0
# Application Services
1
2
Application integration and management services including API Gateway for APIs, SNS/SQS for messaging, Step Functions for workflows, and CloudWatch for monitoring.
3
4
## Capabilities
5
6
### API Gateway - REST and HTTP APIs
7
8
Amazon API Gateway creates, publishes, maintains, and monitors secure APIs at any scale.
9
10
```typescript { .api }
11
/**
12
* API Gateway REST API
13
*/
14
class apigateway.RestApi extends pulumi.CustomResource {
15
constructor(name: string, args?: apigateway.RestApiArgs, opts?: pulumi.CustomResourceOptions);
16
17
/** API ARN */
18
readonly arn: pulumi.Output<string>;
19
/** API ID */
20
readonly id: pulumi.Output<string>;
21
/** API name */
22
readonly name: pulumi.Output<string>;
23
/** Description */
24
readonly description: pulumi.Output<string>;
25
/** Execution ARN */
26
readonly executionArn: pulumi.Output<string>;
27
/** Root resource ID */
28
readonly rootResourceId: pulumi.Output<string>;
29
/** API policy */
30
readonly policy: pulumi.Output<string>;
31
/** Binary media types */
32
readonly binaryMediaTypes: pulumi.Output<string[]>;
33
/** Endpoint configuration */
34
readonly endpointConfiguration: pulumi.Output<apigateway.RestApiEndpointConfiguration>;
35
/** Resource tags */
36
readonly tags: pulumi.Output<{[key: string]: string}>;
37
}
38
39
interface apigateway.RestApiArgs {
40
/** API name */
41
name?: pulumi.Input<string>;
42
/** Description */
43
description?: pulumi.Input<string>;
44
/** API policy document (JSON) */
45
policy?: pulumi.Input<string>;
46
/** Binary media types */
47
binaryMediaTypes?: pulumi.Input<pulumi.Input<string>[]>;
48
/** Minimum compression size */
49
minimumCompressionSize?: pulumi.Input<number>;
50
/** API key source */
51
apiKeySource?: pulumi.Input<string>;
52
/** Endpoint configuration */
53
endpointConfiguration?: pulumi.Input<apigateway.RestApiEndpointConfiguration>;
54
/** Disable execute API endpoint */
55
disableExecuteApiEndpoint?: pulumi.Input<boolean>;
56
/** Resource tags */
57
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
58
}
59
60
/**
61
* API Gateway Resource
62
*/
63
class apigateway.Resource extends pulumi.CustomResource {
64
constructor(name: string, args: apigateway.ResourceArgs, opts?: pulumi.CustomResourceOptions);
65
66
/** Resource ID */
67
readonly id: pulumi.Output<string>;
68
/** REST API ID */
69
readonly restApi: pulumi.Output<string>;
70
/** Parent resource ID */
71
readonly parentId: pulumi.Output<string>;
72
/** Path part */
73
readonly pathPart: pulumi.Output<string>;
74
/** Full path */
75
readonly path: pulumi.Output<string>;
76
}
77
78
interface apigateway.ResourceArgs {
79
/** REST API ID */
80
restApi: pulumi.Input<string>;
81
/** Parent resource ID */
82
parentId: pulumi.Input<string>;
83
/** Path part (e.g., "users", "{id}") */
84
pathPart: pulumi.Input<string>;
85
}
86
87
/**
88
* API Gateway Method
89
*/
90
class apigateway.Method extends pulumi.CustomResource {
91
constructor(name: string, args: apigateway.MethodArgs, opts?: pulumi.CustomResourceOptions);
92
93
/** REST API ID */
94
readonly restApi: pulumi.Output<string>;
95
/** Resource ID */
96
