Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(stepfunctions-tasks): support newly released cross-account capabilities #22994

Closed
2 tasks
humanzz opened this issue Nov 19, 2022 · 3 comments · Fixed by #23012
Closed
2 tasks

(stepfunctions-tasks): support newly released cross-account capabilities #22994

humanzz opened this issue Nov 19, 2022 · 3 comments · Fixed by #23012
Assignees
@kaizencc
Labels
@aws-cdk/aws-stepfunctions-tasks feature-request A feature should be added or improved. p2

Comments

@humanzz
Copy link
Contributor

humanzz commented Nov 19, 2022
edited

Describe the feature

StepFunctions has recently released new cross-account capabilities as can be seen in

This is a request to update the relevant tasks to provide the props necessary to set the

"Credentials": {
  "RoleArn": "..."
}

which allows the task execution to be done via State Machine role assumption to the role provided above

Use Case

One of the main use cases is the usage of sfntasks.CallAwsService to do cross-account calls to resources that do not support resource policies - i.e. requires the other account to provide a role to be assumed

Proposed Solution

No response

Other Information

I've asked the SFN team about what types of tasks support Credentials as it was not clear from documentation

  1. Their answer: Lambda tasks and all service integrations (both optimized and AWS SDK) support the new Credentials field. Only activity tasks do not
  2. They will work to clarify that over public documentation

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

3.51.0

Environment details (OS name and version, etc.)

macOS
@humanzz humanzz added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Nov 19, 2022
@humanzz humanzz mentioned this issue Nov 21, 2022
Merged
4 tasks
@humanzz
Copy link
Contributor Author

humanzz commented Nov 21, 2022

A first stab at such support at #23012
I'm seeking feedback, and also guidance on how to best integ test this - also where (in this package or in stepfunctions-tasks

@pahud pahud added p2 and removed needs-triage This issue or PR still needs to be triaged. labels Nov 22, 2022
@mergify mergify bot closed this as completed in df163ec Dec 6, 2022
@github-actions
Copy link

github-actions bot commented Dec 6, 2022

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@yashda
Copy link

yashda commented Dec 9, 2022

Will this be released with v1 ?

brennanho pushed a commit to brennanho/aws-cdk that referenced this issue Dec 9, 2022
@humanzz
feat(stepfunctions): support cross-account task invocations (aws#23012)
e668ae1 
support configuring a role to be assumed for task invocations https://docs.aws.amazon.com/step-functions/latest/dg/concepts-access-cross-acct-resources.html

closes aws#22994

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
brennanho pushed a commit to brennanho/aws-cdk that referenced this issue Jan 20, 2023
@humanzz
feat(stepfunctions): support cross-account task invocations (aws#23012)
0791928 
support configuring a role to be assumed for task invocations https://docs.aws.amazon.com/step-functions/latest/dg/concepts-access-cross-acct-resources.html

closes aws#22994

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
brennanho pushed a commit to brennanho/aws-cdk that referenced this issue Feb 22, 2023
@humanzz
feat(stepfunctions): support cross-account task invocations (aws#23012)
5ee93fc 
support configuring a role to be assumed for task invocations https://docs.aws.amazon.com/step-functions/latest/dg/concepts-access-cross-acct-resources.html

closes aws#22994

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kaizencc kaizencc

Labels
@aws-cdk/aws-stepfunctions-tasks feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(stepfunctions): support cross-account task invocations humanzz/aws-cdk
4 participants
@humanzz @pahud @kaizencc @yashda