Amazon EC2 · Arazzo Workflow

Amazon EC2 Launch a Secured Instance

Version 1.0.0

Create a security group, open SSH ingress, create a key pair, and launch an instance.

1 workflow 1 source API 1 provider

View Spec View on GitHub Cloud ComputingComputeIaaSInfrastructureVirtual MachinesArazzoWorkflows

Provider

amazon-ec2

Workflows

launch-secured-instance

Stand up a security group, key pair, and a launched EC2 instance in one flow.

Chains CreateSecurityGroup, AuthorizeSecurityGroupIngress, CreateKeyPair, and RunInstances so a single run yields a network-reachable instance bound to a fresh security group and SSH key pair.

4 steps inputs: groupDescription, groupName, imageId, instanceType, keyName, sshCidr, vpcId outputs: instanceId, reservationId

createSecurityGroup

Create a security group to act as the virtual firewall for the instance.

authorizeIngress

authorizeSecurityGroupIngress

Authorize inbound SSH (TCP 22) on the new security group.

createKeyPair

Create an SSH key pair to use for instance access.

runInstance

runInstances

Launch a single instance bound to the new security group and key pair.

Source API Descriptions

openapi

amazonEc2Api https://raw.githubusercontent.com/api-evangelist/amazon-ec2/refs/heads/main/openapi/amazon-ec2-openapi.yml

Arazzo Workflow Specification

arazzo: 1.0.1
info:
  title: Amazon EC2 Launch a Secured Instance
  summary: Create a security group, open SSH ingress, create a key pair, and launch an instance.
  description: >-
    Provisions the minimal footprint needed to launch a reachable EC2 instance.
    The workflow creates a security group, authorizes an inbound SSH rule on it,
    creates an SSH key pair for access, and then launches an instance wired to
    both the new security group and key pair. Every step spells out its request
    inline using the Amazon EC2 query protocol (Action and Version parameters)
    so the flow can be read and executed without opening the underlying OpenAPI
    description.
  version: 1.0.0
sourceDescriptions:
- name: amazonEc2Api
  url: ../openapi/amazon-ec2-openapi.yml
  type: openapi
workflows:
- workflowId: launch-secured-instance
  summary: Stand up a security group, key pair, and a launched EC2 instance in one flow.
  description: >-
    Chains CreateSecurityGroup, AuthorizeSecurityGroupIngress, CreateKeyPair,
    and RunInstances so a single run yields a network-reachable instance bound
    to a fresh security group and SSH key pair.
  inputs:
    type: object
    required:
    - groupName
    - groupDescription
    - keyName
    - imageId
    - instanceType
    properties:
      groupName:
        type: string
        description: The name for the new security group.
      groupDescription:
        type: string
        description: A description for the new security group.
      vpcId:
        type: string
        description: Optional VPC ID to create the security group in.
      sshCidr:
        type: string
        description: The IPv4 CIDR range allowed to reach SSH (e.g. 203.0.113.0/24).
        default: 0.0.0.0/0
      keyName:
        type: string
        description: A unique name for the SSH key pair.
      imageId:
        type: string
        description: The AMI ID to launch the instance from.
      instanceType:
        type: string
        description: The EC2 instance type (e.g. t3.micro).
  steps:
  - stepId: createSecurityGroup
    description: Create a security group to act as the virtual firewall for the instance.
    operationId: createSecurityGroup
    parameters:
    - name: Action
      in: query
      value: CreateSecurityGroup
    - name: Version
      in: query
      value: '2016-11-15'
    - name: GroupName
      in: query
      value: $inputs.groupName
    - name: GroupDescription
      in: query
      value: $inputs.groupDescription
    - name: VpcId
      in: query
      value: $inputs.vpcId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      createStatus: $statusCode
  - stepId: authorizeIngress
    description: Authorize inbound SSH (TCP 22) on the new security group.
    operationId: authorizeSecurityGroupIngress
    parameters:
    - name: Action
      in: query
      value: AuthorizeSecurityGroupIngress
    - name: Version
      in: query
      value: '2016-11-15'
    - name: GroupId
      in: query
      value: $inputs.groupName
    - name: IpProtocol
      in: query
      value: tcp
    - name: FromPort
      in: query
      value: 22
    - name: ToPort
      in: query
      value: 22
    - name: CidrIp
      in: query
      value: $inputs.sshCidr
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      ingressStatus: $statusCode
  - stepId: createKeyPair
    description: Create an SSH key pair to use for instance access.
    operationId: createKeyPair
    parameters:
    - name: Action
      in: query
      value: CreateKeyPair
    - name: Version
      in: query
      value: '2016-11-15'
    - name: KeyName
      in: query
      value: $inputs.keyName
    - name: KeyType
      in: query
      value: rsa
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      keyStatus: $statusCode
  - stepId: runInstance
    description: Launch a single instance bound to the new security group and key pair.
    operationId: runInstances
    parameters:
    - name: Action
      in: query
      value: RunInstances
    - name: Version
      in: query
      value: '2016-11-15'
    - name: ImageId
      in: query
      value: $inputs.imageId
    - name: InstanceType
      in: query
      value: $inputs.instanceType
    - name: MinCount
      in: query
      value: 1
    - name: MaxCount
      in: query
      value: 1
    - name: KeyName
      in: query
      value: $inputs.keyName
    - name: SecurityGroupId
      in: query
      value: $inputs.groupName
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      reservationId: $response.body#/reservationId
      instanceId: $response.body#/instances/0/instanceId
  outputs:
    reservationId: $steps.runInstance.outputs.reservationId
    instanceId: $steps.runInstance.outputs.instanceId