AWS Step Functions
Developer Guide

Manage a Container Task (ECS, SNS)

This sample project demonstrates how to run a Fargate task, and then send an Amazon SNS notification based on whether that job succeeds or fails. Deploying this sample project will create a Step Functions state machine, a Fargate Cluster, and an Amazon SNS topic. In this project, Step Functions uses a state machine to call the Fargate task synchronously. It then waits for the task to succeed or fail, and it sends an Amazon SNS topic with a message about whether the job succeeded or failed.

To create the Manage a container task state machine and provision all resources:

  1. Log in to the Step Functions console, and choose Create a state machine.

  2. Select Sample Projects and choose Manage a container task.

    The state machine Code and Visual Workflow are displayed.

    Container task notification workflow.
  3. Select Next.

    The Deploy resources page is displayed, listing the resources that will be created. For this sample project the resources include:

    • A Fargate Cluster

    • An Amazon SNS topic

  4. Choose Deploy Resources.

    Note

    It can take up to 10 minutes as these resources and related IAM permissions are created. While the Deploy resources page displays, you can open the Stack ID link to see which resources are being provisioned.

To start a new execution

  1. On the New execution page, enter an execution name (optional) and choose Start Execution.

  2. (Optional) To help identify your execution, you can specify an ID for it in the Enter an execution name box. If you don't enter an ID, Step Functions generates a unique ID automatically.

    Note

    Step Functions allows you to create state machine, execution, and activity names that contain non-ASCII characters. These non-ASCII names don't work with Amazon CloudWatch. To ensure that you can track CloudWatch metrics, choose a name that uses only ASCII characters.

  3. Optionally, you can go to the newly-created state machine on the Step Functions Dashboard, select New execution.

  4. Once an execution is complete, you can select states on the Visual workflow and browse the Input and Output under Step details

Example State machine code

The state machine in this sample project integrates with AWS Batch and Amazon SNS by passing parameters directly to those resources. Browse through this example state machine to see how Step Functions controls AWS Batch; and Amazon SNS by connecting to the ARN in the Resource field, and by passing Parameters to the service API.

For more information on how AWS Step Functions can control other AWS services, see: AWS Service Integrations.

{ "Comment": "An example of the Amazon States Language for notification on an AWS Fargate task completion", "StartAt": "Run Fargate Task", "TimeoutSeconds": 3600, "States": { "Run Fargate Task": { "Type": "Task", "Resource": "arn:aws:states:::ecs:runTask.sync", "Parameters": { "LaunchType": "FARGATE", "Cluster": "arn:aws:ecs:ap-northeast-1:123456789012:cluster/FargateTaskNotification-ECSCluster-VHLR20IF9IMP", "TaskDefinition": "arn:aws:ecs:ap-northeast-1:123456789012:task-definition/FargateTaskNotification-ECSTaskDefinition-13YOJT8Z2LY5Q:1", "NetworkConfiguration": { "AwsvpcConfiguration": { "Subnets": [ "subnet-07e1ad3abcfce6758", "subnet-04782e7f34ae3efdb" ], "AssignPublicIp": "ENABLED" } } }, "Next": "Notify Success", "Catch": [ { "ErrorEquals": [ "States.ALL" ], "Next": "Notify Failure" } ] }, "Notify Success": { "Type": "Task", "Resource": "arn:aws:states:::sns:publish", "Parameters": { "Message": "AWS Fargate Task started by Step Functions succeeded", "TopicArn": "arn:aws:sns:ap-northeast-1:123456789012:FargateTaskNotification-SNSTopic-1XYW5YD5V0M7C" }, "End": true }, "Notify Failure": { "Type": "Task", "Resource": "arn:aws:states:::sns:publish", "Parameters": { "Message": "AWS Fargate Task started by Step Functions failed", "TopicArn": "arn:aws:sns:ap-northeast-1:123456789012:FargateTaskNotification-SNSTopic-1XYW5YD5V0M7C" }, "End": true } } }

IAM Example

This example IAM policy generated by the sample project includes the least privilege necessary to execute the state machine and related resources. It is a best practice to include only those permissions necessary in your IAM policies

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:ap-northeast-1:123456789012:FargateTaskNotification-SNSTopic-1XYW5YD5V0M7C" ], "Effect": "Allow" }, { "Action": [ "ecs:RunTask" ], "Resource": [ "arn:aws:ecs:ap-northeast-1:123456789012:task-definition/FargateTaskNotification-ECSTaskDefinition-13YOJT8Z2LY5Q:1" ], "Effect": "Allow" }, { "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "events:PutTargets", "events:PutRule", "events:DescribeRule" ], "Resource": [ "arn:aws:events:ap-northeast-1:123456789012:rule/StepFunctionsGetEventsForECSTaskRule" ], "Effect": "Allow" } ] }

For information on how to configure IAM when using Step Functions with other AWS services, see IAM Policies for Integrated Services.