AWS SDK integrations with AWS Step Functions serverless plugin

By Daniel Aniszkiewicz ยท 2nd August, 2022


The AWS Step Functions service is being developed more and more, and is becoming more developer friendly. Not long ago, there was no Workflow Studio and you couldn't visually create a workflow, and less than a year ago a game changer was added for Step Functions - AWS SDK Integration for most AWS services.

Why is AWS SDK integration a game changer?

Previously, we had to add lambda functions that communicated via AWS-SDK and performed the desired action. Now we don't need these functions, so neither do we need lambda functions (and wait for them to boot), nor do we need to create (and maintain) code in lambda functions.

If you work with the Serverless Framework, you're certainly familiar with the AWS Step Functions plugin. It makes the job of creating state machines very easy.

Let's assume that we would like to make a flow that creates an API key for our API in the Gateway API service and then assigns it to a usage plan.


Using the plugin, serverless.yml file will look more or less like this (without AWS SDK integration):

As you can see, for each step related to the gateway API, we need a lambda function in which we have to connect to the AWS SDK library (Ruby code).

Let's change it now to aws sdk integrations:

Important note. The step functions plugin generates all necessary IAM roles by itself, however, currently not every AWS service in this plugin supports the generation of these roles automatically (e.g. for API gateway it does not), therefore an error "Cannot generate IAM policy statement for Task state." will occur.

You can see some issues on GH regarding it here.

To resolve this, and continue to use AWS SDK integrations, you need to create custom IAM roles, and this is how I did it. The changes are:

  • Step functions tasks have been converted to AWS SDK integrations, along with the necessary parameters.
  • In the provider config, we no longer need IAM roles for the lambda functions.
  • We no longer need lambda functions as we now use the native AWS SDK integrations.
  • Custom IAM roles have been added for the API Gateway.

  • In summary, native AWS SDK integrations are a very big improvement. Our state machines will be faster (we won't need lambda functions with code, and we don't have to wait for the lambda functions to boot), as well as maintenance is simpler - because we no longer need code to communicate with the AWS SDK.