konokenj.cdk-api-mcp-server 0.32.0__py3-none-any.whl → 0.34.0__py3-none-any.whl

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-cross-stack-source.ts

@@ -0,0 +1,48 @@
+import { App, Stack, StackProps } from 'aws-cdk-lib';
+import { UserPool } from 'aws-cdk-lib/aws-cognito';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import { ExpectedResult } from '@aws-cdk/integ-tests-alpha';
+import { Construct } from 'constructs';
+import { BucketDeployment, Source } from 'aws-cdk-lib/aws-s3-deployment';
+import { Bucket } from 'aws-cdk-lib/aws-s3';
+
+class Stack2 extends Stack {
+  userPool: UserPool;
+
+  constructor (scope: Construct, id: string, props: StackProps = {}) {
+    super(scope, id, props);
+    this.userPool = new UserPool(this, 'userpool');
+  }
+}
+
+class Stack1 extends Stack {
+  bucket: Bucket;
+
+  constructor (scope: Construct, id: string, props: { userPool: UserPool }) {
+    super(scope, id);
+    this.bucket = new Bucket(this, 'bucket');
+    new BucketDeployment(this, 'XXXXXXXXXX', {
+      destinationBucket: this.bucket,
+      sources: [
+        Source.data('test.txt', props.userPool.userPoolId),
+      ],
+    });
+  }
+}
+
+const app = new App();
+const stack2 = new Stack2(app, 'stack2');
+const stack1 = new Stack1(app, 'stack1', { userPool: stack2.userPool });
+
+const integTest = new integ.IntegTest(app, 'integ-cross-stack-source', {
+  testCases: [
+    stack1,
+  ],
+});
+
+integTest.assertions.awsApiCall('S3', 'getObject', {
+  Bucket: stack1.bucket.bucketName,
+  Key: 'test.txt',
+}).expect(ExpectedResult.objectLike({
+  Body: stack2.userPool.userPoolId,
+}));

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.invoke-jsonata.ts

@@ -1,112 +1,119 @@
-import * as path from 'path';
-import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
-import * as cdk from 'aws-cdk-lib';
-import * as apigateway from 'aws-cdk-lib/aws-apigateway';
-import * as events from 'aws-cdk-lib/aws-events';
+import { Code, Function } from 'aws-cdk-lib/aws-lambda';
 import * as sfn from 'aws-cdk-lib/aws-stepfunctions';
-import * as lambda from 'aws-cdk-lib/aws-lambda-nodejs';
-import * as tasks from 'aws-cdk-lib/aws-stepfunctions-tasks';
-import { password, username } from './my-lambda-handler';
+import * as cdk from 'aws-cdk-lib';
+import { LambdaInvoke } from 'aws-cdk-lib/aws-stepfunctions-tasks';
+import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
+import { STANDARD_NODEJS_RUNTIME } from '../../../config';
 
 /*
- * Creates an API Gateway instance with a GET method and mock integration,
- * secured with basic auth. It then creates a matching Connection and uses it
- * in a state machine with a task state to invoke the endpoint.
+ * Creates a state machine with a task state to invoke a Lambda function
+ * The state machine creates a couple of Lambdas that pass results forward
+ * and into a Choice state that validates the output.
+ *
+ * Stack verification steps:
+ * The generated State Machine can be executed from the CLI (or Step Functions console)
+ * and runs with an execution status of `Succeeded`.
  *
- * Stack verification steps :
- * * aws stepfunctions start-execution --state-machine-arn <deployed state machine arn> : should return execution arn
- * * aws stepfunctions describe-execution --execution-arn <execution-arn generated before> : should return status as SUCCEEDED
+ * -- aws stepfunctions start-execution --state-machine-arn <state-machine-arn-from-output> provides execution arn
+ * -- aws stepfunctions describe-execution --execution-arn <state-machine-arn-from-output> returns a status of `Succeeded`
  */
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
   },
 });
-const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-http-invoke-integ');
+const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-lambda-invoke-jsonata-integ');
 