readonly resourceId: pulumi.Output<string>;
97
/** HTTP method */
98
readonly httpMethod: pulumi.Output<string>;
99
/** Authorization type */
100
readonly authorization: pulumi.Output<string>;
101
/** Authorizer ID */
102
readonly authorizerId: pulumi.Output<string>;
103
/** API key required */
104
readonly apiKeyRequired: pulumi.Output<boolean>;
105
/** Request parameters */
106
readonly requestParameters: pulumi.Output<{[key: string]: boolean}>;
107
/** Request models */
108
readonly requestModels: pulumi.Output<{[key: string]: string}>;
109
}
110
111
interface apigateway.MethodArgs {
112
/** REST API ID */
113
restApi: pulumi.Input<string>;
114
/** Resource ID */
115
resourceId: pulumi.Input<string>;
116
/** HTTP method (GET, POST, PUT, DELETE, etc.) */
117
httpMethod: pulumi.Input<string>;
118
/** Authorization type (NONE, AWS_IAM, CUSTOM, COGNITO_USER_POOLS) */
119
authorization: pulumi.Input<string>;
120
/** Authorizer ID */
121
authorizerId?: pulumi.Input<string>;
122
/** API key required */
123
apiKeyRequired?: pulumi.Input<boolean>;
124
/** Request parameters */
125
requestParameters?: pulumi.Input<{[key: string]: pulumi.Input<boolean>}>;
126
/** Request models */
127
requestModels?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
128
/** Request validator ID */
129
requestValidatorId?: pulumi.Input<string>;
130
}
131
132
/**
133
* API Gateway Integration
134
*/
135
class apigateway.Integration extends pulumi.CustomResource {
136
constructor(name: string, args: apigateway.IntegrationArgs, opts?: pulumi.CustomResourceOptions);
137
138
/** REST API ID */
139
readonly restApi: pulumi.Output<string>;
140
/** Resource ID */
141
readonly resourceId: pulumi.Output<string>;
142
/** HTTP method */
143
readonly httpMethod: pulumi.Output<string>;
144
/** Integration type */
145
readonly type: pulumi.Output<string>;
146
/** Integration HTTP method */
147
readonly integrationHttpMethod: pulumi.Output<string>;
148
/** URI */
149
readonly uri: pulumi.Output<string>;
150
/** Connection type */
151
readonly connectionType: pulumi.Output<string>;
152
/** Connection ID */
153
readonly connectionId: pulumi.Output<string>;
154
/** Credentials */
155
readonly credentials: pulumi.Output<string>;
156
}
157
158
/**
159
* API Gateway Deployment
160
*/
161
class apigateway.Deployment extends pulumi.CustomResource {
162
constructor(name: string, args: apigateway.DeploymentArgs, opts?: pulumi.CustomResourceOptions);
163
164
/** Deployment ID */
165
readonly id: pulumi.Output<string>;
166
/** REST API ID */
167
readonly restApi: pulumi.Output<string>;
168
/** Description */
169
readonly description: pulumi.Output<string>;
170
/** Stage name */
171
readonly stageName: pulumi.Output<string>;
172
/** Invoke URL */
173
readonly invokeUrl: pulumi.Output<string>;
174
/** Execution ARN */
175
readonly executionArn: pulumi.Output<string>;
176
}
177
```
178
179
**Usage Examples:**
180
181
```typescript
182
// Create REST API
183
const api = new aws.apigateway.RestApi("user-api", {
184
name: "user-management-api",
185
description: "API for user management operations",
186
endpointConfiguration: {
187
types: ["REGIONAL"]
188
},
189
