How Do I Implement Human Approval Steps in Automated Workflows With AWS Step Functions Activities?

Introduction

In this guide, we will explore how to integrate human approval steps within an automated workflow using AWS Step Functions activities. AWS Step Functions enable you to coordinate various AWS services into serverless workflows, and by adding human approval steps, you can ensure that essential decisions are validated by a human before the workflow progresses. This approach is particularly useful in scenarios where human judgment is crucial, such as compliance checks or financial approvals.

Implementation Process

The workflow will include an activity that requires human approval, effectively pausing the execution until an external signal (human approval) is received. Below is a step-by-step explanation of the implementation process:

1. Define an AWS Step Functions Activity: Create an activity that represents the human approval step. This activity will serve as a placeholder where the workflow pauses for human intervention.

2. Create an IAM Role: Establish a role that AWS Step Functions will assume to execute the workflow. This role must have the necessary permissions to manage Step Functions.

3. Attach a Managed Policy: Attach an AWS managed policy to the IAM role to grant full access permissions for Step Functions operations.

4. Define the State Machine: Construct a state machine that includes the human approval step. The state machine definition specifies the sequence of states, including the approval step where the workflow will pause.

5. Signal the Activity: Implement logic to signal the activity to resume execution once human approval is granted. This step involves invoking the activity with an external signal to continue the workflow.

import * as aws from "@pulumi/aws";
import * as awsNative from "@pulumi/aws-native";
import * as pulumi from "@pulumi/pulumi";

// Create an IAM role for Step Functions
const role = new aws.iam.Role("stepFunctionsRole", {
    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({
        Service: "states.amazonaws.com",
    }),
});

// Attach the AWS managed policy for Step Functions to the role
new aws.iam.RolePolicyAttachment("stepFunctionsRolePolicy", {
    role: role.name,
    policyArn: "arn:aws:iam::aws:policy/service-role/AWSStepFunctionsFullAccess",
});

// Create a Step Functions activity for human approval
const approvalActivity = new awsNative.stepfunctions.Activity("approvalActivity", {
    name: "HumanApprovalActivity",
});

// Define the state machine
const stateMachineDefinition = {
    Comment: "A state machine that includes a human approval step",
    StartAt: "ApprovalStep",
    States: {
        ApprovalStep: {
            Type: "Task",
            Resource: approvalActivity.id.apply(id => `arn:aws:states:::lambda:invokeActivity:${id}`),
            TimeoutSeconds: 300,
            HeartbeatSeconds: 60,
            Next: "NextStep",
        },
        NextStep: {
            Type: "Pass",
            End: true,
        },
    },
};

// Create the state machine
const stateMachine = new awsNative.stepfunctions.StateMachine("stateMachine", {
    roleArn: role.arn,
    definitionString: JSON.stringify(stateMachineDefinition),
    stateMachineName: "HumanApprovalStateMachine",
});

// Export the ARN of the state machine
export const stateMachineArn = stateMachine.arn;

Summary

In this guide, we successfully implemented a human approval step in an AWS Step Functions workflow. By creating a dedicated activity for human approval, the state machine can pause and wait for an external signal before proceeding, ensuring that crucial decisions are subject to human oversight. Utilizing Pulumi streamlines the deployment and management of this infrastructure, making it easier to incorporate human approvals into automated workflows.