-const authorizerHandler = new lambda.NodejsFunction(stack, 'AuthorizerHandler', {
-  entry: path.resolve(__dirname, 'my-lambda-handler', 'index.ts'),
-  handler: 'handler',
+const submitJobLambda = new Function(stack, 'submitJobLambda', {
+  code: Code.fromInline(`exports.handler = async (event, context) => {
+        return {
+          statusCode: '200',
+          body: 'hello, world!',
+          ...event,
+        };
+      };`),
+  runtime: STANDARD_NODEJS_RUNTIME,
+  handler: 'index.handler',
 });
 
-const authorizer = new apigateway.TokenAuthorizer(stack, 'Authorizer', {
-  handler: authorizerHandler,
-  identitySource: 'method.request.header.Authorization',
-  resultsCacheTtl: cdk.Duration.seconds(0),
-});
-
-const api = new apigateway.RestApi(stack, 'IntegRestApi');
-
-api.root.addResource('test').addMethod(
-  'GET',
-  new apigateway.MockIntegration({
-    integrationResponses: [
-      {
-        statusCode: '200',
-        responseTemplates: {
-          'application/json': JSON.stringify({ message: 'Hello, tester!' }),
-        },
-      },
-    ],
-    passthroughBehavior: apigateway.PassthroughBehavior.NEVER,
-    requestTemplates: {
-      'application/json': '{ "statusCode": 200 }',
-    },
+const submitJob = LambdaInvoke.jsonata(stack, 'Invoke Handler', {
+  lambdaFunction: submitJobLambda,
+  payload: sfn.TaskInput.fromObject({
+    execId: '{% $states.context.Execution.Id %}',
+    execInput: '{% $states.context.Execution.Input %}',
+    execName: '{% $states.context.Execution.Name %}',
+    execRoleArn: '{% $states.context.Execution.RoleArn %}',
+    execStartTime: '{% $states.context.Execution.StartTime %}',
+    stateEnteredTime: '{% $states.context.State.EnteredTime %}',
+    stateName: '{% $states.context.State.Name %}',
+    stateRetryCount: '{% $states.context.State.RetryCount %}',
+    stateMachineId: '{% $states.context.StateMachine.Id %}',
+    stateMachineName: '{% $states.context.StateMachine.Name %}',
   }),
-  {
-    authorizer,
-    methodResponses: [
-      {
-        statusCode: '200',
-      },
-    ],
-  },
-);
+  outputs: '{% $states.result.Payload %}',
+});
 
-const connection = new events.Connection(stack, 'Connection', {
-  authorization: events.Authorization.basic(username, cdk.SecretValue.unsafePlainText(password)),
+const checkJobStateLambda = new Function(stack, 'checkJobStateLambda', {
+  code: Code.fromInline(`exports.handler = async function(event, context) {
+        const expectedFields = [
+          'execId', 'execInput', 'execName', 'execRoleArn',
+          'execStartTime', 'stateEnteredTime', 'stateName',
+          'stateRetryCount', 'stateMachineId', 'stateMachineName',
+        ];
+        const fieldsAreSet = expectedFields.every(field => event[field] !== undefined);
+        return {
+          status: event.statusCode === '200' && fieldsAreSet ? 'SUCCEEDED' : 'FAILED'
+        };
+  };`),
+  runtime: STANDARD_NODEJS_RUNTIME,
+  handler: 'index.handler',
 });
 
-const httpInvokeTask = tasks.HttpInvoke.jsonata(stack, 'Invoke HTTP Endpoint', {
-  apiRoot: api.urlForPath('/'),
-  apiEndpoint: sfn.TaskInput.fromText('{% $states.input.apiEndpoint %}'),
-  connection,
-  method: sfn.TaskInput.fromText('GET'),
+const checkJobState = LambdaInvoke.jsonata(stack, 'Check the job state', {
+  lambdaFunction: checkJobStateLambda,
   outputs: {
-    ResponseBody: '{% $states.result.ResponseBody %}',
+    status: '{% $states.result.Payload.status %}',
   },
 });
 
