AWS actions

preview

We're still working on this feature, but we'd love for you to try it out!

This feature is currently provided as part of a preview program pursuant to our pre-release policies.

This page provides a comprehensive reference for AWS actions available in the workflow automation actions catalog. These actions enable you to integrate AWS services into your workflow definitions, including Lambda functions, Systems Manager automation, EC2 instance management, and general API execution.

Prerequisites

Before using AWS actions in workflow automation, ensure you have:

An AWS account with appropriate permissions.
AWS credentials configured (IAM user credentials, IAM role ARN, or session credentials).
The necessary IAM permissions for the specific AWS services you plan to use.

See Set up AWS credentials for information on how to create IAM users and IAM roles, and set up static and session AWS credentials for integration with workflow automation AWS actions.

Lambda actions

Invokes a Lambda function synchronously or asynchronously with an optional payload.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
functionName	Required	String	`my-lambda-function`
invocationType	Optional	String	`Event'\|'RequestResponse'\|'DryRun'`
payload	Optional	String	`'{"key": "value"}'`
parameters	Optional	Map	`{ "Qualifier": "1", "ClientContext":"encoded value" },`
selectors	Optional	List	`[{\"name\": \"response\", \"expression\": \".response\"}, {\"name\": \"success\", \"expression\": \".success\"}, {\"name\": \"errorMessage\", \"expression\": \".errorMessage\"}]`

중요

Action Timeout: This action has a maximum 1-minute(60-second) timeout for synchronous invocations
Long-Running Functions: For functions that may run longer than 1 minute, you must use the Event InvocationType. This invokes the function asynchronously. You can then use other actions (like aws.cloudwatch.getLogEvents or checking an SQS/SNS callback) to get the result.
- InvocationType is critical:
  - RequestResponse (default): Invokes the function synchronously. The action waits for the function to complete and returns the response.
  - Event: Invokes the function asynchronously. The action returns a success status immediately without waiting for the code to finish.
- ClientContext is for advanced use cases and the provided String must be Base64-encoded
- Any additional API parameters not listed above can be passed in the parameters map. To support a wide range of inputs, the parameters map accepts any optional argument available in the official boto3 API documentation. This allows you to dynamically construct requests by adding multiple fields.

Output Field	Type	Example
response	object	`[{"success":true,"response":{"StatusCode":200,"ExecutedVersion":"$LATEST","Payload":{"statusCode":200,"body":"\"Hello userName\""}}}]` Response syntax can be referred to invoke - Boto3 documentation
success	Boolean	`success: true \| false`
errorMessage	String	`"errorMessage": "ValidationException: 1 validation error detected"`

Output Field

Type

Example

response

object

[{"success":true,"response":{"StatusCode":200,"ExecutedVersion":"$LATEST","Payload":{"statusCode":200,"body":"\"Hello userName\""}}}]

Response syntax can be referred to invoke - Boto3 documentation

success

Boolean

success: true | false

errorMessage

String

"errorMessage": "ValidationException: 1 validation error detected"

Workflow example
`name: lambda-invoke-function-test description: 'Invokes a Lambda function with a payload' workflowInputs: arnRole: type: String steps: - name: aws_lambda_invoke_1 type: action action: aws.lambda.invoke version: '1' inputs: awsRoleArn: ${{ .workflowInputs.arnRole }} region: us-east-1 functionName: my-lambda-processor payload: '{"orderId": "12345", "amount": 99.99}' next: end`

Workflow example

name: lambda-invoke-function-test
    description: 'Invokes a Lambda function with a payload'
    workflowInputs:
      arnRole:
        type: String
    steps:
      - name: aws_lambda_invoke_1
        type: action
        action: aws.lambda.invoke
        version: '1'
        inputs:
          awsRoleArn: ${{ .workflowInputs.arnRole }}
          region: us-east-1
          functionName: my-lambda-processor
        payload: '{"orderId": "12345", "amount": 99.99}'
        next: end

Modifies the configuration of a specific AWS Lambda function. Provide only the parameters you want to change.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
functionName	Required	String	`"my-lambda-function-to-update"`
role	Optional	String	`arn:aws:iam::123456789012:role/new-lambda-role`
handler	Optional	String	`“main.new_handler"`
description	Optional	String	`Updated function description`
parameters	Optional	Map	`{ "Timeout": "60", "MemorySize": 123, },`
selectors	Optional	List	`[{\"name\": \"response\", \"expression\": \".response\"}, {\"name\": \"success\", \"expression\": \".success\"}, {\"name\": \"errorMessage\", \"expression\": \".errorMessage\"}]`

중요

To support a wide range of inputs, the parameters map accepts any optional argument available. This allows you to dynamically construct requests by adding multiple fields.

