AWS Step Functions
Developer Guide

Manage a Container Task (Amazon ECS, Amazon SNS)

This sample project demonstrates how to run an AWS Fargate task, and then send an Amazon SNS notification based on whether that job succeeds or fails. Deploying this sample project will create a Step Functions state machine, a Fargate cluster, and an Amazon SNS topic.

In this project, Step Functions uses a state machine to call the Fargate task synchronously. It then waits for the task to succeed or fail, and it sends an Amazon SNS topic with a message about whether the job succeeded or failed.

To create the Manage a container task state machine and provision all resources

  1. Open the Step Functions console and choose Create a state machine.

  2. Choose Sample Projects, and then choose Manage a container task.

    The state machine Code and Visual Workflow are displayed.

    
          Container task notification workflow.
  3. Choose Next.

    The Deploy resources page is displayed, listing the resources that will be created. For this sample project the resources include:

    • A Fargate cluster

    • An Amazon SNS topic

  4. Choose Deploy Resources.

    Note

    It can take up to 10 minutes for these resources and related IAM permissions to be created. While the Deploy resources page is displayed, you can open the Stack ID link to see which resources are being provisioned.

To start a new execution

  1. On the New execution page, enter an execution name (optional), and then choose Start Execution.

  2. (Optional) To help identify your execution, you can specify an ID for it in the Enter an execution name box. If you don't enter an ID, Step Functions generates a unique ID automatically.

    Note

    Step Functions allows you to create state machine, execution, and activity names that contain non-ASCII characters. These non-ASCII names don't work with Amazon CloudWatch. To ensure that you can track CloudWatch metrics, choose a name that uses only ASCII characters.

  3. Optionally, you can go to the newly created state machine on the Step Functions Dashboard, and then choose New execution.

  4. When an execution is complete, you can select states on the Visual workflow and browse the Input and Output under Step details.

Example State Machine Code

The state machine in this sample project integrates with AWS Fargate and Amazon SNS by passing parameters directly to those resources. Browse through this example state machine to see how Step Functions uses a state machine to call the Fargate task synchronously, waits for the task to succeed or fail, and sends an Amazon SNS topic with a message about whether the job succeeded or failed.

For more information about how AWS Step Functions can control other AWS services, see AWS Service Integrations.

{ "Comment": "An example of the Amazon States Language for notification on an AWS Fargate task completion", "StartAt": "Run Fargate Task", "TimeoutSeconds": 3600, "States": { "Run Fargate Task": { "Type": "Task", "Resource": "arn:aws:states:::ecs:runTask.sync", "Parameters": { "LaunchType": "FARGATE", "Cluster": "arn:aws:ecs:ap-northeast-1:123456789012:cluster/FargateTaskNotification-ECSCluster-VHLR20IF9IMP", "TaskDefinition": "arn:aws:ecs:ap-northeast-1:123456789012:task-definition/FargateTaskNotification-ECSTaskDefinition-13YOJT8Z2LY5Q:1", "NetworkConfiguration": { "AwsvpcConfiguration": { "Subnets": [ "subnet-07e1ad3abcfce6758", "subnet-04782e7f34ae3efdb" ], "AssignPublicIp": "ENABLED" } } }, "Next": "Notify Success", "Catch": [ { "ErrorEquals": [ "States.ALL" ], "Next": "Notify Failure" } ] }, "Notify Success": { "Type": "Task", "Resource": "arn:aws:states:::sns:publish", "Parameters": { "Message": "AWS Fargate Task started by Step Functions succeeded", "TopicArn": "arn:aws:sns:ap-northeast-1:123456789012:FargateTaskNotification-SNSTopic-1XYW5YD5V0M7C" }, "End": true }, "Notify Failure": { "Type": "Task", "Resource": "arn:aws:states:::sns:publish", "Parameters": { "Message": "AWS Fargate Task started by Step Functions failed", "TopicArn": "arn:aws:sns:ap-northeast-1:123456789012:FargateTaskNotification-SNSTopic-1XYW5YD5V0M7C" }, "End": true } } }

IAM Example

This example AWS Identity and Access Management (IAM) policy generated by the sample project includes the least privilege necessary to execute the state machine and related resources. It's a best practice to include only those permissions that are necessary in your IAM policies.

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:ap-northeast-1:123456789012:FargateTaskNotification-SNSTopic-1XYW5YD5V0M7C" ], "Effect": "Allow" }, { "Action": [ "ecs:RunTask" ], "Resource": [ "arn:aws:ecs:ap-northeast-1:123456789012:task-definition/FargateTaskNotification-ECSTaskDefinition-13YOJT8Z2LY5Q:1" ], "Effect": "Allow" }, { "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "events:PutTargets", "events:PutRule", "events:DescribeRule" ], "Resource": [ "arn:aws:events:ap-northeast-1:123456789012:rule/StepFunctionsGetEventsForECSTaskRule" ], "Effect": "Allow" } ] }

For information about how to configure IAM when using Step Functions with other AWS services, see IAM Policies for Integrated Services.