Currently, I am having difficulty successfully deploying a CloudFormation Stack that contains 3 lambdas, an API Gateway and a State Machine. I am at my wits end for trying to debug this issue and would love a second set of eyes. The deployment fails when it attempts to construct the AWS::ApiGateway::Method and kicks back with:
apiGatewayRootMethod: entered status CREATE_FAILED, reason: Invalid ARN specified in the request (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: a2ba00f1-179b-400f-a42a-f3a4e90231af; Proxy: null)
Below is a snippet of the template used for the deployment,
apiGatewayRootMethod:
Type: "AWS::ApiGateway::Method"
Properties:
AuthorizationType: "NONE"
HttpMethod: "POST"
Integration:
CacheKeyParameters:
- 'method.request.path.proxy'
Credentials: !Ref 'apiGatewayRole'
IntegrationHttpMethod: "POST"
PassthroughBehavior: "NEVER"
RequestParameters:
integration.request.path.proxy: 'method.request.path.proxy'
RequestTemplates:
application/json: !Sub
- "{\"input\": \"$util.escapeJavaScript($input.json('$'))\",\"stateMachineArn\": \"${SPIStateMachine.Arn}\"}"
- StateMachineArn: !GetAtt [ SPIStateMachine, Arn ]
Type: "AWS"
Uri: !Sub
"arn:aws:apigateway:${AWS::Region}:states:action/StartExecution"
ResourceId: !GetAtt "apiGateway.RootResourceId"
RequestParameters:
method.request.path.proxy: true
RestApiId: !Ref "apiGateway"
SPIStateMachine:
Type: "AWS::StepFunctions::StateMachine"
Properties:
StateMachineName: !Sub ${AWS::StackName}-state-machine
RoleArn: !GetAtt [ StatesExecutionRole, Arn ]
DefinitionString:
Fn::Sub:
|-
{
"Comment": "Calling Step Functions from Lambda SQS",
"StartAt": "APIGatewayLambda",
"States": {
"APIGatewayLambda": {
"Type": "Task",
"Resource": "${SPIApiFunction.Arn}",
"Catch": [
{
"ErrorEquals": ["CustomError"],
"Next": "PythonLambda"
}
],
"End": false
},
"PythonLambda": {
"Type": "Task",
"Comment": "This is the mandatory lambda which will process the information and possible call the PowerShell script",
"Resource": "${SPILambdaFunctionOne.Arn}",
"Next": "Needs Additional Language?"
},
"Needs Additional Language?": {
"Type": "Choice",
"Choices": [
{
"Variable": "$.platform",
"StringEquals": "powerbi",
"Next": "PowerShellLambda"
},
{
"Not": {
"Variable": "$.platform",
"StringEquals": "powerbi"
},
"Next": "PassThrough"
}
]
},
"PowerShellLambda": {
"Type": "Task",
"Comment": "This is the PowerShell Lambda, to be run for PowerBI updates",
"Resource": "${SPILambdaFunctionTwo.Arn}",
"End": true
},
"PassThrough": {
"Type": "Pass",
"End": true
}
}
}
application/json: !Sub
- "{\"input\": \"$util.escapeJavaScript($input.json('$'))\",\"stateMachineArn\": \"${StateMachineArn}\"}"
- StateMachineArn: !Sub arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:SPIStateMachine
This results in the same apiGatewayRootMethod: entered status CREATE_FAILED, reason: Invalid ARN specified in the request (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: 9585e311-69e1-4809-bc3c-f59a67a4546e; Proxy: null)
Seems like this doesnt work
- StateMachineArn: !GetAtt [ SPIStateMachine, Arn ]
quoting from the documentation
Fn::GetAtt Fn::GetAtt returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
Arn Not currently supported by AWS CloudFormation.
You can construct the ARN using Fn::Sub
Fn::Sub: arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:mystatemachine
EDIT
so the uri should be in this form
arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}
which translates in case of step function:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:states:action/StartExecution
and this should be in there in the cloudformation template for the arn
#set($input = $input.json('$'))
{
"input": "$util.escapeJavaScript($input)",
"stateMachineArn": "<STATE_MACHINE_ARN>"
}
This will pass the json payload posted to API Gateway to Step Function.
You can create another URI for describing the execution
Fn::Sub: arn:aws:apigateway:${AWS::Region}:states:action/DescribeExecution
For this the request template would be like below
requestTemplates:
application/json:
Fn::Sub: |-
{
"executionArn": "arn:aws:states:${AWS::Region}:${AWS::AccountId}:execution:${Workflow.Name}:$input.params().path.get('executionId')"
}
As I described same stuff works here you can find the working example.