Post Syndicated from James Beswick original https://aws.amazon.com/blogs/compute/using-jsonpath-effectively-in-aws-step-functions/
This post is written by Dhiraj Mahapatro, Senior Serverless Specialist SA, Serverless.
AWS Step Functions uses Amazon States Language (ASL), which is a JSON-based, structured language used to define the state machine. ASL uses paths for input and output processing in between states. Paths follow JSONPath syntax.
JSONPath provides the capability to select parts of JSON structures similar to how XPath expressions select nodes of XML documents. Step Functions provides the data flow simulator, which helps in modeling input and output path processing using JSONPath.
This blog post explains how you can effectively use JSONPath in a Step Functions workflow. It shows how you can separate concerns between states by specifically identifying input to and output from each state. It also explains how you can use advanced JSONPath expressions for filtering and mapping JSON content.
Overview
The sample application in this blog is based on a use case in the insurance domain. A new potential customer signs up with an insurance company by creating an account. The customer provides their basic information, and their interests in the types of insurances for shopping later.
The information provided by the potential insurance customer is accepted by the insurance company’s new account application for processing. This application is built using Step Functions, which accepts provided input as a JSON payload and applies the following business logic:
- Verify the identity of the user.
- Verify the address of the user.
- Approve the new account application if the checks pass.
- Upon approval, insert user information into the Amazon DynamoDB Accounts table.
- Collect home insurance interests and store in an Amazon SQS queue.
- Send email notification to the user about the application approval.
- Deny the new account application if the checks fail.
- Send an email notification to the user about the application denial.
Deploying the application
Before deploying the solution, you need:
- An AWS account (sign up for an account if you don’t have one).
- The AWS SAM CLI installed.
- Node.js installed (version 14 minimum).
To deploy:
- From a terminal window, clone the GitHub repo:
git clone [email protected]:aws-samples/serverless-account-signup-service.git - Change directory:
cd ./serverless-account-signup-service - Download and install dependencies:
sam build - Deploy the application to your AWS account:
sam deploy --guided - During the guided deployment process, enter a valid email address for the parameter “Email” to receive email notifications.
- Once deployed, a confirmation email is sent to the provided email address from SNS. Confirm the subscription by clicking the link in the email.
To run the application using the AWS CLI, replace the state machine ARN from the output of deployment steps:
aws stepfunctions start-execution \
--state-machine-arn <StepFunctionArnHere> \
--input "{\"data\":{\"firstname\":\"Jane\",\"lastname\":\"Doe\",\"identity\":{\"email\":\"[email protected]\",\"ssn\":\"123-45-6789\"},\"address\":{\"street\":\"123 Main St\",\"city\":\"Columbus\",\"state\":\"OH\",\"zip\":\"43219\"},\"interests\":[{\"category\":\"home\",\"type\":\"own\",\"yearBuilt\":2004},{\"category\":\"auto\",\"type\":\"car\",\"yearBuilt\":2012},{\"category\":\"boat\",\"type\":\"snowmobile\",\"yearBuilt\":2020},{\"category\":\"auto\",\"type\":\"motorcycle\",\"yearBuilt\":2018},{\"category\":\"auto\",\"type\":\"RV\",\"yearBuilt\":2015},{\"category\":\"home\",\"type\":\"business\",\"yearBuilt\":2009}]}}"
Paths in Step Functions
Here is the sample payload structure :
{
"data": {
"firstname": "Jane",
"lastname": "Doe",
"identity": {
"email": "[email protected]",
"ssn": "123-45-6789"
},
"address": {
"street": "123 Main St",
"city": "Columbus",
"state": "OH",
"zip": "43219"
},
"interests": [
{"category": "home", "type": "own", "yearBuilt": 2004},
{"category": "auto", "type": "car", "yearBuilt": 2012},
{"category": "boat", "type": "snowmobile", "yearBuilt": 2020},
{"category": "auto", "type": "motorcycle", "yearBuilt": 2018},
{"category": "auto", "type": "RV", "yearBuilt": 2015},
{"category": "home", "type": "business", "yearBuilt": 2009}
]
}
}
The payload has data about the new user (identity and address information) and the user’s interests in the types of insurance.
