ASCII names don't work with Amazon CloudWatch. To ensure that you can track CloudWatch metrics, choose a name that uses only ASCII characters.
-
Choose Start execution.
-
(Optional) After the execution is complete, choose individual states on the Graph inspector, and then choose the Step input and Step output tabs to view each state's input and output respectively.
About the state machine and its execution
The state machine in this sample project integrates with AWS Lambda by passing parameters directly to those resources, uses an Amazon SQS queue to manage the request for human approval, and uses an Amazon SNS topic to return the results of the query.
A Step Functions execution receives a JSON text as input and passes that input to the first state in the workflow. Individual states receive JSON data as input and usually pass JSON data as output to the next state. In this sample project, the output of each step is passed as input to the next step in the workflow. For example, the Generate Buy/Sell recommendation step receives the output of the Check Stock Price step as input. Further, the output of the Generate Buy/Sell recommendation step is passed as input to the next step, Request Human Approval, which mimics a human approval step.
Note
To view the output returned by a step and the input passed on to a step, open the Execution Details page for your workflow execution. In the Step details section, view the input and output for each step you select in the View mode.
To implement a human approval step, you typically pause the workflow execution until a task token is returned. In this sample project, a message is passed to an
Amazon SQS queue, which is used as a trigger to the Lambda function defined to handle callback functionality. The message contains a task token and the output returned by the
preceding step. The Lambda function is invoked with the payload of the message. The workflow execution is paused until it receives the task token back with a
SendTaskSuccess API call. For more information about task tokens, see
Wait for a Callback with the Task Token.
The following code for the StepFunctionsSample-HelloLambda-ApproveSqsLambda function shows how it is defined to automatically approve any tasks submitted
by the Amazon SQS queue through the Step Functions state machine.
exports.lambdaHandler = (event, context, callback) => {
const stepfunctions = new aws.StepFunctions();
// For every record in sqs queue
for (const record of event.Records) {
const messageBody = JSON.parse(record.body);
const taskToken = messageBody.TaskToken;
const params = {
output: "\"approved\"",
taskToken: taskToken
};
console.log(`Calling Step Functions to complete callback task with params ${JSON.stringify(params)}`);
// Approve
stepfunctions.sendTaskSuccess(params, (err, data) => {
if (err) {
console.error(err.message);
callback(err.message);
return;
}
console.log(data);
callback(null);
});
}
};Browse through this example state machine to see how Step Functions controls Lambda and Amazon SQS.
For more information about how AWS Step Functions can control other AWS services, see Using AWS Step Functions with other services.
{
"StartAt": "Check Stock Price",
"States": {
"Check Stock Price": {
"Type": "Task",
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-HelloLam-CheckStockPriceLambda-444455556666",
"Next": "Generate Buy/Sell recommendation"
},
"Generate Buy/Sell recommendation": {
"Type": "Task",
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-Hello-GenerateBuySellRecommend-123456789012",
"ResultPath": "$.recommended_type",
"Next": "Request Human Approval"
},
"Request Human Approval": {
"Type": "Task",
"Resource": "arn:aws:states:::sqs:sendMessage.waitForTaskToken",
"Parameters": {
"QueueUrl": "https://sqs.us-west-1.amazonaws.com/111122223333/StepFunctionsSample-HelloLambda4444-5555-6666-RequestHumanApprovalSqs-777788889999",
"MessageBody": {
"Input.$": "$",
"TaskToken.$": "$$.Task.Token"
}
},
"ResultPath": null,
"Next": "Buy or Sell?"
},
"Buy or Sell?": {
"Type": "Choice",
"Choices": [
{
"Variable": "$.recommended_type",
"StringEquals": "buy",
"Next": "Buy Stock"
},
{
"Variable": "$.recommended_type",
"StringEquals": "sell",
"Next": "Sell Stock"
}
]
},
"Buy Stock": {
"Type": "Task",
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-HelloLambda-BuyStockLambda-000000000000",
"Next": "Report Result"
},
"Sell Stock": {
"Type": "Task",
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-HelloLambda-SellStockLambda-111111111111",
"Next": "Report Result"
},
"Report Result": {
"Type": "Task",
"Resource": "arn:aws:states:::sns:publish",
"Parameters": {
"TopicArn": "arn:aws:sns:us-west-1:111122223333:StepFunctionsSample-HelloLambda1111-2222-3333-ReportResultSnsTopic-222222222222",
"Message": {
"Input.$": "$"
}
},
"End": true
}
}
}For information about how to configure IAM when using Step Functions with other AWS services, see IAM Policies for integrated services.
IAM Examples
These example AWS Identity and Access Management (IAM) policies generated by the sample project include the least privilege necessary to execute the state machine and related resources. We recommend that you include only those permissions that are necessary in your IAM policies.
{
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-HelloLam-CheckStockPriceLambda-444455556666",
"Effect": "Allow"
}
]
}{
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-Hello-GenerateBuySellRecommend-123456789012",
"Effect": "Allow"
}
]
}{
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-HelloLambda-BuyStockLambda-777788889999",
"Effect": "Allow"
}
]
}{
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Resource": "arn:aws:lambda:us-west-1:111122223333:function:StepFunctionsSample-HelloLambda-SellStockLambda-000000000000",
"Effect": "Allow"
}
]
}{
"Statement": [
{
"Action": [
"sqs:SendMessage*"
],
"Resource": "arn:aws:sqs:us-west-1:111122223333:StepFunctionsSample-HelloLambda4444-5555-6666-RequestHumanApprovalSqs-111111111111",
"Effect": "Allow"
}
]
}{
"Statement": [
{
"Action": [
"sns:Publish"
],
"Resource": "arn:aws:sns:us-west-1:111122223333:StepFunctionsSample-HelloLambda1111-2222-3333-ReportResultSnsTopic-222222222222",
"Effect": "Allow"
}
]
}For information about how to configure IAM when using Step Functions with other AWS services, see IAM Policies for integrated services.
