feat: new stepfunction example

LocalStack/Automation/LabStepFunctions/main.tf

@@ -0,0 +1,44 @@
+module "sfn" {
+  source  = "terraform-aws-modules/step-functions/aws"
+  version = "5.1.0"
+
+  name              = "example"
+  type              = "standard"
+  definition        = file("${path.module}/reboot-asg-instances.json")
+  publish           = true
+  role_arn          = module.sfn-role.role-arn
+  use_existing_role = true
+}
+
+module "sfn-role" {
+  source         = "../../../modules/security_identity_compliance/iam-role-v2"
+  role-name      = "example-sfn-role"
+  path           = "/Sfn/"
+  description    = "Role for example step function"
+  trusted-entity = "states.amazonaws.com"
+  policies = {
+    example-sfn-policy = {
+      description = "XrayAccess"
+      policy = jsonencode(
+        {
+          "Version" : "2012-10-17",
+          "Statement" : [
+            {
+              "Effect" : "Allow",
+              "Action" : [
+                "xray:PutTraceSegments",
+                "xray:PutTelemetryRecords",
+                "xray:GetSamplingRules",
+                "xray:GetSamplingTargets"
+              ],
+              "Resource" : [
+                "*"
+              ]
+            }
+          ]
+        }
+      )
+    }
+  }
+}
+

LocalStack/Automation/LabStepFunctions/provider.tf

@@ -0,0 +1,60 @@
+provider "aws" {
+  region = var.aws-region
+
+  # localstack config
+  access_key                  = "test"
+  secret_key                  = "test"
+  skip_credentials_validation = true
+  skip_metadata_api_check     = true
+  skip_requesting_account_id  = true
+
+  # localstack endpoints https://docs.localstack.cloud/aws/integrations/infrastructure-as-code/terraform/#:~:text=tflocal%20is%20a%20small%20wrapper,unmodified%20Terraform%20scripts%20against%20LocalStack.
+  endpoints {
+    apigateway     = "http://192.168.86.96:4566"
+    apigatewayv2   = "http://192.168.86.96:4566"
+    cloudformation = "http://192.168.86.96:4566"
+    cloudwatch     = "http://192.168.86.96:4566"
+    dynamodb       = "http://192.168.86.96:4566"
+    ec2            = "http://192.168.86.96:4566"
+    es             = "http://192.168.86.96:4566"
+    elasticache    = "http://192.168.86.96:4566"
+    firehose       = "http://192.168.86.96:4566"
+    iam            = "http://192.168.86.96:4566"
+    kinesis        = "http://192.168.86.96:4566"
+    kms            = "http://192.168.86.96:4566"
+    lambda         = "http://192.168.86.96:4566"
+    rds            = "http://192.168.86.96:4566"
+    redshift       = "http://192.168.86.96:4566"
+    route53        = "http://192.168.86.96:4566"
+    s3             = "http://192.168.86.96:4566"
+    secretsmanager = "http://192.168.86.96:4566"
+    ses            = "http://192.168.86.96:4566"
+    sns            = "http://192.168.86.96:4566"
+    sqs            = "http://192.168.86.96:4566"
+    ssm            = "http://192.168.86.96:4566"
+    stepfunctions  = "http://192.168.86.96:4566"
+    sts            = "http://192.168.86.96:4566"
+  }
+
+  default_tags {
+    tags = {
+      Environment  = var.environment
+      Project      = var.project
+      Application  = var.application
+      LocalStack   = true
+      TerraformDir = join("/", reverse(slice(reverse(split("/", path.cwd)), 0, 2)))
+    }
+  }
+}
+
+terraform {
+  required_version = ">= 1.11.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 6.0"
+    }
+  }
+}
+
+# data aws_caller_identity current {}

LocalStack/Automation/LabStepFunctions/reboot-asg-instances.json

@@ -0,0 +1,50 @@
+{
+  "Comment": "Suspend ASG and reboot instances in the group",
+  "StartAt": "SetVariables",
+  "States": {
+    "SetVariables": {
+      "Type": "Pass",
+      "Result": {
+        "asgName": "acme-dev-web-asg"
+      },
+      "ResultPath": "$.vars",
+      "Next": "SuspendProcesses"
+    },
+    "SuspendProcesses": {
+      "Type": "Task",
+      "Parameters": {
+        "AutoScalingGroupName.$": "$.vars.asgName"
+      },
+      "Resource": "arn:aws:states:::aws-sdk:autoscaling:suspendProcesses",
+      "ResultPath": "$.suspendResult",
+      "Next": "DescribeAutoScalingGroups"
+    },
+    "DescribeAutoScalingGroups": {
+      "Type": "Task",
+      "Parameters": {
+        "AutoScalingGroupNames.$": "States.Array($.vars.asgName)",
+        "MaxRecords": 1
+      },
+      "Resource": "arn:aws:states:::aws-sdk:autoscaling:describeAutoScalingGroups",
+      "Next": "RebootInstances",
+      "ResultPath": "$.asgData"
+    },
+    "RebootInstances": {
+      "Type": "Task",
+      "Parameters": {
+        "InstanceIds.$": "$.asgData.AutoScalingGroups[0].Instances[*].InstanceId"
+      },
+      "Resource": "arn:aws:states:::aws-sdk:ec2:rebootInstances",
+      "ResultPath": "$.rebootResult",
+      "Next": "ResumeProcesses"
+    },
+    "ResumeProcesses": {
+      "Type": "Task",
+      "Parameters": {
+        "AutoScalingGroupName.$": "$.vars.asgName"
+      },
+      "Resource": "arn:aws:states:::aws-sdk:autoscaling:resumeProcesses",
+      "End": true
+    }
+  }
+}

LocalStack/Automation/LabStepFunctions/terraform.tfvars

@@ -0,0 +1,4 @@
+application = "localstack"
+environment = "locallab"
+project     = "iac"
+aws-region  = "us-east-1"

LocalStack/Automation/LabStepFunctions/variables.tf

@@ -0,0 +1,4 @@
+variable "aws-region" {}
+variable "environment" {}
+variable "project" {}
+variable "application" {}

LocalStack/README.md

@@ -15,7 +15,7 @@ or use community edition while it is still available
 docker run \
 -e AWS_ACCESS_KEY_ID=test \
 -e AWS_SECRET_ACCESS_KEY=test \
--e SERVICES="s3,iam,lambda,dynamodb,cloudwatch,rds,ec2,secretsmanager" \
+-e SERVICES="s3,iam,lambda,dynamodb,cloudwatch,rds,ec2,secretsmanager,stepfunctions" \
 -e DEBUG=0 \
 -d --rm --name localstack --network macvlan localstack/localstack localstack 
 ```