serverless-application-model icon indicating copy to clipboard operation
serverless-application-model copied to clipboard
verified publisher icon aws

feat: add StepFunctionsCallbackPolicy policy template

Open jdg2896 opened this issue 1 year ago • 3 comments

Issue #, if available

#2193

Description of changes

Adds a new policy template StepFunctionsCallbackPolicy with the necessary permissions for implementing callback patterns.

For more context, I've recently implemented callback patterns with my Step Functions workflow. A Lambda function calls back with the task token along with SendTaskSuccess or SendTaskFailure.

I've originally implemented this (Step Functions - Lambda callback pattern) via SAM Connectors (AWS::Lambda::Function to AWS::StepFunctions::StateMachine), but found the connector policy lacking the necessary permissions for the SendTaskSuccess or SendTaskFailure callbacks.

With connector policies not working for callback patterns, I opted for defining my own policy, which worked.

This is a continuation of a previous attempt to provide a policy template for callback patterns (issue and PR). I've also corrected the Resource scope, which was a requested change that was never resolved in the original PR.

Description of how you validated changes

I validated the changes by updating the translator tests and running make test on Python 3.8.16.

Total test coverage is at 95.73%.

Required test coverage of 95% reached. Total coverage: 95.73%

3961 passed in 267.87s (0:04:27)

Checklist

Examples?

Please reach out in the comments if you want to add an example. Examples will be added to sam init through aws/aws-sam-cli-app-templates.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

jdg2896 avatar Feb 17 '24 15:02 jdg2896

Hello @kshyun28 , For new policy template PR, it has to go through security review which will take some time. We won't be able to merge the PR now.

xazhao avatar Mar 01 '24 06:03 xazhao

Hello @xazhao, I understand.

If there's anything else required from me (or if the team thinks this is not a valid use case), please let me know.

Thank you for reviewing!

jdg2896 avatar Mar 01 '24 13:03 jdg2896

Hi there, just an update on this pull request. We've created the security review internally. It's pending a couple of tasks at the moment. Once the tasks are complete, we will bring it up the security engineer for a final round of review.

GavinZZ avatar Mar 26 '24 00:03 GavinZZ

Hi @kshyun28, sorry for the long wait! I've some good news to share with you. We've finally gotten security engineer's sign off and I will be merging this PR soon.

GavinZZ avatar May 30 '24 22:05 GavinZZ

Hello @GavinZZ, I appreciate all the hard work you and the AWS-SAM team did in order to add this feature.

It's my pleasure making a small contribution to a tool I've used for serverless applications.

jdg2896 avatar Jun 03 '24 03:06 jdg2896