binaryMediaTypes: ["application/octet-stream"],
190
tags: {
191
Name: "UserAPI",
192
Environment: "production"
193
}
194
});
195
196
// Create resource
197
const usersResource = new aws.apigateway.Resource("users-resource", {
198
restApi: api.id,
199
parentId: api.rootResourceId,
200
pathPart: "users"
201
});
202
203
const userResource = new aws.apigateway.Resource("user-resource", {
204
restApi: api.id,
205
parentId: usersResource.id,
206
pathPart: "{id}"
207
});
208
209
// Create GET method
210
const getUserMethod = new aws.apigateway.Method("get-user", {
211
restApi: api.id,
212
resourceId: userResource.id,
213
httpMethod: "GET",
214
authorization: "AWS_IAM",
215
requestParameters: {
216
"method.request.path.id": true
217
}
218
});
219
220
// Create Lambda integration
221
const getUserIntegration = new aws.apigateway.Integration("get-user-integration", {
222
restApi: api.id,
223
resourceId: userResource.id,
224
httpMethod: getUserMethod.httpMethod,
225
type: "AWS_PROXY",
226
integrationHttpMethod: "POST",
227
uri: getUserFunction.invokeArn,
228
credentials: apiGatewayRole.arn
229
});
230
231
// Create deployment
232
const deployment = new aws.apigateway.Deployment("api-deployment", {
233
restApi: api.id,
234
stageName: "prod",
235
description: "Production deployment"
236
}, {
237
dependsOn: [getUserIntegration]
238
});
239
240
// Grant API Gateway permission to invoke Lambda
241
const lambdaPermission = new aws.lambda.Permission("api-lambda-permission", {
242
action: "lambda:InvokeFunction",
243
function: getUserFunction.name,
244
principal: "apigateway.amazonaws.com",
245
sourceArn: pulumi.interpolate`${api.executionArn}/*/*`
246
});
247
```
248
249
### SNS - Simple Notification Service
250
251
Amazon Simple Notification Service is a pub/sub messaging service for application-to-application and application-to-person communication.
252
253
```typescript { .api }
254
/**
255
* SNS Topic
256
*/
257
class sns.Topic extends pulumi.CustomResource {
258
constructor(name: string, args?: sns.TopicArgs, opts?: pulumi.CustomResourceOptions);
259
260
/** Topic ARN */
261
readonly arn: pulumi.Output<string>;
262
/** Topic name */
263
readonly name: pulumi.Output<string>;
264
/** Display name */
265
readonly displayName: pulumi.Output<string>;
266
/** Policy */
267
readonly policy: pulumi.Output<string>;
268
/** Delivery policy */
269
readonly deliveryPolicy: pulumi.Output<string>;
270
/** KMS master key ID */
271
readonly kmsMasterKeyId: pulumi.Output<string>;
272
/** FIFO topic */
273
readonly fifoTopic: pulumi.Output<boolean>;
274
/** Content-based deduplication */
275
readonly contentBasedDeduplication: pulumi.Output<boolean>;
276
/** Resource tags */
277
readonly tags: pulumi.Output<{[key: string]: string}>;
278
}
279
280
interface sns.TopicArgs {
281
/** Topic name */
282
name?: pulumi.Input<string>;
283
/** Display name */
284
displayName?: pulumi.Input<string>;
285
/** Topic policy (JSON) */
286
policy?: pulumi.Input<string>;
287
/** Delivery policy (JSON) */
288
deliveryPolicy?: pulumi.Input<string>;
289
/** KMS key ID for encryption */
290
kmsMasterKeyId?: pulumi.Input<string>;
291
/** FIFO topic */
292
fifoTopic?: pulumi.Input<boolean>;
