--- AWSTemplateFormatVersion: "2010-09-09" Description: >- (WWPS-GLS-WF-ORCHESTRATOR-SFN) Creates container images, AWS Batch Job Definitions, and an AWS Step Functions State Machine for a genomics workflow. Mappings: TagMap: default: architecture: "genomics-workflows" solution: "step-functions" tags: - Key: "architecture" Value: "genomics-workflows" - Key: "solution" Value: "step-functions" Metadata: AWS::Cloudformation::Interface: ParameterGroups: - Label: default: "Required" Parameters: - Namespace - GWFCoreNamespace - Label: default: "Distribution Configuration" Parameters: - TemplateRootUrl Parameters: Namespace: Type: String Description: Namespace (e.g. project name) to use to label resources. GWFCoreNamespace: Type: String Description: >- Namespace of the GWFCore deployment to use. TemplateRootUrl: Type: String Description: >- Root URL for where nested templates are stored Default: https://aws-genomics-workflows.s3.amazonaws.com/templates # dist: pin_version ConstraintDescription: >- Must be a valid S3 HTTP URL AllowedPattern: "https://[a-z0-9-./]{0,}s3([a-z0-9-.]+)*\\.amazonaws\\.com/[a-z0-9-./]{3,}" Conditions: NoNamespace: !Equals [ !Ref Namespace, "" ] Resources: ContainerSource: Type: "AWS::CodeCommit::Repository" Properties: RepositoryName: !Sub containers-${AWS::StackName} RepositoryDescription: >- Source code for workflow tooling containers Code: S3: Bucket: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/bucket:1}}' Key: !Sub - ${Prefix}/containers.zip - Prefix: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/prefix:1}}' Tags: - Key: architecture Value: !FindInMap ["TagMap", "default", "architecture"] ContainerBuildBwa: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub ${TemplateRootUrl}/_common/container-build.template.yaml Parameters: ImageName: bwa ImageTag: "0.7.17" GitRepoType: CODECOMMIT GitCloneUrlHttp: !GetAtt ContainerSource.CloneUrlHttp ProjectPath: ./bwa ProjectBuildSpecFile: ./buildspec-workflow-tool.yml CreateBatchJobDefinition: "Yes" BatchJobDefinitionName: !Sub "bwa-${AWS::StackName}" ArtifactBucketName: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/bucket:1}}' ArtifactBucketPrefix: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/prefix:1}}' Tags: !FindInMap ["TagMap", "default", "tags"] ContainerBuildSamtools: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub ${TemplateRootUrl}/_common/container-build.template.yaml Parameters: ImageName: samtools ImageTag: "1.9" GitRepoType: CODECOMMIT GitCloneUrlHttp: !GetAtt ContainerSource.CloneUrlHttp ProjectPath: ./samtools ProjectBuildSpecFile: ./buildspec-workflow-tool.yml CreateBatchJobDefinition: "Yes" BatchJobDefinitionName: !Sub "samtools-${AWS::StackName}" ArtifactBucketName: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/bucket:1}}' ArtifactBucketPrefix: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/prefix:1}}' Tags: !FindInMap ["TagMap", "default", "tags"] ContainerBuildBcftools: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub ${TemplateRootUrl}/_common/container-build.template.yaml Parameters: ImageName: bcftools ImageTag: "1.9" GitRepoType: CODECOMMIT GitCloneUrlHttp: !GetAtt ContainerSource.CloneUrlHttp ProjectPath: ./bcftools ProjectBuildSpecFile: ./buildspec-workflow-tool.yml CreateBatchJobDefinition: "Yes" BatchJobDefinitionName: !Sub "bcftools-${AWS::StackName}" ArtifactBucketName: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/bucket:1}}' ArtifactBucketPrefix: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/installed-artifacts/prefix:1}}' Tags: !FindInMap ["TagMap", "default", "tags"] IAMStepFunctionsExecutionRole: Type: AWS::IAM::Role Properties: Description: !Sub stepfunctions-service-role-${AWS::StackName}-${AWS::Region} AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: states.amazonaws.com Action: "sts:AssumeRole" Policies: - PolicyName: !Sub states-access-policy-${AWS::Region} PolicyDocument: Version: "2012-10-17" Statement: # Service integration permissions. For more details see: # https://docs.aws.amazon.com/step-functions/latest/dg/service-integration-iam-templates.html # enable calling lambda functions - Effect: Allow Action: - lambda:InvokeFunction Resource: "*" # this can be scope to specific functions if needed # enable calling other step functions - Effect: Allow Action: - states:StartExecution Resource: "*" # this can be scoped to specific state machines if needed # enable submitting batch jobs (synchronous) - Effect: Allow Action: - "batch:SubmitJob" - "batch:DescribeJobs" - "batch:TerminateJob" Resource: "*" # this can be scoped to specific job queues if needed - Effect: Allow Action: - "events:PutTargets" - "events:PutRule" - "events:DescribeRule" Resource: - !Sub "arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventsForBatchJobsRule" StateMachine: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub ${TemplateRootUrl}/step-functions/sfn-resources-state-machine.template.yaml Parameters: Namespace: Fn::If: - NoNamespace - !Sub ${AWS::StackName} - !Ref Namespace S3BucketName: !Sub "{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/s3-bucket:1}}" IAMStepFunctionsExecutionRole: !GetAtt IAMStepFunctionsExecutionRole.Arn BatchJobQueue: !Sub '{{resolve:ssm:/gwfcore/${GWFCoreNamespace}/job-queue/default:1}}' BatchJobDefinitionBwa: !GetAtt ContainerBuildBwa.Outputs.JobDefinition BatchJobDefinitionSamtools: !GetAtt ContainerBuildSamtools.Outputs.JobDefinition BatchJobDefinitionBcftools: !GetAtt ContainerBuildBcftools.Outputs.JobDefinition Tags: !FindInMap ["TagMap", "default", "tags"] Outputs: StateMachine: Value: !GetAtt StateMachine.Outputs.StateMachine Description: > AWS Step Functions State Machine that demonstrates a simple genomics workflow StateMachineInput: Value: !GetAtt StateMachine.Outputs.StateMachineInput Description: > Example input for the state machine. Use this when executing your workflow. StepFunctionsExecutionRole: Value: !GetAtt IAMStepFunctionsExecutionRole.Arn Description: IAM role used by AWS Step Functions to execute the state machine ...