arazzo: 1.0.1 info: title: Amazon S3 Configure and Verify Default Encryption summary: Put a bucket default-encryption configuration then read it back. description: >- A data-protection flow for Amazon S3. The workflow writes a default server-side encryption configuration to the bucket so that new objects are encrypted at rest, and then reads the configuration back to confirm the rule is in effect. Every step spells out its request inline so the flow can be read and executed without opening the underlying OpenAPI description. version: 1.0.0 sourceDescriptions: - name: s3RestApi url: ../openapi/amazon-s3-rest-api-openapi.yml type: openapi workflows: - workflowId: set-and-verify-encryption summary: Put bucket default encryption then get it back to confirm. description: >- Applies a ServerSideEncryptionConfiguration with PutBucketEncryption and confirms it with GetBucketEncryption. inputs: type: object required: - bucket - rules properties: bucket: type: string description: The bucket to configure default encryption on. rules: type: array description: The encryption Rule list, each with ApplyServerSideEncryptionByDefault. items: type: object properties: ApplyServerSideEncryptionByDefault: type: object properties: SSEAlgorithm: type: string KMSMasterKeyID: type: string BucketKeyEnabled: type: boolean steps: - stepId: putEncryption description: >- Write the default encryption configuration to the bucket. operationId: PutBucketEncryption parameters: - name: Bucket in: path value: $inputs.bucket requestBody: contentType: application/xml payload: Rule: $inputs.rules successCriteria: - condition: $statusCode == 200 - stepId: getEncryption description: >- Read the encryption configuration back to confirm the rule is now applied to the bucket. operationId: GetBucketEncryption parameters: - name: Bucket in: path value: $inputs.bucket successCriteria: - condition: $statusCode == 200 outputs: rules: $response.body#/Rule outputs: rules: $steps.getEncryption.outputs.rules