Amazon EC2 · Arazzo Workflow

Amazon EC2 Audit Security Group Usage

Version 1.0.0

Describe a security group, then describe instances filtered by that group.

1 workflow 1 source API 1 provider
View Spec View on GitHub Cloud ComputingComputeIaaSInfrastructureVirtual MachinesArazzoWorkflows

Provider

amazon-ec2

Workflows

audit-security-group-usage
Confirm a security group and list the instances that use it.
Chains DescribeSecurityGroups and DescribeInstances (filtered by the group) so the instances attached to a security group are surfaced in one run.
2 steps inputs: groupId outputs: reservations
1
describeGroup
describeSecurityGroups
Describe the target security group to confirm it exists.
2
listAttachedInstances
describeInstances
Describe instances filtered to those using the security group.

Source API Descriptions

openapi
amazonEc2Api https://raw.githubusercontent.com/api-evangelist/amazon-ec2/refs/heads/main/openapi/amazon-ec2-openapi.yml

Arazzo Workflow Specification

amazon-ec2-audit-security-group-usage-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Amazon EC2 Audit Security Group Usage
  summary: Describe a security group, then describe instances filtered by that group.
  description: >-
    Reports which instances a security group is protecting. The workflow
    describes the target security group to confirm it exists, then describes
    instances filtered by that group so an operator can see exactly which
    instances reference it before making changes. Every step spells out its
    request inline using the Amazon EC2 query protocol (Action and Version
    parameters) so the flow can be read and executed without opening the
    underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: amazonEc2Api
  url: ../openapi/amazon-ec2-openapi.yml
  type: openapi
workflows:
- workflowId: audit-security-group-usage
  summary: Confirm a security group and list the instances that use it.
  description: >-
    Chains DescribeSecurityGroups and DescribeInstances (filtered by the group)
    so the instances attached to a security group are surfaced in one run.
  inputs:
    type: object
    required:
    - groupId
    properties:
      groupId:
        type: string
        description: The ID of the security group to audit.
  steps:
  - stepId: describeGroup
    description: Describe the target security group to confirm it exists.
    operationId: describeSecurityGroups
    parameters:
    - name: Action
      in: query
      value: DescribeSecurityGroups
    - name: Version
      in: query
      value: '2016-11-15'
    - name: GroupId
      in: query
      value: $inputs.groupId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      describeStatus: $statusCode
  - stepId: listAttachedInstances
    description: Describe instances filtered to those using the security group.
    operationId: describeInstances
    parameters:
    - name: Action
      in: query
      value: DescribeInstances
    - name: Version
      in: query
      value: '2016-11-15'
    - name: Filter
      in: query
      value:
      - instance.group-id=$inputs.groupId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      reservations: $response.body#/reservationSet
  outputs:
    reservations: $steps.listAttachedInstances.outputs.reservations