Amazon S3 · Arazzo Workflow

Amazon S3 Configure and Verify Default Encryption

Version 1.0.0

Put a bucket default-encryption configuration then read it back.

1 workflow 1 source API 1 provider
View Spec View on GitHub ArchiveBackupCloud StorageData StorageObject StorageScalable StorageArazzoWorkflows

Provider

amazon-s3

Workflows

set-and-verify-encryption
Put bucket default encryption then get it back to confirm.
Applies a ServerSideEncryptionConfiguration with PutBucketEncryption and confirms it with GetBucketEncryption.
2 steps inputs: bucket, rules outputs: rules
1
putEncryption
PutBucketEncryption
Write the default encryption configuration to the bucket.
2
getEncryption
GetBucketEncryption
Read the encryption configuration back to confirm the rule is now applied to the bucket.

Source API Descriptions

openapi
s3RestApi https://raw.githubusercontent.com/api-evangelist/amazon-s3/refs/heads/main/openapi/amazon-s3-rest-api-openapi.yml

Arazzo Workflow Specification

amazon-s3-set-bucket-encryption-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Amazon S3 Configure and Verify Default Encryption
  summary: Put a bucket default-encryption configuration then read it back.
  description: >-
    A data-protection flow for Amazon S3. The workflow writes a default
    server-side encryption configuration to the bucket so that new objects are
    encrypted at rest, and then reads the configuration back to confirm the rule
    is in effect. Every step spells out its request inline so the flow can be read
    and executed without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: s3RestApi
  url: ../openapi/amazon-s3-rest-api-openapi.yml
  type: openapi
workflows:
- workflowId: set-and-verify-encryption
  summary: Put bucket default encryption then get it back to confirm.
  description: >-
    Applies a ServerSideEncryptionConfiguration with PutBucketEncryption and
    confirms it with GetBucketEncryption.
  inputs:
    type: object
    required:
    - bucket
    - rules
    properties:
      bucket:
        type: string
        description: The bucket to configure default encryption on.
      rules:
        type: array
        description: The encryption Rule list, each with ApplyServerSideEncryptionByDefault.
        items:
          type: object
          properties:
            ApplyServerSideEncryptionByDefault:
              type: object
              properties:
                SSEAlgorithm:
                  type: string
                KMSMasterKeyID:
                  type: string
            BucketKeyEnabled:
              type: boolean
  steps:
  - stepId: putEncryption
    description: >-
      Write the default encryption configuration to the bucket.
    operationId: PutBucketEncryption
    parameters:
    - name: Bucket
      in: path
      value: $inputs.bucket
    requestBody:
      contentType: application/xml
      payload:
        Rule: $inputs.rules
    successCriteria:
    - condition: $statusCode == 200
  - stepId: getEncryption
    description: >-
      Read the encryption configuration back to confirm the rule is now applied
      to the bucket.
    operationId: GetBucketEncryption
    parameters:
    - name: Bucket
      in: path
      value: $inputs.bucket
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      rules: $response.body#/Rule
  outputs:
    rules: $steps.getEncryption.outputs.rules