identify which aws sdk apis allow Step Function's "Run a Job (.sync)" and "Wait for a Callback with the Task Token" integrations by default/optimized integration

Pasting the answer I received from Support, which has lot of explanations. I assume pasting the answer here will help others.

Investigating our AWS Step Functions documentation, within this document [1] is a list of supported service integrations within each of the AWS Services - for Optimized SDK Integrations When it comes to identifying which integration patterns are supported, by going into the specific service you are using with Step Function - for an example let's choose Athena [2] it shows which API's are supported in Request Response and Run a job(.sync).

However as I also see the AWS SDK Integrations [3] don't have a list of what is supported with these patterns. When it comes to identifying which pattern will be supported, it will have to be based on the specific service API's supported.

A direct document or a post that identifies ALL Service API and it's supported Integrations would be more convenient, at the moment such document does not exist. However below I have some guidance in identifying specific API's and whether they will be supported.

Run a Job (.sync) ────────────── For Run a Job (.sync) Integration Pattern, if the downstream service supports a "Describe" Action or a "Get" on the Job/Task - it will support .sync integrations. Step Functions in the background uses EventBridge and polls the API for a status. So if you have a StepFunction calling another step function i.e.states:StartExecution.sync, Step Functions performs polling on the DescribeExecution API. Now this works because a Step Function execution is an ongoing execution with statuses as it executes, and it can be polled to see where it currently is at.

With Athena as an example StartQueryExecution supports .sync, as there is a GetQueryExecution.

Polling requires permission for Describe or Get API actions on the service, such as ecs:DescribeTasks, glue:GetJobRun, athena:GetQueryExecution. As with the above you start an ECS task, a glue job gets executed or an athena query starts - each will have a pending status that can be polled.

I recommend seeing the IAM Permissions required for tasks using the Run a Job Pattern here [4], which discusses more in this topic. Also by seeing the differences in the policies you can see which API's need the permissions and support .sync

Wait for a Callback with the Task Token ────────────── This specific integration works with services that allow you to send a "Task Token" in a message field to the Service i.e. SQS, SNS, Lambda, ECS and more . . The API you use must have a parameter field in which to place the task token.

For example you cannot do ec2:StartInstances as a callback, because there is no consumer application to send back the Token and there is no field to include the TaskToken to send it to the EC2 service.

The message contents will contain the expected task for a client application to do, and a Task Token to be sent back to the AWS Step Functions service once it's completed. This integration will work when you have a task to be completed that takes a longer amount of time.

So a Lambda function that does processing, it will receive a JSON Event Body from Step Functions as a paylod - complete it's work - send the API "sendTaskSuccess" to AWS Step Functions with the Task Token. Similar situation to ECS, a cluster would have an application that sends back the API to move on to the next step in the Step Functions execution once it's successful.

A rule of thumb is, if the service supports a message body / has downstream processing i.e. SQS / SNS/ EventBridge, TaskTokens will be supported. It requires application code, or a human to send "sendTaskSuccess" to Step Functions to complete. ───────

There is no blog post or a document that has these listed in a single page, being able to find the specific API and see what's supported would be much faster and easier to identify. At the moment it requires looking at the API Documentation for each service, IAM Policies, and seeing the Request Parameters supported for that Service API which takes quite some time.

References: ──────────────

[1] Optimized integrations for Step Functions https://docs.aws.amazon.com/step-functions/latest/dg/connect-supported-services.html

[2] Call Athena with Step Functions https://docs.aws.amazon.com/step-functions/latest/dg/connect-athena.html

[3] AWS SDK service integrations - Supported AWS SDK service integrations https://docs.aws.amazon.com/step-functions/latest/dg/supported-services-awssdk.html#supported-services-awssdk-list

[4] IAM Policies for integrated services - Additional permissions for tasks using the Run a Job pattern https://docs.aws.amazon.com/step-functions/latest/dg/service-integration-iam-templates.html#connect-iam-sync-async

We value your feedback. Please share your experience by rating this and other correspondences in the AWS Support Center. You can rate a correspondence by selecting the stars in the top right corner of the correspondence.