Amazon Firewall Manager · Arazzo Workflow

Amazon Firewall Manager Decommission Policy

Version 1.0.0

Confirm a policy exists, then delete it and all of its managed resources.

1 workflow 1 source API 1 provider
View Spec View on GitHub ComplianceFirewallNetwork SecuritySecurityArazzoWorkflows

Provider

amazon-firewall-manager

Workflows

decommission-policy
Verify a policy exists and then delete it along with its managed resources.
Confirms the target policy exists with GetPolicy and then deletes it with DeletePolicy, branching to end if the policy is not found.
2 steps inputs: deleteAllPolicyResources, policyId outputs: deletedPolicyArn, deletedPolicyName, deletedStatusCode
1
getPolicy
getPolicy
Read the policy by its id to confirm it exists before deleting it; branch to end when the policy is not found.
2
deletePolicy
deletePolicy
Permanently delete the policy, optionally removing all of its managed resource associations.

Source API Descriptions

openapi
firewallManagerApi https://raw.githubusercontent.com/api-evangelist/amazon-firewall-manager/refs/heads/main/openapi/amazon-firewall-manager-openapi.yml

Arazzo Workflow Specification

amazon-firewall-manager-decommission-policy-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Amazon Firewall Manager Decommission Policy
  summary: Confirm a policy exists, then delete it and all of its managed resources.
  description: >-
    Reads a Firewall Manager policy by its id to confirm it exists, and on a
    successful read deletes the policy with DeletePolicy, optionally removing all
    of its managed resource associations. The read step branches to end the
    workflow when the policy is not found. Each step inlines its request so the
    flow can be read and executed without opening the underlying OpenAPI
    description.
  version: 1.0.0
sourceDescriptions:
- name: firewallManagerApi
  url: ../openapi/amazon-firewall-manager-openapi.yml
  type: openapi
workflows:
- workflowId: decommission-policy
  summary: Verify a policy exists and then delete it along with its managed resources.
  description: >-
    Confirms the target policy exists with GetPolicy and then deletes it with
    DeletePolicy, branching to end if the policy is not found.
  inputs:
    type: object
    required:
    - policyId
    properties:
      policyId:
        type: string
        description: The ID of the policy to delete.
      deleteAllPolicyResources:
        type: boolean
        description: If true, deletes all Firewall Manager-managed resource associations.
  steps:
  - stepId: getPolicy
    description: >-
      Read the policy by its id to confirm it exists before deleting it; branch
      to end when the policy is not found.
    operationId: getPolicy
    parameters:
    - name: policyId
      in: path
      value: $inputs.policyId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      policyName: $response.body#/Policy/PolicyName
      policyArn: $response.body#/PolicyArn
    onSuccess:
    - name: policyFound
      type: goto
      stepId: deletePolicy
      criteria:
      - condition: $statusCode == 200
    onFailure:
    - name: policyMissing
      type: end
      criteria:
      - condition: $statusCode == 404
  - stepId: deletePolicy
    description: >-
      Permanently delete the policy, optionally removing all of its managed
      resource associations.
    operationId: deletePolicy
    parameters:
    - name: policyId
      in: path
      value: $inputs.policyId
    - name: deleteAllPolicyResources
      in: query
      value: $inputs.deleteAllPolicyResources
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      deletedStatusCode: $statusCode
  outputs:
    deletedPolicyName: $steps.getPolicy.outputs.policyName
    deletedPolicyArn: $steps.getPolicy.outputs.policyArn
    deletedStatusCode: $steps.deletePolicy.outputs.deletedStatusCode