The Compute Blog post on using data flow simulator elaborates on how to use Step Functions paths. To summarize how paths work:
InputPath– What input does a task need?Parameters– How does the task need the structure of the input to be?ResultSelectors– What to choose from the task’s output?ResultPath– Where to put the chosen output?OutputPath– What output to send to the next state?
The key idea is that the input of downstream states input depends on the output of previous states. JSONPath expressions help structuring input and output between states.
Using JSONPath inside paths
This is how paths are used in the sample application for each type.
InputPath
The first two main tasks in the Step Functions state machine validate the identity and the address of the user. Since both validations are unrelated, they can work independently by using parallel state.
Each state needs the identity and address information provided by the input payload. There is no requirement to provide interests to those states, so InputPath can help answer “What input does a task need?”.
Inside the Check Identity state:
"InputPath": "$.data.identity"
Inside the Check Address state:
"InputPath": "$.data.address"
Parameters
What should the input of the underlying task look like? Check Identity and Check Address use their respective AWS Lambda functions. When Lambda functions or any other AWS service integration is used as a task, the state machine should follow the request syntax of the corresponding service.
For a Lambda function as a task, the state should provide the FunctionName and an optional Payload as parameters. For the Check Identity state, the parameters section looks like:
"Parameters": {
"FunctionName": "${CheckIdentityFunctionArn}",
"Payload.$": "$"
}
Here, Payload is the entire identity JSON object provided by InputPath.
ResultSelector
Once the Check Identity task is invoked, the Lambda function successfully validates the user’s identity and responds with an approval response:
{
"ExecutedVersion": "$LATEST",
"Payload": {
"statusCode": "200",
"body": "{\"approved\": true,\"message\": \"identity validation passed\"}"
},
"SdkHttpMetadata": {
"HttpHeaders": {
"Connection": "keep-alive",
"Content-Length": "43",
"Content-Type": "application/json",
"Date": "Thu, 16 Apr 2020 17:58:15 GMT",
"X-Amz-Executed-Version": "$LATEST",
"x-amzn-Remapped-Content-Length": "0",
"x-amzn-RequestId": "88fba57b-adbe-467f-abf4-daca36fc9028",
"X-Amzn-Trace-Id": "root=1-5e989cb6-90039fd8971196666b022b62;sampled=0"
},
"HttpStatusCode": 200
},
"SdkResponseMetadata": {
"RequestId": "88fba57b-adbe-467f-abf4-daca36fc9028"
},
"StatusCode": 200
}
The identity validation approval must be provided to the downstream states for additional processing. However, the downstream states only need the Payload.body from the preceding JSON.
You can use a combination of intrinsic function and ResultSelector to choose attributes from the task’s output:
"ResultSelector": {
"identity.$": "States.StringToJson($.Payload.body)"
}
ResultSelector takes the JSON string $.Payload.body and applies States.StringToJson to convert the string to JSON store in a new attribute named identity:
"identity": {
"approved": true,
"message": "identity validation passed"
}
When Check Identity and Check Address states finish their work and exit, the step output from each state is captured as a JSON array. This JSON array is the step output of the parallel state. Reconcile the results from the JSON array using the ResultSelector that is available in parallel state.
"ResultSelector": {
"identityResult.$": "$[0].result.identity",
"addressResult.$": "$[1].result.address"
}
ResultPath
After ResultSelector, where should the identity result go to in the initial payload? The downstream states need access to the actual input payload in addition to the results from the previous state. ResultPath provides the mechanism to extend the initial payload to add results from the previous state.