+const isComplete = sfn.Choice.jsonata(stack, 'Job Complete?');
+const jobFailed = sfn.Fail.jsonata(stack, 'Job Failed', {
+  cause: 'Job Failed',
+  error: 'Received a status that was not 200',
+});
+const finalStatus = sfn.Pass.jsonata(stack, 'Final step');
+
+const chain = sfn.Chain.start(submitJob)
+  .next(checkJobState)
+  .next(
+    isComplete
+      .when(sfn.Condition.jsonata("{% $states.input.status = 'FAILED' %}"), jobFailed)
+      .when(sfn.Condition.jsonata("{% $states.input.status = 'SUCCEEDED' %}"), finalStatus),
+  );
+
 const sm = new sfn.StateMachine(stack, 'StateMachine', {
-  definition: httpInvokeTask,
+  definition: chain,
   timeout: cdk.Duration.seconds(30),
 });
 
-const testCase = new IntegTest(app, 'HttpInvokeTest', {
-  testCases: [stack],
+new cdk.CfnOutput(stack, 'stateMachineArn', {
+  value: sm.stateMachineArn,
 });
 
-// Start an execution
-const start = testCase.assertions.awsApiCall('@aws-sdk/client-sfn', 'StartExecution', {
-  stateMachineArn: sm.stateMachineArn,
-  input: JSON.stringify({
-    apiEndpoint: '/test',
-  }),
+const integ = new IntegTest(app, 'IntegTest', {
+  testCases: [stack],
 });
-
-// describe the results of the execution
-const describe = testCase.assertions.awsApiCall('@aws-sdk/client-sfn', 'DescribeExecution', {
-  executionArn: start.getAttString('executionArn'),
+const res = integ.assertions.awsApiCall('@aws-sdk/client-sfn', 'StartExecution', {
+  stateMachineArn: sm.stateMachineArn,
 });
-
-// assert the results
-describe.expect(ExpectedResult.objectLike({
+const executionArn = res.getAttString('executionArn');
+integ.assertions.awsApiCall('@aws-sdk/client-sfn', 'DescribeExecution', {
+  executionArn,
+}).expect(ExpectedResult.objectLike({
   status: 'SUCCEEDED',
-  output: JSON.stringify({
-    ResponseBody: {
-      message: 'Hello, tester!',
-    },
-  }),
-}));
+})).waitForAssertions({
+  totalTimeout: cdk.Duration.seconds(10),
+  interval: cdk.Duration.seconds(3),
+});
 
 app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.invoke.ts

@@ -1,101 +1,119 @@
-import * as path from 'path';
-import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
-import * as cdk from 'aws-cdk-lib';
-import * as apigateway from 'aws-cdk-lib/aws-apigateway';
-import * as events from 'aws-cdk-lib/aws-events';
+import { Code, Function } from 'aws-cdk-lib/aws-lambda';
 import * as sfn from 'aws-cdk-lib/aws-stepfunctions';
-import * as lambda from 'aws-cdk-lib/aws-lambda-nodejs';
-import * as tasks from 'aws-cdk-lib/aws-stepfunctions-tasks';
-import { password, username } from './my-lambda-handler';
+import * as cdk from 'aws-cdk-lib';
+import { LambdaInvoke } from 'aws-cdk-lib/aws-stepfunctions-tasks';
+import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
+import { STANDARD_NODEJS_RUNTIME } from '../../../config';
 
