diff --git a/aws/step_functions/step_functions/cloudwatch.tf b/aws/step_functions/step_functions/cloudwatch.tf index 43bfa84..c04bd31 100644 --- a/aws/step_functions/step_functions/cloudwatch.tf +++ b/aws/step_functions/step_functions/cloudwatch.tf @@ -1,3 +1,15 @@ resource "aws_cloudwatch_log_group" "sfn_my_state_machine" { name = "sfn-my-state-machine" } + +resource "aws_cloudwatch_event_connection" "zipcloud" { + name = "zipcloud" + authorization_type = "API_KEY" + + auth_parameters { + api_key { + key = "api_key" + value = "value" + } + } +} diff --git a/aws/step_functions/step_functions/iam.tf b/aws/step_functions/step_functions/iam.tf index 199f48a..44a4bb1 100644 --- a/aws/step_functions/step_functions/iam.tf +++ b/aws/step_functions/step_functions/iam.tf @@ -19,6 +19,7 @@ resource "aws_iam_policy" "sfn_my_state_machine" { } data "aws_iam_policy_document" "sfn_my_state_machine_policy" { + # Logging statement { actions = [ "logs:CreateLogDelivery", @@ -34,6 +35,35 @@ data "aws_iam_policy_document" "sfn_my_state_machine_policy" { ] resources = ["*"] } + + # Call third-party API + statement { + actions = ["states:InvokeHTTPEndpoint"] + resources = [aws_sfn_state_machine.my_state_machine.arn] + condition { + test = "StringEquals" + variable = "states:HTTPMethod" + values = ["GET"] + } + condition { + test = "StringLike" + variable = "states:HTTPEndpoint" + values = ["https://zipcloud.ibsnet.co.jp/api/search"] + } + } + + statement { + actions = ["events:RetrieveConnectionCredentials"] + resources = [aws_cloudwatch_event_connection.zipcloud.arn] + } + + statement { + actions = [ + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret", + ] + resources = ["arn:aws:secretsmanager:*:*:secret:events!connection/*"] + } } resource "aws_iam_role_policy_attachment" "sfn_my_state_machine" { diff --git a/aws/step_functions/step_functions/sfn.tf b/aws/step_functions/step_functions/sfn.tf index c166af5..bb6c85a 100644 --- a/aws/step_functions/step_functions/sfn.tf +++ b/aws/step_functions/step_functions/sfn.tf @@ -1,7 +1,9 @@ resource "aws_sfn_state_machine" "my_state_machine" { - name = "my-state-machine" - role_arn = aws_iam_role.sfn_my_state_machine.arn - definition = file("./sfn_state_machine_definition.json") + name = "my-state-machine" + role_arn = aws_iam_role.sfn_my_state_machine.arn + definition = templatefile("./sfn_state_machine_definition.json", { + connection_arn = aws_cloudwatch_event_connection.zipcloud.arn + }) logging_configuration { log_destination = "${aws_cloudwatch_log_group.sfn_my_state_machine.arn}:*" diff --git a/aws/step_functions/step_functions/sfn_state_machine_definition.json b/aws/step_functions/step_functions/sfn_state_machine_definition.json index d498239..e7252e2 100644 --- a/aws/step_functions/step_functions/sfn_state_machine_definition.json +++ b/aws/step_functions/step_functions/sfn_state_machine_definition.json @@ -1,72 +1,98 @@ { - "Comment": "A Hello World example demonstrating various state types of the Amazon States Language. It is composed of flow control states only, so it does not need resources to run.", - "StartAt": "Pass", + "StartAt": "Start", "States": { - "Pass": { - "Comment": "A Pass state passes its input to its output, without performing work. They can also generate static JSON output, or transform JSON input using filters and pass the transformed data to the next state. Pass states are useful when constructing and debugging state machines.", + "Start": { "Type": "Pass", - "Result": { - "IsHelloWorldExample": true - }, - "Next": "Hello World example?" + "Next": "Parallel" }, - "Hello World example?": { - "Comment": "A Choice state adds branching logic to a state machine. Choice rules can implement many different comparison operators, and rules can be combined using And, Or, and Not", - "Type": "Choice", - "Choices": [ - { - "Variable": "$.IsHelloWorldExample", - "BooleanEquals": true, - "Next": "Yes" - }, - { - "Variable": "$.IsHelloWorldExample", - "BooleanEquals": false, - "Next": "No" - } - ], - "Default": "Yes" - }, - "Yes": { - "Type": "Pass", - "Next": "Wait 3 sec" - }, - "No": { - "Type": "Fail", - "Cause": "Not Hello World" - }, - "Wait 3 sec": { - "Comment": "A Wait state delays the state machine from continuing for a specified time.", - "Type": "Wait", - "Seconds": 3, - "Next": "Parallel State" - }, - "Parallel State": { - "Comment": "A Parallel state can be used to create parallel branches of execution in your state machine.", + "Parallel": { "Type": "Parallel", - "Next": "Hello World", "Branches": [ { - "StartAt": "Hello", + "StartAt": "HTTPInvoke", "States": { - "Hello": { - "Type": "Pass", + "HTTPInvoke": { + "Type": "Task", + "Resource": "arn:aws:states:::http:invoke", + "Parameters": { + "ApiEndpoint": "https://zipcloud.ibsnet.co.jp/api/search", + "Method": "GET", + "Authentication": { + "ConnectionArn": "${connection_arn}" + }, + "QueryParameters": { + "zipcode": "1050003" + } + }, "End": true } } }, { - "StartAt": "World", + "StartAt": "Choice", "States": { - "World": { + "Choice": { + "Type": "Choice", + "Choices": [ + { + "And": [ + { + "Variable": "$.Comment", + "IsPresent": true + }, + { + "Variable": "$.Comment", + "StringEquals": "Insert your JSON here" + } + ], + "Next": "Yes" + }, + { + "And": [ + { + "Variable": "$.Comment", + "IsPresent": true + }, + { + "Not": { + "Variable": "$.Comment", + "StringEquals": "Insert your JSON here" + } + } + ], + "Next": "No" + }, + { + "Variable": "$.Comment", + "IsPresent": false, + "Next": "No" + } + ] + }, + "Yes": { + "Type": "Pass", + "End": true + }, + "No": { "Type": "Pass", "End": true } } + }, + { + "StartAt": "Wait", + "States": { + "Wait": { + "Type": "Wait", + "Seconds": 3, + "End": true + } + } } - ] + ], + "Next": "End" }, - "Hello World": { + "End": { "Type": "Pass", "End": true }