运行 Step Functions 中的 SSM

huangapple go评论65阅读模式
英文:

run SSM from step functions

问题

我正在尝试从步骤函数中运行SSM命令,并且能够运行这些命令。但是无法正确捕获响应。即使命令失败并显示错误,步骤函数也会成功。我正在使用以下定义。

{
  "Comment": "Copy File to S3 State Machine",
  "StartAt": "SendCommand",
  "States": {
    "SendCommand": {
      "Type": "Task",
      "Resource": "arn:aws:states:::aws-sdk:ssm:sendCommand",
      "Parameters": {
        "DocumentName": "AWS-RunShellScript",
        "Parameters": {
          "commands": [
            "sudo -u muser aws s3 mv s3://dev-etl/shared-data/temp1/ s3://dev-etl/temp/ --recursive --exclude '*' --include 'abc.sql' "
          ]
        },
        "Targets": [
          {
            "Key": "InstanceIds",
            "Values": [
              "i-sampleinstanceid"
            ]
          }
        ]
      },
      "End": true
    }
  }
}

我正在尝试等待事件,但无法正确创建定义以捕获事件响应并使步骤函数成功或失败。任何解决方案将不胜感激。

英文:

I am trying to run SSM commands from step functions and am able to run the commands. But it is not able to capture the response correctly. Even though the command fails with some error, the step succeeds in step function. I am using the following definition.

{
  "Comment": "Copy File to S3 State Machine",
  "StartAt": "SendCommand",
  "States": {
    "SendCommand": {
      "Type": "Task",
      "Resource": "arn:aws:states:::aws-sdk:ssm:sendCommand",
      "Parameters": {
        "DocumentName": "AWS-RunShellScript",
        "Parameters": {
          "commands": [
            "sudo -u muser aws s3 mv s3://dev-etl/shared-data/temp1/ s3://dev-etl/temp/ --recursive --exclude '*' --include 'abc.sql' "
          ]
        },
        "Targets": [
          {
            "Key": "InstanceIds",
            "Values": [
              "i-sampleinstanceid"
            ]
          }
        ]
      },
      "End": true
    }
  }
}

I am trying to wait for the event but am not able to correctly create the definition to capture the event response and make the step function succeed or fail properly. Any solutions would be appreciated.

答案1

得分: 1

SendCommand API 操作启动一个与 SSM 的命令调用,然后以异步方式完成。当您在 Step Functions 工作流 中使用默认的 Request Response 服务集成模式 调用此操作时,工作流将代表您进行调用并接收 API 响应,然后继续执行。

如果您希望工作流等待完成,捕获结果,然后根据结果继续进行,您需要增强工作流。有几种方法可以做到这一点。

首先,可以使用 Callback (.waitForTaskToken) 服务集成模式。使用此模式,Step Functions 将在调用目标 API 操作后暂停,并等待处理任务的代理回调给 Step Functions 以继续执行。您可以在 这里看到如何在 SSM 中完成此操作的完整示例。这种方法的优势在于工作流中的步骤较少,但会与您执行的任务产生耦合(这可能是您想要的,也可能不是)。

其次,可以使用作业轮询模式。使用此模式,您在工作流中添加步骤以获取第一个调用返回的标识符,然后定期调用另一个 API 操作以监视将用于此目的的任务。Workflow Studio 可以在工作流的“模式”选项卡中帮助您完成此操作(请参阅下面的图像)。如果您预计会经常执行此操作,将其包装成一个单独的状态机可能会很方便,然后可以使用 Step Functions 的优化服务集成 从其他工作流中调用它,它支持 Run a Job (.sync) 服务集成模式(其中异步到同步的映射由 Step Functions 管理)。您可以在此处看到用于 Glue Crawlers 的此类实用状态机示例,但此模式广泛适用。作业轮询方法的优势在于您不需要将实现与 SSM 方面耦合,我认为这对您的情况最好。

运行 Step Functions 中的 SSM

英文:

The SendCommand API Action starts a command invocation with SSM which it then completes asynchronously. When you call this from a Step Functions workflow using the default Request Response Service Integration Pattern, the workflow will make that call on your behalf and receive the API response, then continue.

If you want to have the workflow wait for completion, capture the result, then proceed based on the result, you will need to enhance the workflow. There are a couple ways you can do this.

First, would be to use the Callback (.waitForTaskToken) Service Integration Pattern. With this pattern, Step Functions will pause after making the call to your target API Action and wait until the agent processing the task makes a call back to Step Functions to continue. You can see a complete example of doing this with SSM here. This approach has the advantage of fewer steps in your workflow, but creates coupling with the task you are executing (which may or may not be what you want).

Second, would be to use the Job Poller pattern. With this pattern, you add steps in your workflow to take the identifiers returned from your first call and then make periodic calls to another API Action to monitor would use for this purpose. Workflow Studio can help you here, as you can drag and drop that pattern into your workflow from the Patterns tab (see image below). And if this is something you expect to do often, it can be handy to wrap this into a separate state machine that you can then call from other workflows using the Optimized Service Integration for Step Functions itself, which supports the Run a Job (.sync) Service Integration Pattern (where the asynchronous to synchronous mapping is managed by Step Functions). You can see an example of such a utility state machine here for Glue Crawlers, but the pattern is broadly applicable. The advantage of the Job Poller approach is that you don't need to couple the implementation on the SSM side, which I suspect will be best for your case.

运行 Step Functions 中的 SSM

huangapple
  • 本文由 发表于 2023年6月5日 18:55:27
  • 转载请务必保留本文链接:https://go.coder-hub.com/76405741.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定