 /*
- * Creates an API Gateway instance with a GET method and mock integration,
- * secured with basic auth. It then creates a matching Connection and uses it
- * in a state machine with a task state to invoke the endpoint.
+ * Creates a state machine with a task state to invoke a Lambda function
+ * The state machine creates a couple of Lambdas that pass results forward
+ * and into a Choice state that validates the output.
+ *
+ * Stack verification steps:
+ * The generated State Machine can be executed from the CLI (or Step Functions console)
+ * and runs with an execution status of `Succeeded`.
  *
- * Stack verification steps :
- * * aws stepfunctions start-execution --state-machine-arn <deployed state machine arn> : should return execution arn
- * * aws stepfunctions describe-execution --execution-arn <execution-arn generated before> : should return status as SUCCEEDED
+ * -- aws stepfunctions start-execution --state-machine-arn <state-machine-arn-from-output> provides execution arn
+ * -- aws stepfunctions describe-execution --execution-arn <state-machine-arn-from-output> returns a status of `Succeeded`
  */
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
   },
 });
-const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-http-invoke-integ');
+const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-lambda-invoke-integ');
 
-const authorizerHandler = new lambda.NodejsFunction(stack, 'AuthorizerHandler', {
-  entry: path.resolve(__dirname, 'my-lambda-handler', 'index.ts'),
-  handler: 'handler',
+const submitJobLambda = new Function(stack, 'submitJobLambda', {
+  code: Code.fromInline(`exports.handler = async (event, context) => {
+        return {
+          statusCode: '200',
+          body: 'hello, world!',
+          ...event,
+        };
+      };`),
+  runtime: STANDARD_NODEJS_RUNTIME,
+  handler: 'index.handler',
 });
 
-const authorizer = new apigateway.TokenAuthorizer(stack, 'Authorizer', {
-  handler: authorizerHandler,
-  identitySource: 'method.request.header.Authorization',
-  resultsCacheTtl: cdk.Duration.seconds(0),
+const submitJob = new LambdaInvoke(stack, 'Invoke Handler', {
+  lambdaFunction: submitJobLambda,
+  payload: sfn.TaskInput.fromObject({
+    execId: sfn.JsonPath.executionId,
+    execInput: sfn.JsonPath.executionInput,
+    execName: sfn.JsonPath.executionName,
+    execRoleArn: sfn.JsonPath.executionRoleArn,
+    execStartTime: sfn.JsonPath.executionStartTime,
+    stateEnteredTime: sfn.JsonPath.stateEnteredTime,
+    stateName: sfn.JsonPath.stateName,
+    stateRetryCount: sfn.JsonPath.stateRetryCount,
+    stateMachineId: sfn.JsonPath.stateMachineId,
+    stateMachineName: sfn.JsonPath.stateMachineName,
+  }),
+  outputPath: '$.Payload',
 });
 
-const api = new apigateway.RestApi(stack, 'IntegRestApi');
+const checkJobStateLambda = new Function(stack, 'checkJobStateLambda', {
+  code: Code.fromInline(`exports.handler = async function(event, context) {
+        const expectedFields = [
+          'execId', 'execInput', 'execName', 'execRoleArn',
+          'execStartTime', 'stateEnteredTime', 'stateName',
+          'stateRetryCount', 'stateMachineId', 'stateMachineName',
+        ];
+        const fieldsAreSet = expectedFields.every(field => event[field] !== undefined);
+        return {
+          status: event.statusCode === '200' && fieldsAreSet ? 'SUCCEEDED' : 'FAILED'
+        };
+  };`),
+  runtime: STANDARD_NODEJS_RUNTIME,
+  handler: 'index.handler',
+});
 
-api.root.addResource('test').addMethod(
-  'GET',
-  new apigateway.MockIntegration({
-    integrationResponses: [
-      {
-        statusCode: '200',
-        responseTemplates: {
-          'application/json': JSON.stringify({ message: 'Hello, tester!' }),
-        },
-      },
-    ],
-    passthroughBehavior: apigateway.PassthroughBehavior.NEVER,
-    requestTemplates: {
-      'application/json': '{ "statusCode": 200 }',
-    },
-  }),
-  {
-    authorizer,
-    methodResponses: [
-      {
-        statusCode: '200',
-      },
-    ],
+const checkJobState = new LambdaInvoke(stack, 'Check the job state', {
+  lambdaFunction: checkJobStateLambda,
+  resultSelector: {
+    status: sfn.JsonPath.stringAt('$.Payload.status'),
   },
-);
-
-const connection = new events.Connection(stack, 'Connection', {
-  authorization: events.Authorization.basic(username, cdk.SecretValue.unsafePlainText(password)),
 });
 
