feat(stepfunctions-tasks): run batch job

[ayush987goyal]

Commit Message

feat(stepfunctions-tasks): run batch job (#6396)

Adding implementation to run batch job from step functions based on docs

closes #6467

End Commit Message

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: c7e8f56
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: e405aa0
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: bf9ddd4
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 0727eff
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 6fd567d
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: b24ad8f
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 6e16a67
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[nija-at]

Once batch has a more stable API, we can use the interfaces from batch instead of working with names and ARNs

Why wait? Why not start using them straight away?

[ayush987goyal]

On the same note, I had a doubt on naming this task. I was confused between calling it InvokeBatchJob v/s RunBatchJob. What do you think should be the appropriate name?

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 74ab577
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[nija-at]

On the same note, I had a doubt on naming this task. I was confused between calling it InvokeBatchJob v/s RunBatchJob. What do you think should be the appropriate name?

Let's switch to RunBatchJob.

Pull request has been modified.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 508b3b9
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 1b322e7
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Pull request has been modified.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 156f794
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 65bca62
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: bc15bd9
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[nija-at]

Thanks for the updated revision. I have a few more comments based on a second iteration on this. It's starting to come together and looks close. 😊

[nija-at]

I found this - https://docs.aws.amazon.com/batch/latest/userguide/batch-supported-iam-actions-resources.html.

Is it possible that AWS batch has added supported for resource-level permissions and that the step functions page is stale?

[ayush987goyal]

I am not sure how it would work out with the current batch implementation anyway. It does not expose the revision of a jobDefinition.
https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-batch.JobDefinition.html

[nija-at]

I'm not sure I'm fully following your last comment.

I was thinking we could do -

resources: [ `${this.props.jobdefinition.jobDefinitionArn}/*` ]

This would be better than just *.

Pull request has been modified.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: a9f93aa
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[nija-at]

Mostly good. I'm still a bit worried about the * permission, which I think we can do better, but not sure.

Some minor code clean up for readability.

This is very close to the line. Thanks for iterating on this!

[nija-at]

I'm not sure I'm fully following your last comment.

I was thinking we could do -

resources: [ `${this.props.jobdefinition.jobDefinitionArn}/*` ]

This would be better than just *.

[ayush987goyal]

Based on the permission configuration mentioned in this doc, we have to either provide the job-definition with the revision or none at all.

Job Definition

arn:aws:batch:region:account:job-definition/*

arn:aws:batch:region:account:job-definition/definition-name:revision

So based on this, I am going ahead with these permission instead of '*'

	new iam.PolicyStatement({
          resources: [
            Stack.of(_task).formatArn({
              service: 'batch',
              resource: 'job-definition',
              resourceName: '*'
            }),
            this.props.jobQueue.jobQueueArn
          ],
          actions: ['batch:SubmitJob']
        }),

That way we are limiting the permission to a specific queue but all the job-definitions. Once we have revision provided by Batch, we can probably update the permission to that specific revision.

Pull request has been modified.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 407757a
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[nija-at]

Based on the permission configuration mentioned in this doc, we have to either provide the job-definition with the revision or none at all.

Oops, yes you're correct. I mis-read the doc. This is fine to start off with.

[mergify]

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 22b3107
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).