arazzo: 1.0.1 info: title: Amazon EC2 Audit Security Group Usage summary: Describe a security group, then describe instances filtered by that group. description: >- Reports which instances a security group is protecting. The workflow describes the target security group to confirm it exists, then describes instances filtered by that group so an operator can see exactly which instances reference it before making changes. Every step spells out its request inline using the Amazon EC2 query protocol (Action and Version parameters) so the flow can be read and executed without opening the underlying OpenAPI description. version: 1.0.0 sourceDescriptions: - name: amazonEc2Api url: ../openapi/amazon-ec2-openapi.yml type: openapi workflows: - workflowId: audit-security-group-usage summary: Confirm a security group and list the instances that use it. description: >- Chains DescribeSecurityGroups and DescribeInstances (filtered by the group) so the instances attached to a security group are surfaced in one run. inputs: type: object required: - groupId properties: groupId: type: string description: The ID of the security group to audit. steps: - stepId: describeGroup description: Describe the target security group to confirm it exists. operationId: describeSecurityGroups parameters: - name: Action in: query value: DescribeSecurityGroups - name: Version in: query value: '2016-11-15' - name: GroupId in: query value: $inputs.groupId successCriteria: - condition: $statusCode == 200 outputs: describeStatus: $statusCode - stepId: listAttachedInstances description: Describe instances filtered to those using the security group. operationId: describeInstances parameters: - name: Action in: query value: DescribeInstances - name: Version in: query value: '2016-11-15' - name: Filter in: query value: - instance.group-id=$inputs.groupId successCriteria: - condition: $statusCode == 200 outputs: reservations: $response.body#/reservationSet outputs: reservations: $steps.listAttachedInstances.outputs.reservations