-const httpInvokeTask = new tasks.HttpInvoke(stack, 'Invoke HTTP Endpoint', {
-  apiRoot: api.urlForPath('/'),
-  apiEndpoint: sfn.TaskInput.fromText('/test'),
-  connection,
-  method: sfn.TaskInput.fromText('GET'),
+const isComplete = new sfn.Choice(stack, 'Job Complete?');
+const jobFailed = new sfn.Fail(stack, 'Job Failed', {
+  cause: 'Job Failed',
+  error: 'Received a status that was not 200',
 });
+const finalStatus = new sfn.Pass(stack, 'Final step');
+
+const chain = sfn.Chain.start(submitJob)
+  .next(checkJobState)
+  .next(
+    isComplete
+      .when(sfn.Condition.stringEquals('$.status', 'FAILED'), jobFailed)
+      .when(sfn.Condition.stringEquals('$.status', 'SUCCEEDED'), finalStatus),
+  );
 
 const sm = new sfn.StateMachine(stack, 'StateMachine', {
-  definition: httpInvokeTask,
+  definition: chain,
   timeout: cdk.Duration.seconds(30),
 });
 
-const testCase = new IntegTest(app, 'HttpInvokeTest', {
-  testCases: [stack],
+new cdk.CfnOutput(stack, 'stateMachineArn', {
+  value: sm.stateMachineArn,
 });
 
-// Start an execution
-const start = testCase.assertions.awsApiCall('StepFunctions', 'startExecution', {
-  stateMachineArn: sm.stateMachineArn,
+const integ = new IntegTest(app, 'IntegTest', {
+  testCases: [stack],
 });
-
-// describe the results of the execution
-const describe = testCase.assertions.awsApiCall('StepFunctions', 'describeExecution', {
-  executionArn: start.getAttString('executionArn'),
+const res = integ.assertions.awsApiCall('StepFunctions', 'startExecution', {
+  stateMachineArn: sm.stateMachineArn,
 });
-
-// assert the results
-describe.expect(ExpectedResult.objectLike({
+const executionArn = res.getAttString('executionArn');
+integ.assertions.awsApiCall('StepFunctions', 'describeExecution', {
+  executionArn,
+}).expect(ExpectedResult.objectLike({
   status: 'SUCCEEDED',
-}));
+})).waitForAssertions({
+  totalTimeout: cdk.Duration.seconds(10),
+  interval: cdk.Duration.seconds(3),
+});
 
 app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.start-job-run.ts

@@ -1,69 +1,122 @@
-import * as path from 'path';
-import * as glue from 'aws-cdk-lib/aws-glue';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as eks from 'aws-cdk-lib/aws-eks';
+import { AwsAuthMapping } from 'aws-cdk-lib/aws-eks';
 import * as iam from 'aws-cdk-lib/aws-iam';
-import * as assets from 'aws-cdk-lib/aws-s3-assets';
 import * as sfn from 'aws-cdk-lib/aws-stepfunctions';
 import * as cdk from 'aws-cdk-lib';
-import { GlueStartJobRun } from 'aws-cdk-lib/aws-stepfunctions-tasks';
-import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { Aws } from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import { KubectlV31Layer } from '@aws-cdk/lambda-layer-kubectl-v31';
+import { EmrContainersStartJobRun, ReleaseLabel, VirtualClusterInput } from 'aws-cdk-lib/aws-stepfunctions-tasks';
+import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP } from 'aws-cdk-lib/cx-api';
 
