How to Invoke AWS step function using API gateway?

This is not the "official" AWS way -- see Erndob's answer for that.

The problem with the AWS way (sign each request with AWS credentials) is that most enterprises already have mature methods in place to manage authentication and authorization via their API gateways and (speaking as an enterpise architect) do not want to deal with the headache of duplicating this at the AWS-credential-level.

I'm sure that AWS will eventually integrate Step Functions with API Gateway but as of this writing (1/17) this is probably the simplest way to get the job done. Below is a trivial Lambda proxy function I wrote to leverage the SDK's ability to sign the requests:

'use strict';

const AWS = require('aws-sdk');
const stepfunctions = new AWS.StepFunctions();

exports.handler = (event, context, callback) => {
    if(!event && event.action)
        callback("Error: 'action' is required.");
    if(!event && event.params)
        callback("Error: 'params' is required.");
    
    stepfunctions[event.action](event.params, function (err, data) {
        if (err) 
            console.log(err, err.stack);
        callback(err, data);
    });
};

You will need to grant your Lambda privs to interact with your Step Functions. To give it full access to all operations create a new role and attach the following policies:

  • AWSLambdaBasicExecutionRole
  • AWSStepFunctionsFullAccess

Now configure the Lambda to be invoked via API gateway as normal, passing in an event with two properties:

  • action (the Step Functions method name, like "startExecution")
  • params (the params needed for that method. Ref here: http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/StepFunctions.html)

And be sure to lock your API down! :-)


If you need to call StepFunction from API Gateway, it's now possible and described well in docs: https://docs.aws.amazon.com/step-functions/latest/dg/tutorial-api-gateway.html

  • For Integration Type, choose AWS Service
  • For AWS Service, choose Step Functions from the list
  • For HTTP Method, choose POST from the list
  • For Action Type, choose Use action name
  • For Action, type StartExecution
  • For Execution Role, type ARN of role with API Gateway trusted identity provider and attached policy AWSStepFunctionsFullAccess

It's using HTTP API, not API Gateway.

Step function endpoints follow this format:

https://states.${region}.amazonaws.com

for example:

https://states.us-east-1.amazonaws.com

And you use HTTP API (again, not API gateway) to make actions on your states.

More about HTTP API here:

http://docs.aws.amazon.com/step-functions/latest/apireference/Welcome.html

Technically you could use API gateway, to redirect to step functions API but there's not much point in that.

Tags:

Amazon Web Services

Aws Lambda

Aws Api Gateway

Aws Step Functions

Recent Posts