293
/** Content-based deduplication */
294
contentBasedDeduplication?: pulumi.Input<boolean>;
295
/** Resource tags */
296
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
297
}
298
299
/**
300
* SNS Topic Subscription
301
*/
302
class sns.TopicSubscription extends pulumi.CustomResource {
303
constructor(name: string, args: sns.TopicSubscriptionArgs, opts?: pulumi.CustomResourceOptions);
304
305
/** Subscription ARN */
306
readonly arn: pulumi.Output<string>;
307
/** Topic ARN */
308
readonly topicArn: pulumi.Output<string>;
309
/** Protocol */
310
readonly protocol: pulumi.Output<string>;
311
/** Endpoint */
312
readonly endpoint: pulumi.Output<string>;
313
/** Raw message delivery */
314
readonly rawMessageDelivery: pulumi.Output<boolean>;
315
/** Filter policy */
316
readonly filterPolicy: pulumi.Output<string>;
317
/** Confirmation timeout */
318
readonly confirmationTimeoutInMinutes: pulumi.Output<number>;
319
}
320
321
interface sns.TopicSubscriptionArgs {
322
/** Topic ARN */
323
topicArn: pulumi.Input<string>;
324
/** Protocol (sqs, lambda, email, sms, http, https) */
325
protocol: pulumi.Input<string>;
326
/** Endpoint (queue ARN, function ARN, email, etc.) */
327
endpoint: pulumi.Input<string>;
328
/** Raw message delivery */
329
rawMessageDelivery?: pulumi.Input<boolean>;
330
/** Filter policy (JSON) */
331
filterPolicy?: pulumi.Input<string>;
332
/** Confirmation timeout in minutes */
333
confirmationTimeoutInMinutes?: pulumi.Input<number>;
334
/** Subscription role ARN */
335
subscriptionRoleArn?: pulumi.Input<string>;
336
}
337
```
338
339
**Usage Examples:**
340
341
```typescript
342
// Create SNS topic
343
const notificationTopic = new aws.sns.Topic("notifications", {
344
name: "user-notifications",
345
displayName: "User Notifications",
346
kmsMasterKeyId: encryptionKey.arn,
347
tags: {
348
Name: "UserNotifications",
349
Environment: "production"
350
}
351
});
352
353
// Subscribe Lambda function to topic
354
const lambdaSubscription = new aws.sns.TopicSubscription("lambda-subscription", {
355
topicArn: notificationTopic.arn,
356
protocol: "lambda",
357
endpoint: notificationFunction.arn
358
});
359
360
// Subscribe SQS queue to topic
361
const sqsSubscription = new aws.sns.TopicSubscription("sqs-subscription", {
362
topicArn: notificationTopic.arn,
363
protocol: "sqs",
364
endpoint: notificationQueue.arn,
365
rawMessageDelivery: true,
366
filterPolicy: JSON.stringify({
367
event_type: ["user_created", "user_updated"]
368
})
369
});
370
371
// Subscribe email to topic
372
const emailSubscription = new aws.sns.TopicSubscription("email-subscription", {
373
topicArn: notificationTopic.arn,
374
protocol: "email",
375
endpoint: "admin@example.com"
376
});
377
378
// Grant SNS permission to invoke Lambda
379
const snsLambdaPermission = new aws.lambda.Permission("sns-lambda-permission", {
380
action: "lambda:InvokeFunction",
381
function: notificationFunction.name,
382
principal: "sns.amazonaws.com",
383
sourceArn: notificationTopic.arn
384
});
385
```
386
387
### SQS - Simple Queue Service
388
389
Amazon Simple Queue Service is a fully managed message queuing service for decoupling applications.
