Serverless workflow design and development using Application Composer and Step Functions
AWS Step Functions has become one of the crucial architectural components for prompting Serverless orchestrations on AWS. Since Step Functions's launch, defining the state machine using JSON has been a pain point.
In this blog, we will look at the importance of IaC and how tools like Application Composer and Workflow Studio enable it with the low-code approach of drag-and-drop of components with the comfort of VS Code.
Infrastructure as Code (IaC)
When building applications on the cloud, irrespective of Serverless, Containers, or Virtual Machines; it is recommended to use the Infrastructure as Code (IaC) approach so that provisioning and deploying resources to the cloud would be automated via workflows or with IaC tools that refers to a single source of truth where all the configurations of all the needed resources are defined.
You can read more about why IaC should be the direction for building applications.
Workflow Studio
AWS Step Functions launched Workflow Studio in 2021, where the new low code tool has been revolutionary for drag and drop for over 1000+ API Actions across multiple AWS Services.
Workflow Studio enables visual building and understanding of the workflow execution with different AWS Services API actions invocation via optimized or SDK integration. As part of the integration, you can define the API parameters and share data across different States.
Workflow Studio generates the Amazon States Language (ASL) in real-time based on the States defined visually with all the parameters. Workflow Studio also facilitates different configurations such as error handling, input, and output for different states and also defines the flow with parallel, map for loops, and choice for branching.
Application Composer
AWS Application Composer is a visual IaC builder for making drag-and-drop designs of different AWS Services on the canvas to generate an equivalent Infrastructure as Code (IaC) template with SAM (Serverless Application Model) Template using YAML. The experience of designing applications with AWS Services that generate SAM templates to synchronize when using the Google Chrome browser locally was the first step to making IaC generation and a real-time sync to the local file system.
Application Composer initially supported a few AWS Serverless services and now it supports over 1000 CloudFormation supported resources. During AWS re:Invent 2023, Application Composer announced the IDE (VS Code) experience of building IaC as part of AWS Toolkit where you can use Application Composer to design your architectures while the SAM template would be generated in your VS Code directory.
Now you are also able to use AWS Step Functions' Workflow Studio in the Application Composer VS Code experience as the integration enables using Workflow Studio that generates Amazon States Language (ASL) in real-time which synchronizes either with SAM template or as a asl.json
or asl.yaml
files in the local project directory.
Application Composer + Workflow Studio on VS Code
Install the latest VS Code extension of AWS Toolkit that includes Application Composer with Workflow Studio.
In an empty project directory, create a template.yaml
file and click on "Application Composer" icon on the top right that launches Application Composer in VS Code.
Creating a State Machine with an external ASL file
When you drag-and-drop StateMachine
resource, it generates the boilerplate State Machine with Lambda task, and the equivalent changes are made to template.yaml
with the State Machine resource. Since the option of an external file for State Machine ASL was selected, statemachine.asl.json
file is generated with the ASL definition of the Lambda task.
Defining State Machine using Workflow Studio
In the Application Composer, the StateMachine
resource which has an option to launch Workflow Studio locally on VS Code.
Bedrock's InvokeModel
task
At AWS re:Invent 2023, Step Functions launched the support for optimized integration for Amazon Bedrock that enables the state machines to invoke Bedrock APIs.
From the list of supported resources on Workflow Studio, choose Bedrock's InvokeModel
API Action that requires you to define the LLM model used on Bedrock along with the input.
Below is the generated ASL from Workflow Studio.
"Bedrock InvokeModel": {
"Type": "Task",
"Resource": "arn:aws:states:::bedrock:invokeModel",
"Parameters": {
"ModelId": "arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-v2:1",
"Body": {
"prompt": "Human:Tell me a fun story about MARVEL characters using Infrastructure as Code to build Serverless Applications\nAssistant:",
"max_tokens_to_sample": 2000
}
},
"ResultPath": "$.response"
}
Adding a DynamoDB PutItem
task
Now that Bedrock would generate a story, it has to be stored on DynamoDB. To do so, on Workflow Studio add PutItem
API action to the state machine definition where the table name is passed with CloudFormation substitution and story from the previous task's response. Also, using STATES.UUID()
intrinsic function to auto-generate UUIDs.
"DynamoDB PutItem": {
"Type": "Task",
"Resource": "arn:aws:states:::aws-sdk:dynamodb:putItem",
"Parameters": {
"TableName": "${MyDynamoDBTable}",
"Item": {
"id": {
"S": "STATES.UUID()"
},
"story": {
"S.$": "$.response.Body.completion"
}
}
}
}
Defining DynamoDB resource
In the Workflow Studio, the DynamoDB's PutItem
action would need the table to be created, and to do so, on Application Composer drag-and-drop DynamoDB and define the table structure.
Once the DynamoDB table is defined, update the CloudFormation references for the State Machine to use the table that is defined in the SAM template.
Application Composer can detect the different resources used in the SAM project and provides all the resource options when using !Ref
.
Updating IAM execution role for State Machine
When StateMachine
is created, Application Composer adds the policies AWSXrayWriteOnlyAccess
and CloudWatch logs permissions by default but even though State Machine is defined; Step Function doesn't auto-generate the needed IAM execution role and we would have to update the IAM policy with access to DynamoDB PutItem
and Bedrock InvokeModel
APIs.
Policies:
- AWSXrayWriteOnlyAccess
- Statement:
- Effect: Allow
Action:
- logs:CreateLogDelivery
- logs:GetLogDelivery
- logs:UpdateLogDelivery
- logs:DeleteLogDelivery
- logs:ListLogDeliveries
- logs:PutResourcePolicy
- logs:DescribeResourcePolicies
- logs:DescribeLogGroups
Resource: '*'
- Statement:
- Effect: Allow
Action:
- dynamodb:PutItem
Resource: !GetAtt Table.Arn
- Statement:
- Effect: Allow
Action:
- bedrock:InvokeModel
Resource: arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-v2:1
Deploy using SAM sync
Now that the SAM template is complete with Application Composer and Workflow Studio, use sam sync --stack-name "<your-stack-name>"
to deploy the resources to your AWS Account.
It's deployed!
Now that the State Machine is deployed, time to start the execution to see what story about "Marvel heroes using IaC for Serverless" is generated.
Check out Arshad Zackeriya and me talking about Application Composer on The Zacs' Show Talking AWS.