“ I have checked the documents of AWS to deploy step functions with lambda invoke across accounts using cloudformation and codepipeline with encrypted buckets . Issue in creation of all stacks using cloudformation in terms of access roles and policies. And creating template.yaml file for step function config and json template for lambda invoke arn. Issue is resolved by adding permissions in IAM roles and adding function arn or function name to invoke lambda in json. The Pricing is based on services usage.”
A keyword define "Devtron" play an important role in sorting the complexity of DevOps, AppOps and Kubernetes. Also "GitHub" helps to integrate and automate. Both Devtron and GitHub is an open source one.
In this post, you will experience the deployment step functions across accounts using cloudformation and codepipeline. Here I have created a codepipeline from cloudformation with artifacts to be stored in s3 bucket. And once the pipeline triggers, json content and config of step function will be deployed in a QA account with lambda invoke.
Prerequisites
You’ll need an Amazon SNS for this post. Getting started with amazon SNS provides instructions on how to create a topic and subscription.
You’ll need an AWS Lambda for this post. Getting started with aws Lambda provides instructions on how to create a lambda function. For this blog, I assume that I have an sns topic with confirmed subscription and a lambda function.
Architecture Overview
The architecture diagram shows the overall deployment architecture with data flow, two aws account, code commit, code build, code deploy, code pipeline, s3, sns, cloudformation, lambda, kms, step function.
Solution overview
The blog post consists of the following phases:
- In Tool Account, Create of Cloudformation Stack for Service Configuration as S3, KMS, IAM and CodeCommit Repo
- In QA Account, Create of Cloudformation Stack for Cross Account Access Role with Tool Account Number, KMS ARN and S3 Bucket Name
- In Tool Account, Update of Service Stack for Config and Create of Cloudformation Stack for Pipeline Creation
- Testing of Flow for Step Function Deployment from CICD and Checking of Logs in Cloudwatch
I have a sns topic with confirmed subscription and a lambda function as below →
Phase 1: In Tool Account, Create of Cloudformation Stack for Service Configuration as S3, KMS, IAM and CodeCommit Repo
- Open the cloudformation console and create a stack with a preconfigured yaml template for service configuration. Give details as QA account number.
Phase 2: In QA Account, Create of Cloudformation Stack for Cross Account Access Role with Tool Account Number, KMS ARN and S3 Bucket Name
- Open the cloudformation console and Create a stack for cross account access IAM role.
Phase 3: In Tool Account, Update of Service Stack for Config and Create of Cloudformation Stack for Pipeline Creation
- Open the cloudformation console and update the prerequisite on accounts parameter value to true. Also create a stack for pipeline creation with different stages as source, build, deploy to QA. Also manually adding an approval stage with notification after the build stage.
Phase 4: Testing of Flow for Step Function Deployment from CICD and Checking of Logs in Cloudwatch
Clean-up
Delete CloudFormation Stack in Tool and QA Account, Cloudwatch Log Group, SNS and Lambda.
Pricing
I review the pricing and estimated cost of this example.
Cost of CloudWatch = $0.0
Cost of CodeBuild = $0.0
Cost of CodeCommit = $0.0
Cost of Lambda = $0.0
Cost of Key Management Service = $0.01
Cost of Simple Notification Service = $0.0
Cost of Simple Storage Service = $1.0
Cost of Step Functions = $0 for first 4,000 state transitions = $0.0
Total Cost = $(0.0 + 0.0 + 0.0 + 0.0 + 0.01 + 0.0 + 1.0 + 0.0) = $1.01
Summary
In this post, I showed “how to deploy a cross account step functions with lambda invoke using cloudformation and codepipeline with encrypted bucket”.
For more details on AWS CodePipeline, Checkout Get started AWS CodePipeline, open the AWS CodePipeline console. To learn more, read the AWS CodePipeline documentation.
For more details on AWS CloudFormation, Checkout Get started AWS CloudFormation, open the AWS CloudFormation console. To learn more, read the AWS CloudFormation documentation.
For more details on AWS Step Functions, Checkout Get started AWS Step Functions, open the AWS Step Functions console. To learn more, read the AWS Step Functions documentation.
For more details on Devtron and GitHub, Checkout Links:
Devtron Website
GitHub Repo
Join the Discord Community
Follow on Twitter
Raise feature requests, suggest enhancements, report bugs
Read Devtron Blog
Lets quickly adopt and try it! And post the response using #AdoptK8sWithDevtron #devtron
The above blog is submitted as part of 'Devtron Blogathon 2022' - https://devtron.ai/
Check out Devtron's GitHub repo - https://github.com/devtron-labs/devtron/ and give a ⭐ to show your love & support.
Follow Devtron on LinkedIn - https://www.linkedin.com/company/devtron-labs/ and Twitter - https://twitter.com/DevtronL/, to keep yourself updated on this Open Source project.
Thanks for reading!
Connect with me: Linkedin
Latest comments (0)