390
391
```typescript { .api }
392
/**
393
* SQS Queue
394
*/
395
class sqs.Queue extends pulumi.CustomResource {
396
constructor(name: string, args?: sqs.QueueArgs, opts?: pulumi.CustomResourceOptions);
397
398
/** Queue ARN */
399
readonly arn: pulumi.Output<string>;
400
/** Queue ID */
401
readonly id: pulumi.Output<string>;
402
/** Queue name */
403
readonly name: pulumi.Output<string>;
404
/** Queue URL */
405
readonly url: pulumi.Output<string>;
406
/** Visibility timeout */
407
readonly visibilityTimeoutSeconds: pulumi.Output<number>;
408
/** Message retention period */
409
readonly messageRetentionSeconds: pulumi.Output<number>;
410
/** Max message size */
411
readonly maxMessageSize: pulumi.Output<number>;
412
/** Delay seconds */
413
readonly delaySeconds: pulumi.Output<number>;
414
/** Receive wait time */
415
readonly receiveWaitTimeSeconds: pulumi.Output<number>;
416
/** Policy */
417
readonly policy: pulumi.Output<string>;
418
/** Redrive policy */
419
readonly redrivePolicy: pulumi.Output<string>;
420
/** FIFO queue */
421
readonly fifoQueue: pulumi.Output<boolean>;
422
/** Content-based deduplication */
423
readonly contentBasedDeduplication: pulumi.Output<boolean>;
424
/** KMS master key ID */
425
readonly kmsMasterKeyId: pulumi.Output<string>;
426
/** Resource tags */
427
readonly tags: pulumi.Output<{[key: string]: string}>;
428
}
429
430
interface sqs.QueueArgs {
431
/** Queue name */
432
name?: pulumi.Input<string>;
433
/** Visibility timeout in seconds */
434
visibilityTimeoutSeconds?: pulumi.Input<number>;
435
/** Message retention period in seconds */
436
messageRetentionSeconds?: pulumi.Input<number>;
437
/** Maximum message size in bytes */
438
maxMessageSize?: pulumi.Input<number>;
439
/** Message delay in seconds */
440
delaySeconds?: pulumi.Input<number>;
441
/** Long polling wait time in seconds */
442
receiveWaitTimeSeconds?: pulumi.Input<number>;
443
/** Queue policy (JSON) */
444
policy?: pulumi.Input<string>;
445
/** Dead letter queue redrive policy (JSON) */
446
redrivePolicy?: pulumi.Input<string>;
447
/** FIFO queue */
448
fifoQueue?: pulumi.Input<boolean>;
449
/** Content-based deduplication */
450
contentBasedDeduplication?: pulumi.Input<boolean>;
451
/** KMS key ID for encryption */
452
kmsMasterKeyId?: pulumi.Input<string>;
453
/** KMS data key reuse period in seconds */
454
kmsDataKeyReusePeriodSeconds?: pulumi.Input<number>;
455
/** Resource tags */
456
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
457
}
458
```
459
460
**Usage Examples:**
461
462
```typescript
463
// Create dead letter queue
464
const deadLetterQueue = new aws.sqs.Queue("dlq", {
465
name: "processing-dlq",
466
messageRetentionSeconds: 1209600, // 14 days
467
tags: {
468
Name: "ProcessingDLQ",
469
Purpose: "dead-letter"
470
}
471
});
472
473
// Create main processing queue
474
const processingQueue = new aws.sqs.Queue("processing-queue", {
475
name: "user-processing-queue",
476
visibilityTimeoutSeconds: 300,
477
messageRetentionSeconds: 345600, // 4 days
478
receiveWaitTimeSeconds: 20, // Long polling
479
redrivePolicy: JSON.stringify({
480
deadLetterTargetArn: deadLetterQueue.arn,
481
maxReceiveCount: 3
482
}),
483
kmsMasterKeyId: encryptionKey.arn,
484
tags: {
485
Name: "UserProcessingQueue",
486
Environment: "production"
487
}
488
});
489
490
// Create FIFO queue for ordered processing
491
const orderedQueue = new aws.sqs.Queue("ordered-queue", {
492
name: "ordered-processing.fifo",
493
fifoQueue: true,
494
contentBasedDeduplication: true,
495
visibilityTimeoutSeconds: 60,
496
tags: {
497
Name: "OrderedProcessingQueue",
498
Type: "fifo"
499
}
500
});
501
502
// Grant Lambda permission to receive messages
503
const queuePolicy = new aws.sqs.QueuePolicy("queue-policy", {
504
queueUrl: processingQueue.url,
505
policy: JSON.stringify({
506
Version: "2012-10-17",
507
Statement: [{
508
Effect: "Allow",
509
Principal: {
510
AWS: lambdaRole.arn
511
},
512
Action: [
513
"sqs:ReceiveMessage",
514
"sqs:DeleteMessage",
515
"sqs:GetQueueAttributes"
516
],
517
Resource: processingQueue.arn
518
}]
519
})
520
});
521
```
522
523
### Step Functions - Workflow Orchestration
524
525
AWS Step Functions coordinates multiple AWS services into serverless workflows.
