Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support `DependsOn` #158

Closed
awolden opened this issue Dec 20, 2018 · 6 comments

Comments

Projects
None yet
4 participants
@awolden
Copy link

commented Dec 20, 2018

This is a Feature Proposal

Description

This plugin should support the dependsOn: property when generating the cloudformation for a workflow.

The main use case is for when we depend on an manually defined state machine role in the serverless.yml file. With the new batch functionality in workflows we have to manually create our role, but there is no way to do:

dependsOn: StateMachineRole
role:
  Ref: StateMachineRole

This results in the cloudformation failing because the role isn't created by the time the workflow is created.

Thanks,

-Alex

@horike37

This comment has been minimized.

Copy link
Owner

commented Dec 22, 2018

@awolden
Thank you for your proposal 👍
That sounds good 💯 I just added help wanted tag to this issue so that someone can pick it up.

@ldadams

This comment has been minimized.

Copy link

commented Jan 11, 2019

This is a Feature Proposal

Description

This plugin should support the dependsOn: property when generating the cloudformation for a workflow.

The main use case is for when we depend on an manually defined state machine role in the serverless.yml file. With the new batch functionality in workflows we have to manually create our role, but there is no way to do:

dependsOn: StateMachineRole
role:
  Ref: StateMachineRole

This results in the cloudformation failing because the role isn't created by the time the workflow is created.

Thanks,

-Alex

Hey @awolden - Do you have a work around for this? I am having issues getting step functions deployed with batch integrations. The deploy runs for a very long time with an internal error. My lambdas get deployed but seems to fail creating the state machine. Thanks for any help.

@awolden

This comment has been minimized.

Copy link
Author

commented Jan 11, 2019

I made the role in a separate cloud-formation template and checked it in with the repo. You only really have to deploy/update it once. Ended up looking like this:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Generic State Machine Role",
  "Resources": {
    "StateMachineRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "states.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Path": "/",
        "RoleName": "dpc-generic-stateMachineRole",
        "Policies": [
          {
            "PolicyName": "batchJobManagement",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "batch:SubmitJob",
                    "batch:DescribeJobs",
                    "batch:TerminateJob"
                  ],
                  "Resource": "*"
                }
              ]
            }
          },
          {
            "PolicyName": "allEventsForBatch",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "events:PutTargets",
                    "events:PutRule",
                    "events:DescribeRule"
                  ],
                  "Resource": {
                    "Fn::Sub": "arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForBatchJobsRule"
                  }
                }
              ]
            }
          },
          {
            "PolicyName": "executeLambda",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "lambda:InvokeFunction"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ]
      }
    }
  }
}
@ldadams

This comment has been minimized.

Copy link

commented Jan 15, 2019

Thank you - This was very helpful.

@theburningmonk

This comment has been minimized.

Copy link
Collaborator

commented Jan 30, 2019

@awolden @ldadams if you update to the latest version, the plugin should be generating the permissions for batch already, see #161 for more details

theburningmonk added a commit to theburningmonk/serverless-step-functions that referenced this issue Jan 30, 2019

@horike37

This comment has been minimized.

Copy link
Owner

commented Jan 31, 2019

This has been shipped in v1.11.0 🎉

@horike37 horike37 closed this Jan 31, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.