-/*
+/**
  * Stack verification steps:
- * * aws stepfunctions start-execution --state-machine-arn <deployed state machine arn>
- * * aws stepfunctions describe-execution --execution-arn <execution arn created above>
- * The "describe-execution" call should eventually return status "SUCCEEDED".
- * NOTE: It will take up to 15 minutes for the step function to complete due to the cold start time
- * for AWS Glue, which as of 02/2020, is around 10-15 minutes.
+ * Everything in the link below must be setup before running the state machine.
+ * @see https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.html
+ * aws stepfunctions start-execution --state-machine-arn <deployed state machine arn> : should return execution arn
+ * aws stepfunctions describe-execution --execution-arn <exection-arn generated before> : should return status as SUCCEEDED
  */
 
-const app = new cdk.App();
-const stack = new cdk.Stack(app, 'aws-stepfunctions-integ');
+const app = new cdk.App({
+  postCliContext: {
+    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
+    '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
+  },
+});
+const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-emr-containers-start-job-run');
+stack.node.setContext(EC2_RESTRICT_DEFAULT_SECURITY_GROUP, false);
+
+const eksCluster = new eks.Cluster(stack, 'integration-test-eks-cluster', {
+  version: eks.KubernetesVersion.V1_30,
+  defaultCapacity: 3,
+  defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.XLARGE),
+  kubectlLayer: new KubectlV31Layer(stack, 'KubectlLayer'),
+});
 
-const codeAsset = new assets.Asset(stack, 'Glue Job Script', {
-  path: path.join(__dirname, 'my-glue-script/job.py'),
+const virtualCluster = new cdk.CfnResource(stack, 'Virtual Cluster', {
+  type: 'AWS::EMRContainers::VirtualCluster',
+  properties: {
+    ContainerProvider: {
+      Id: eksCluster.clusterName,
+      Info: {
+        EksInfo: {
+          Namespace: 'default',
+        },
+      },
+      Type: 'EKS',
+    },
+    Name: 'Virtual-Cluster-Name',
+  },
 });
 
-const jobRole = new iam.Role(stack, 'Glue Job Role', {
-  assumedBy: new iam.ServicePrincipal('glue'),
-  managedPolicies: [
-    iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSGlueServiceRole'),
+const emrRole = eksCluster.addManifest('emrRole', {
+  apiVersion: 'rbac.authorization.k8s.io/v1',
+  kind: 'Role',
+  metadata: { name: 'emr-containers', namespace: 'default' },
+  rules: [
+    { apiGroups: [''], resources: ['namespaces'], verbs: ['get'] },
+    { apiGroups: [''], resources: ['serviceaccounts', 'services', 'configmaps', 'events', 'pods', 'pods/log'], verbs: ['get', 'list', 'watch', 'describe', 'create', 'edit', 'delete', 'deletecollection', 'annotate', 'patch', 'label'] },
+    { apiGroups: [''], resources: ['secrets'], verbs: ['create', 'patch', 'delete', 'watch'] },
+    { apiGroups: ['apps'], resources: ['statefulsets', 'deployments'], verbs: ['get', 'list', 'watch', 'describe', 'create', 'edit', 'delete', 'annotate', 'patch', 'label'] },
+    { apiGroups: ['batch'], resources: ['jobs'], verbs: ['get', 'list', 'watch', 'describe', 'create', 'edit', 'delete', 'annotate', 'patch', 'label'] },
+    { apiGroups: ['extensions'], resources: ['ingresses'], verbs: ['get', 'list', 'watch', 'describe', 'create', 'edit', 'delete', 'annotate', 'patch', 'label'] },
+    { apiGroups: ['rbac.authorization.k8s.io'], resources: ['roles', 'rolebindings'], verbs: ['get', 'list', 'watch', 'describe', 'create', 'edit', 'delete', 'deletecollection', 'annotate', 'patch', 'label'] },
   ],
 });
-codeAsset.grantRead(jobRole);
 
