search

pulumi / pulumi-aws-apigateway

Apache License 2.0
11 stars 5 forks source link

Cannot start Step Functions execution from API Gateway using AWS integration #27

Open laneschmidt opened 3 years ago

laneschmidt commented 3 years ago

I want to trigger a Step Functions State Machine execution using API Gateway. I know I can make it happen using the AWS Console but can't seem to figure out why I can't with Pulumi, probably doing something wrong but unsure as to what.

Initially, I attached a Lambda to the desired API Gateway route, and after removing it and adding the AWS service integration piece, it is still integrated to the Lambda.

No errors happen after running pulumi up -y and I cannot see any errors in CloudWatch so from what I can tell, everything should be OK.

Steps to reproduce

  1. Define State Machine: 
    
const stateMachineRole = new aws.iam.Role('StateMachine1Role', {
assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal(
{ Service: `states.${region}.amazonaws.com` },
),
})

export const stateMachineRolePolicy = new aws.iam.RolePolicy('StateMachine1RolePolicy', { role: stateMachineRole.id, policy: { Version: '2012-10-17', Statement: [ { Action: [ 'lambda:InvokeFunction', ], Resource: '*', Effect: 'Allow', }, ], }, });

export const stateMachine = new aws.sfn.StateMachine('StateMachine1', { roleArn: stateMachineRole.arn, definition: pulumi .all([lambda.arn]) .apply(([lambdaArn]: string[]): string => { return JSON.stringify({ StartAt: 'InitiationState', States: { InitiationState: { Type: 'Task', Resource: lambdaArn, End: true, }, }, }); }), })


2. Define API Gateway, Role & Policy, as well as resource URI string for State Machine as described [here](https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/#uri):
```typescript
const apiGwRole = new aws.iam.Role('apiGatewayStepFunctionsRole', {
  assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal(
    { Service: 'apigateway.amazonaws.com' },
  ),
  tags: baseTags,
});

const apiGwPolicy = new aws.iam.Policy('apiGatewayStepFunctionsPolicy', {
  description: 'Policy for API Gateway to access Step Functions.',
  policy: {
    Version: '2012-10-17',
    Statement: [
      {
        Action: [
          'states:StartExecution',
          'states:DescribeExecution',
        ],
        Resource: '*',
        Effect: 'Allow',
      },
    ],
  },
  tags: baseTags,
});

export const policyAttachment = new aws.iam.PolicyAttachment('apiGatewayStepFunctionsRolePolicyAttachment', {
  policyArn: apiGwPolicy.arn,
  roles: [apiGwRole],
});

const executionName: string = 'FromApiGateway1';
const stateMachineUri: pulumi.Output<string> = stateMachine.arn.apply((arn: string) => 
  `arn:aws:apigateway:${region}:states:action/StartExecution&stateMachineArn=${arn}&name=${executionName}`
);

export const endpoint = new apigateway.API(Project, {
  routes: [
    {
      path: 'health',
      method: 'GET',
      eventHandler: healthCheckHandler,
    },
    // triggers state machine 
    {
      path: 'kickoff',
      method: 'POST',
      target: {
        type: 'aws',
        uri: stateMachineUri,
      },
      // eventHandler: lambda,
    },
  ],
})

Expected: View the AWS API Gateway console showing an integration to Step Functions, with an integration type of AWS (representing an AWS Service) Actual: API Gateway console shows a LAMBDA_PROXY integration type and is still linked to the previous Lambda function, though the change is verified in the output of pulumi up -y.

Thank you and happy friday 😎

leezen commented 3 years ago

Based on your usage of routes above, I assume this is actually an issue with awsx so moving this issue there