526
527
```typescript { .api }
528
/**
529
* Step Functions State Machine
530
*/
531
class sfn.StateMachine extends pulumi.CustomResource {
532
constructor(name: string, args: sfn.StateMachineArgs, opts?: pulumi.CustomResourceOptions);
533
534
/** State machine ARN */
535
readonly arn: pulumi.Output<string>;
536
/** State machine name */
537
readonly name: pulumi.Output<string>;
538
/** Definition */
539
readonly definition: pulumi.Output<string>;
540
/** Role ARN */
541
readonly roleArn: pulumi.Output<string>;
542
/** Type */
543
readonly type: pulumi.Output<string>;
544
/** Logging configuration */
545
readonly loggingConfiguration: pulumi.Output<sfn.StateMachineLoggingConfiguration>;
546
/** Tracing configuration */
547
readonly tracingConfiguration: pulumi.Output<sfn.StateMachineTracingConfiguration>;
548
/** Resource tags */
549
readonly tags: pulumi.Output<{[key: string]: string}>;
550
}
551
552
interface sfn.StateMachineArgs {
553
/** State machine name */
554
name?: pulumi.Input<string>;
555
/** State machine definition (JSON) */
556
definition: pulumi.Input<string>;
557
/** IAM role ARN */
558
roleArn: pulumi.Input<string>;
559
/** Type (STANDARD or EXPRESS) */
560
type?: pulumi.Input<string>;
561
/** Logging configuration */
562
loggingConfiguration?: pulumi.Input<sfn.StateMachineLoggingConfiguration>;
563
/** Tracing configuration */
564
tracingConfiguration?: pulumi.Input<sfn.StateMachineTracingConfiguration>;
565
/** Resource tags */
566
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
567
}
568
```
569
570
**Usage Examples:**
571
572
```typescript
573
// Create Step Functions execution role
574
const stepFunctionRole = new aws.iam.Role("step-function-role", {
575
assumeRolePolicy: JSON.stringify({
576
Version: "2012-10-17",
577
Statement: [{
578
Action: "sts:AssumeRole",
579
Effect: "Allow",
580
Principal: {
581
Service: "states.amazonaws.com"
582
}
583
}]
584
})
585
});
586
587
// Create state machine for user processing workflow
588
const userProcessingWorkflow = new aws.sfn.StateMachine("user-processing", {
589
name: "user-processing-workflow",
590
roleArn: stepFunctionRole.arn,
591
type: "STANDARD",
592
definition: JSON.stringify({
593
Comment: "User processing workflow",
594
StartAt: "ValidateUser",
595
States: {
596
ValidateUser: {
597
Type: "Task",
598
Resource: validateUserFunction.arn,
599
Next: "ProcessUser",
600
Catch: [{
601
ErrorEquals: ["States.TaskFailed"],
602
Next: "HandleError"
603
}]
604
},
605
ProcessUser: {
606
Type: "Task",
607
Resource: processUserFunction.arn,
608
Next: "SendNotification"
609
},
610
SendNotification: {
611
Type: "Task",
612
Resource: `arn:aws:states:::sns:publish`,
613
Parameters: {
614
TopicArn: notificationTopic.arn,
615
Message: "User processing completed"
616
},
617
End: true
618
},
619
HandleError: {
620
Type: "Task",
621
Resource: errorHandlerFunction.arn,
622
End: true
623
}
624
}
625
}),
626
loggingConfiguration: {
627
logDestination: `${logGroup.arn}:*`,
628
includeExecutionData: true,
629
level: "ALL"
630
},
631
tags: {
632
Name: "UserProcessingWorkflow",
633
Environment: "production"
634
}
635
});
636
```