diff --git a/README.md b/README.md
index 5c30729..eb62eb2 100644
--- a/README.md
+++ b/README.md
@@ -75,7 +75,7 @@ the module itself, and the [examples](#examples) section which has examples of h
|------|-------------|------|---------|:--------:|
| [application\_name](#input\_application\_name) | Name of the application utilising resource. | `string` | n/a | yes |
| [environment](#input\_environment) | Which environment this is being instantiated in. | `string` | n/a | yes |
-| [raw\_state\_machines](#input\_raw\_state\_machines) | Data structure
---------------
A list of dictionaries, where each dictionary has the following attributes:
REQUIRED
---------
- template\_file : Which file under application/state\_machine\_definition this machine corresponds to
- template\_input : A dictionary of key/value pairs, outlining in detail the inputs needed for a template to be instantiated
- suffix : Friendly name for the state function
- iam\_policy\_statements : A list of dictionaries where each dictionary is an IAM statement defining glue job permissions
-- Each dictionary in this list must define the following attributes:
--- sid: Friendly name for the policy, no spaces or special characters allowed
--- actions: A list of IAM actions the state machine is allowed to perform
--- resources: Which resource(s) the state machine may perform the above actions against
--- conditions : An OPTIONAL list of dictionaries, which each defines:
---- test : Test condition for limiting the action
---- variable : Value to test
---- values : A list of strings, denoting what to test for
OPTIONAL
---------
- cloudwatch\_retention : How many days logs should be retained for in Cloudwatch, defaults to 90 | list(
object({
template_file = string,
template_input = map(string),
suffix = string,
iam_policy_statements = list(
object({
sid = string,
actions = list(string),
resources = list(string),
conditions = optional(list(
object({
test : string,
variable : string,
values = list(string)
})
), [])
})
),
cloudwatch_retention = optional(number, 90)
})
)
| n/a | yes |
+| [raw\_state\_machines](#input\_raw\_state\_machines) | Data structure
---------------
A list of dictionaries, where each dictionary has the following attributes:
REQUIRED
---------
- template\_file : File path which this machine corresponds to
- template\_input : A dictionary of key/value pairs, outlining in detail the inputs needed for a template to be instantiated
- suffix : Friendly name for the state function
- iam\_policy\_statements : A list of dictionaries where each dictionary is an IAM statement defining glue job permissions
-- Each dictionary in this list must define the following attributes:
--- sid: Friendly name for the policy, no spaces or special characters allowed
--- actions: A list of IAM actions the state machine is allowed to perform
--- resources: Which resource(s) the state machine may perform the above actions against
--- conditions : An OPTIONAL list of dictionaries, which each defines:
---- test : Test condition for limiting the action
---- variable : Value to test
---- values : A list of strings, denoting what to test for
OPTIONAL
---------
- cloudwatch\_retention : How many days logs should be retained for in Cloudwatch, defaults to 90 | list(
object({
template_file = string,
template_input = map(string),
suffix = string,
iam_policy_statements = list(
object({
sid = string,
actions = list(string),
resources = list(string),
conditions = optional(list(
object({
test : string,
variable : string,
values = list(string)
})
), [])
})
),
cloudwatch_retention = optional(number, 90)
})
)
| n/a | yes |
| [vpc\_config](#input\_vpc\_config) | AWS VPC ID | `string` | n/a | yes |
## Outputs
@@ -91,7 +91,7 @@ A list of dictionaries, where each dictionary has the following attributes:
REQUIRED
---------
-- template_file : Which file under application/state_machine_definition this machine corresponds to
+- template_file : File path which this machine corresponds to
- template_input : A dictionary of key/value pairs, outlining in detail the inputs needed for a template to be instantiated
- suffix : Friendly name for the state function
- iam_policy_statements : A list of dictionaries where each dictionary is an IAM statement defining glue job permissions
diff --git a/aws_iam_policy_document.tf b/aws_iam_policy_document.tf
index 4186c0e..e0d1e45 100644
--- a/aws_iam_policy_document.tf
+++ b/aws_iam_policy_document.tf
@@ -31,6 +31,7 @@ locals {
