in packages/aws-cdk-lib/aws-stepfunctions/lib/state-machine.ts [444:552]
constructor(scope: Construct, id: string, props: StateMachineProps) {
super(scope, id, {
physicalName: props.stateMachineName,
});
// Enhanced CDK Analytics Telemetry
addConstructMetadata(this, props);
if (props.definition && props.definitionBody) {
throw new Error('Cannot specify definition and definitionBody at the same time');
}
if (!props.definition && !props.definitionBody) {
throw new Error('You need to specify either definition or definitionBody');
}
if (props.stateMachineName !== undefined) {
this.validateStateMachineName(props.stateMachineName);
}
if (props.logs) {
this.validateLogOptions(props.logs);
}
this.role = props.role || new iam.Role(this, 'Role', {
assumedBy: new iam.ServicePrincipal('states.amazonaws.com'),
});
const definitionBody = props.definitionBody ?? DefinitionBody.fromChainable(props.definition!);
this.stateMachineType = props.stateMachineType ?? StateMachineType.STANDARD;
let graph: StateGraph | undefined = undefined;
if (definitionBody instanceof ChainDefinitionBody) {
graph = new StateGraph(definitionBody.chainable.startState, 'State Machine definition');
graph.timeout = props.timeout;
for (const statement of graph.policyStatements) {
this.addToRolePolicy(statement);
}
}
if (props.encryptionConfiguration instanceof CustomerManagedEncryptionConfiguration) {
this.role.addToPrincipalPolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: [
'kms:Decrypt', 'kms:GenerateDataKey',
],
resources: [`${props.encryptionConfiguration.kmsKey.keyArn}`],
conditions: {
StringEquals: {
'kms:EncryptionContext:aws:states:stateMachineArn': Stack.of(this).formatArn({
service: 'states',
resource: 'stateMachine',
sep: ':',
resourceName: this.physicalName,
}),
},
},
}));
if (props.logs && props.logs.level !== LogLevel.OFF) {
this.role.addToPrincipalPolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: [
'kms:GenerateDataKey',
],
resources: [`${props.encryptionConfiguration.kmsKey.keyArn}`],
conditions: {
StringEquals: {
'kms:EncryptionContext:SourceArn': Stack.of(this).formatArn({
service: 'logs',
resource: '*',
sep: ':',
}),
},
},
}));
props.encryptionConfiguration.kmsKey.addToResourcePolicy(new iam.PolicyStatement({
resources: ['*'],
actions: ['kms:Decrypt*'],
principals: [new iam.ServicePrincipal('delivery.logs.amazonaws.com')],
}));
}
}
const resource = new CfnStateMachine(this, 'Resource', {
stateMachineName: this.physicalName,
stateMachineType: props.stateMachineType ?? undefined,
roleArn: this.role.roleArn,
loggingConfiguration: props.logs ? this.buildLoggingConfiguration(props.logs) : undefined,
tracingConfiguration: this.buildTracingConfiguration(props.tracingEnabled),
...definitionBody.bind(this, this.role, props, graph),
definitionSubstitutions: props.definitionSubstitutions,
encryptionConfiguration: buildEncryptionConfiguration(props.encryptionConfiguration),
});
resource.applyRemovalPolicy(props.removalPolicy, { default: RemovalPolicy.DESTROY });
resource.node.addDependency(this.role);
this.stateMachineName = this.getResourceNameAttribute(resource.attrName);
this.stateMachineArn = this.getResourceArnAttribute(resource.ref, {
service: 'states',
resource: 'stateMachine',
resourceName: this.physicalName,
arnFormat: ArnFormat.COLON_RESOURCE_NAME,
});
if (definitionBody instanceof ChainDefinitionBody) {
graph!.bind(this);
}
this.stateMachineRevisionId = resource.attrStateMachineRevisionId;
}