-const job = new glue.CfnJob(stack, 'Glue Job', {
-  name: 'My Glue Job',
-  glueVersion: '1.0',
-  command: {
-    name: 'glueetl',
-    pythonVersion: '3',
-    scriptLocation: `s3://${codeAsset.s3BucketName}/${codeAsset.s3ObjectKey}`,
-  },
-  role: jobRole.roleArn,
+const emrRoleBind = eksCluster.addManifest('emrRoleBind', {
+  apiVersion: 'rbac.authorization.k8s.io/v1',
+  kind: 'RoleBinding',
+  metadata: { name: 'emr-containers', namespace: 'default' },
+  subjects: [{ kind: 'User', name: 'emr-containers', apiGroup: 'rbac.authorization.k8s.io' }],
+  roleRef: { kind: 'Role', name: 'emr-containers', apiGroup: 'rbac.authorization.k8s.io' },
 });
 
-const jobTask = new GlueStartJobRun(stack, 'Glue Job Task', {
-  glueJobName: job.name!,
-  integrationPattern: sfn.IntegrationPattern.RUN_JOB,
-  arguments: sfn.TaskInput.fromObject({
-    '--enable-metrics': 'true',
-  }),
+emrRoleBind.node.addDependency(emrRole);
+
+const emrServiceRole = iam.Role.fromRoleArn(stack, 'emrServiceRole', 'arn:aws:iam::'+Aws.ACCOUNT_ID+':role/AWSServiceRoleForAmazonEMRContainers');
+const authMapping: AwsAuthMapping = { groups: [], username: 'emr-containers' };
+eksCluster.awsAuth.addRoleMapping(emrServiceRole, authMapping);
+
+virtualCluster.node.addDependency(emrRoleBind);
+virtualCluster.node.addDependency(eksCluster.awsAuth);
+
+const startJobRunJob = new EmrContainersStartJobRun(stack, 'Start a Job Run', {
+  virtualCluster: VirtualClusterInput.fromVirtualClusterId(virtualCluster.getAtt('Id').toString()),
+  releaseLabel: ReleaseLabel.EMR_6_2_0,
+  jobName: 'EMR-Containers-Job',
+  jobDriver: {
+    sparkSubmitJobDriver: {
+      entryPoint: sfn.TaskInput.fromText('local:///usr/lib/spark/examples/src/main/python/pi.py'),
+      entryPointArguments: sfn.TaskInput.fromObject(['2']),
+      sparkSubmitParameters: '--conf spark.driver.memory=512M --conf spark.kubernetes.driver.request.cores=0.2 --conf spark.kubernetes.executor.request.cores=0.2 --conf spark.sql.shuffle.partitions=60 --conf spark.dynamicAllocation.enabled=false',
+    },
+  },
 });
 
-const startTask = new sfn.Pass(stack, 'Start Task');
-const endTask = new sfn.Pass(stack, 'End Task');
+const chain = sfn.Chain.start(startJobRunJob);
 
-const stateMachine = new sfn.StateMachine(stack, 'State Machine', {
-  definition: sfn.Chain.start(startTask).next(jobTask).next(endTask),
+const sm = new sfn.StateMachine(stack, 'StateMachine', {
+  definition: chain,
+  timeout: cdk.Duration.seconds(1000),
 });
 
-new cdk.CfnOutput(stack, 'State Machine ARN Output', {
-  value: stateMachine.stateMachineArn,
+new cdk.CfnOutput(stack, 'stateMachineArn', {
+  value: sm.stateMachineArn,
 });
 
-new IntegTest(app, 'AwsSfnIntegTest', {
+new integ.IntegTest(app, 'aws-stepfunctions-tasks-emr-containers-start-job-run-integ', {
   testCases: [stack],
-  diffAssets: true,
+  // Test includes assets that are updated weekly. If not disabled, the upgrade PR will fail.
+  diffAssets: false,
+  cdkCommandOptions: {
+    deploy: {
+      args: {
+        rollback: true,
+      },
+    },
+  },
 });
 
 app.synth();