ResultPath: "$.result" informs the state machine that any result selected from the task output (actual output if none specified) should go under result JSON attribute and result should get added to the incoming payload. The output from ResultPath looks like:
{
"data": {
"firstname": "Jane",
"lastname": "Doe",
"identity": {
"email": "[email protected]",
"ssn": "123-45-6789"
},
"address": {
"street": "123 Main St",
"city": "Columbus",
"state": "OH",
"zip": "43219"
},
"interests": [
{"category":"home", "type":"own", "yearBuilt":2004},
{"category":"auto", "type":"car", "yearBuilt":2012},
{"category":"boat", "type":"snowmobile","yearBuilt":2020},
{"category":"auto", "type":"motorcycle","yearBuilt":2018},
{"category":"auto", "type":"RV", "yearBuilt":2015},
{"category":"home", "type":"business", "yearBuilt":2009}
]
},
"result": {
"identity": {
"approved": true,
"message": "identity validation passed"
}
}
}
The preceding JSON has results from an operation but also the incoming payload is intact for business logic in downstream states.
This pattern ensures that the previous state keeps the payload hydrated for the next state. Use these combinations of paths across all states to make sure that each state has all the information needed.
As with the parallel state’s ResultSelector, an appropriate ResultPath is needed to hold both the results from Check Identity and Check Address to get the below results JSON object added to the payload:
"results": {
"addressResult": {
"approved": true,
"message": "address validation passed"
},
"identityResult": {
"approved": true,
"message": "identity validation passed"
}
}
With this approach for all of the downstream states, the input payload is still intact and the state machine has collected results from each state in results.
OutputPath
To return results from the state machine, ideally you do not send back the input payload to the caller of the Step Functions workflow. You can use OutputPath to select a portion of the state output as an end result. OutputPath determines what output to send to the next state.
In the sample application, the last states (Approved Message and Deny Message) defined OutputPath as:
“OutputPath”: “$.results”
The output from the state machine is:
{
"addressResult": {
"approved": true,
"message": "address validation passed"
},
"identityResult": {
"approved": true,
"message": "identity validation passed"
},
"accountAddition": {
"statusCode": 200
},
"homeInsuranceInterests": {
"statusCode": 200
},
"sendApprovedNotification": {
"statusCode": 200
}
}
This response strategy is also effective when using a Synchronous Express Workflow for this business logic.
Advanced JSONPath
You can declaratively use advanced JSONPath expressions to apply logic without writing imperative code in utility functions.
Let’s focus on the interests that the new customer has asked for in the input payload. The Step Functions state machine has a state that focuses on interests in the “home” insurance category. Once the new account application is approved and added to the database successfully, the application captures home insurance interests. It adds home-related detail in an HomeInterestsQueue SQS queue and transitions to the Approved Message state.
The interests JSON array has the information about insurance interests. An effective way to get home-related details is to filter out the interests array based on the category “home”. You can try this in data flow simulator:
You can apply additional filter expressions to filter data according to your use case. To learn more, visit the the data flow simulator blog.
Inside the state machine JSON, the Home Insurance Interests task has:
"InputPath": "$..interests[?(@.category==home)]"
It uses advanced JSONPath with $.. notation and [?(@.category==home)] filters.
Using advanced expressions on JSONPath is not limited to home insurance interests and can be extended to other categories and business logic.
Cleanup
To delete the sample application, use the latest version of the AWS SAM CLI and run:
sam delete
Conclusion
This post uses a sample application to highlight effective use of JSONPath and data filtering strategies that can be used in Step Functions.
JSONPath provides the flexibility to work on JSON objects and arrays inside the Step Functions states machine by reducing the amount of utility code. It allows developers to build state machines by separating concerns for states’ input and output data. Advanced JSONPath expressions help writing declarative filtering logic without needing imperative utility code, optimizing cost, and performance.
For more serverless learning resources, visit Serverless Land.
![[Security Nation] Michael Daniel on the Cyber Threat Alliance](https://blog.rapid7.com/content/images/2021/10/security_nation_logo.jpg){kind=logo}
![[Security Nation] Michael Daniel on the Cyber Threat Alliance](https://blog.rapid7.com/content/images/2021/10/Michael-Daniel--2400-px-.jpg)