"arn:aws:logs:${data.aws_region.current_region.name}:${data.aws_caller_identity.current_account.account_id}:log-group:/aws/stepfunction/${format("%s-%s-%s-stepfunction", var.environment, var.application_name, state_machine.suffix)}",
"arn:aws:logs:${data.aws_region.current_region.name}:${data.aws_caller_identity.current_account.account_id}:log-group:/aws/stepfunction/${format("%s-%s-%s-stepfunction", var.environment, var.application_name, state_machine.suffix)}:*"
]
+ conditions = []
},
{
sid = "AllowCloudwatchLogDelivery",
@@ -44,7 +45,8 @@ locals {
"logs:ListLogDeliveries",
"logs:DescribeLogGroups"
],
- resources = ["*"]
+ resources = ["*"]
+ conditions = []
}
]
)
diff --git a/examples/step-function/.terraform-version b/examples/step-function/.terraform-version
new file mode 100644
index 0000000..8e03717
--- /dev/null
+++ b/examples/step-function/.terraform-version
@@ -0,0 +1 @@
+1.5.1
\ No newline at end of file
diff --git a/examples/step-function/data.tf b/examples/step-function/data.tf
new file mode 100644
index 0000000..d352dcc
--- /dev/null
+++ b/examples/step-function/data.tf
@@ -0,0 +1,8 @@
+# Get current region
+data "aws_region" "current_region" {}
+
+# Retrieve the current AWS Account info
+data "aws_caller_identity" "current_account" {}
+
+# Retrieve the default VPC
+data "aws_vpc" "current" {}
\ No newline at end of file
diff --git a/examples/step-function/files/step-function.json b/examples/step-function/files/step-function.json
new file mode 100644
index 0000000..852cd87
--- /dev/null
+++ b/examples/step-function/files/step-function.json
@@ -0,0 +1,11 @@
+{
+ "Comment": "A Hello World example of the Amazon States Language using an AWS Lambda Function",
+ "StartAt": "HelloWorld",
+ "States": {
+ "HelloWorld": {
+ "Type": "Task",
+ "Resource": "${lambda-arn}",
+ "End": true
+ }
+ }
+}
\ No newline at end of file
diff --git a/examples/step-function/locals.tf b/examples/step-function/locals.tf
new file mode 100644
index 0000000..94f45ba
--- /dev/null
+++ b/examples/step-function/locals.tf
@@ -0,0 +1,23 @@
+locals {
+ raw_state_machines = [
+ {
+ suffix : "hello-world",
+ template_file : "${path.module}/files/step-function.json",
+ template_input : {
+ "lambda-arn" : "arn:aws:lambda:${data.aws_region.current_region.name}:${data.aws_caller_identity.current_account.account_id}:function:hello-world-function"
+ },
+ iam_policy_statements : [
+ {
+ sid : "AllowLambdaExecution",
+ actions : [
+ "lambda:InvokeFunction",
+ "lambda:InvokeAsync",
+ ],
+ resources : [
+ "arn:aws:lambda:${data.aws_region.current_region.name}:${data.aws_caller_identity.current_account.account_id}:function:hello-world-function"
+ ]
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/examples/step-function/main.tf b/examples/step-function/main.tf
new file mode 100644
index 0000000..ab6dc0d
--- /dev/null
+++ b/examples/step-function/main.tf
@@ -0,0 +1,23 @@
+terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 5.61.0"
+ }
+ }
+ required_version = "~> 1.5.0"
+}
+
+provider "aws" {
+ region = "eu-west-2"
+}
+
+module "step_function" {
+ source = "github.com/sudoblark/sudoblark.terraform.module.aws.state_machine?ref=1.0.0"
+
+ application_name = var.application_name
+ environment = var.environment
+ raw_state_machines = local.raw_state_machines
+ vpc_config = data.aws_vpc.current.id
+
+}
\ No newline at end of file
diff --git a/examples/step-function/variables.tf b/examples/step-function/variables.tf
new file mode 100644
index 0000000..9ccf4b8
--- /dev/null
+++ b/examples/step-function/variables.tf
@@ -0,0 +1,15 @@
+variable "environment" {
+ description = "Which environment this is being instantiated in."
+ type = string
+ validation {
+ condition = contains(["dev", "test", "prod"], var.environment)
+ error_message = "Must be either dev, test or prod"
+ }
+ default = "prod"
+}
+
+variable "application_name" {
+ description = "Name of the application utilising the resource resource."
+ type = string
+ default = "demo-app"
+}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index bd3f204..02761f9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -27,7 +27,7 @@ A list of dictionaries, where each dictionary has the following attributes:
REQUIRED
---------
-- template_file : Which file under application/state_machine_definition this machine corresponds to
+- template_file : File path which this machine corresponds to
- template_input : A dictionary of key/value pairs, outlining in detail the inputs needed for a template to be instantiated
- suffix : Friendly name for the state function
- iam_policy_statements : A list of dictionaries where each dictionary is an IAM statement defining glue job permissions