Call a microservice running on Fargate using API Gateway integration - Amazon Step Functions
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Call a microservice running on Fargate using API Gateway integration

This sample project demonstrates how to use Step Functions to make a call to API Gateway in order to interact with a service on Amazon Fargate, and also to check whether the call succeeded. This sample project creates the following:

  • An Amazon API Gateway HTTP API that is called by the state machine.

  • An Amazon API Gateway Amazon VPC Link.

  • An Amazon Virtual Private Cloud.

  • An Application Load Balancer.

  • A Fargate cluster.

  • An Amazon SNS topic

  • Related Amazon Identity and Access Management (IAM) roles

  • Several additional services that are required to enable these resources to work together.

For more information about API Gateway and Step Functions service integrations, see the following:

Note

This sample project may incur charges.

For new Amazon users, a free usage tier is available. On this tier, services are free below a certain level of usage. For more information about Amazon costs and the Free Tier, see Pricing.

Create the State Machine and Provision Resources

  1. Open the Step Functions console and choose Create a state machine.

  2. Choose Sample Projects, and then choose Call a microservice with API Gateway.

    The state machine Code and Visual Workflow are displayed.

    
            Training model workflow.
  3. Choose Next.

    The Deploy resources page is displayed, listing the resources that will be created. For this sample project, the resources include:

    • An API Gateway HTTP API

    • An API Gateway VpcLink

    • An Application Load Balancer

    • A Fargate cluster

    • A state machine

    • An Amazon SNS topic

    • Related IAM roles

    • Several additional services that are required to enable these resources to work together.

  4. Choose Deploy Resources.

    Note

    It can take up to 10 minutes for these resources and related IAM permissions to be created. While the Deploy resources page is displayed, you can open the Stack ID link to see which resources are being provisioned.

Start a New Execution

  1. Open the Step Functions console.

  2. On the State machines page, choose the ApiGatewayECSStateMachine state machine that was created by the sample project, and then choose Start execution.

  3. On the New execution page, enter an execution name (optional), and then choose Start Execution.

  4. (Optional) To identify your execution, you can specify a name for it in the Name box. By default, Step Functions generates a unique execution name automatically.

    Note

    Step Functions allows you to create state machine, execution, and activity names that contain non-ASCII characters. These non-ASCII names don't work with Amazon CloudWatch. To ensure that you can track CloudWatch metrics, choose a name that uses only ASCII characters.

  5. (Optional) Go to the newly created state machine on the Step Functions Dashboard, and then choose New execution.

  6. When an execution is complete, you can select states on the Visual workflow and browse the Input and Output under Step details.

Example State Machine Code

The state machine in this sample project integrates with API Gateway by calling an API Gateway HTTP API that is connected to a service on Fargate. This is hosted on a private subnet, and accessed through a private application load balancer.

Browse through this example state machine to see how Step Functions interacts with API Gateway and returns results.

For more information about how Amazon Step Functions can control other Amazon services, see Using Amazon Step Functions with other services.

{ "Comment": "Calling APIGW HTTP Endpoint", "StartAt": "Call API", "States": { "Call API": { "Type": "Task", "Resource": "arn:<PARTITION>:states:::apigateway:invoke", "Parameters": { "ApiEndpoint": "<API_ENDPOINT>", "Method": "GET", "AuthType": "IAM_ROLE" }, "Next": "Call Successful?" }, "Call Successful?": { "Type": "Choice", "Choices": [ { "Variable": "$.StatusCode", "NumericEquals": 200, "Next": "Notify Success" } ], "Default": "Notify Failure" }, "Notify Success": { "Type": "Task", "Resource": "arn:<PARTITION>:states:::sns:publish", "Parameters": { "Message": "Call was successful", "TopicArn": "<SNS_TOPIC_ARN>" }, "End": true }, "Notify Failure": { "Type": "Task", "Resource": "arn:<PARTITION>:states:::sns:publish", "Parameters": { "Message": "Call was not successful", "TopicArn": "<SNS_TOPIC_ARN>" }, "End": true } } }

For information about how to configure IAM when using Step Functions with other Amazon services, see IAM Policies for integrated services.

IAM Example

These example Amazon Identity and Access Management (IAM) policies generated by the sample project include the least privilege necessary to execute the state machine and related resources. We recommend that you include only those permissions that are necessary in your IAM policies.

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:us-east-1:111122223333:apigw-ecs-sample-2000-SNSTopic-444455556666" ], "Effect": "Allow" }, { "Action": [ "execute-api:Invoke" ], "Resource": [ "arn:aws:execute-api:us-east-1:111122223333:444444444444/*/GET/*" ], "Effect": "Allow" } ] }
{ "Statement": [ { "Action": [ "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:Describe*", "ec2:DetachNetworkInterface", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:Describe*", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets" ], "Resource": "*", "Effect": "Allow" } ] }
{ "Statement": [ { "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*", "Effect": "Allow" } ] }

For information about how to configure IAM when using Step Functions with other Amazon services, see IAM Policies for integrated services.