Output Field	Type	Example
response	object	[{"success":true,"response":{"FunctionName":"hello-you","FunctionArn":"arn:aws:lambda:us-east-2:----:function:hello-you","Runtime":"nodejs20.x","Role":"arn:aws:iam::----:role/TF-hello-you-role","Handler":"hello-you.handler","CodeSize":334,"Description":"This is hello you description from action","Timeout":30,"MemorySize":128,"LastModified":"2025-09-23T13:57:03.000+0000","CodeSha256":"CU03aDDg+34=","Version":"$LATEST","TracingConfig":{"Mode":"PassThrough"},"RevisionId":"0f1e4d9b-c45a-4896-a32d-7cd78e77a273","State":"Active","LastUpdateStatus":"InProgress","LastUpdateStatusReason":"The function is being created.","LastUpdateStatusReasonCode":"Creating","PackageType":"Zip","Architectures":["x86_64"],"EphemeralStorage":{"Size":512},"SnapStart":{"ApplyOn":"None","OptimizationStatus":"Off"},"RuntimeVersionConfig":{"RuntimeVersionArn":"arn:aws:lambda:us-east-2::runtime:01eab27397bfdbdc243d363698d4bc355e3c8176d34a51cd47dfe58cf977f508"},"LoggingConfig":{"LogFormat":"Text","LogGroup":"/aws/lambda/hello-you"}}}] Response syntax can be referred to update_function_configuration - Boto3 documentation
success	Boolean	`success: true \| false`
errorMessage	String	`[ { "errorMessage": "An error occurred (ResourceNotFoundException) when calling the UpdateFunctionConfiguration operation: Function not found: arn:aws:lambda:us-east-2:661945836867:function:my-lambda-function-to-update", "success": false, "response": null } ]`

Output Field

Type

Example

response

object

[{"success":true,"response":{"FunctionName":"hello-you","FunctionArn":"arn:aws:lambda:us-east-2:----:function:hello-you","Runtime":"nodejs20.x","Role":"arn:aws:iam::----:role/TF-hello-you-role","Handler":"hello-you.handler","CodeSize":334,"Description":"This is hello you description from action","Timeout":30,"MemorySize":128,"LastModified":"2025-09-23T13:57:03.000+0000","CodeSha256":"CU03aDDg+34=","Version":"$LATEST","TracingConfig":{"Mode":"PassThrough"},"RevisionId":"0f1e4d9b-c45a-4896-a32d-7cd78e77a273","State":"Active","LastUpdateStatus":"InProgress","LastUpdateStatusReason":"The function is being created.","LastUpdateStatusReasonCode":"Creating","PackageType":"Zip","Architectures":["x86_64"],"EphemeralStorage":{"Size":512},"SnapStart":{"ApplyOn":"None","OptimizationStatus":"Off"},"RuntimeVersionConfig":{"RuntimeVersionArn":"arn:aws:lambda:us-east-2::runtime:01eab27397bfdbdc243d363698d4bc355e3c8176d34a51cd47dfe58cf977f508"},"LoggingConfig":{"LogFormat":"Text","LogGroup":"/aws/lambda/hello-you"}}}]

Response syntax can be referred to update_function_configuration - Boto3 documentation

success

Boolean

success: true | false

errorMessage

String

[ { "errorMessage": "An error occurred (ResourceNotFoundException) when calling the UpdateFunctionConfiguration operation: Function not found: arn:aws:lambda:us-east-2:661945836867:function:my-lambda-function-to-update", "success": false, "response": null } ]

Workflow example
`name: lambda-update-config-test description: 'Updates the timeout and memory of a Lambda function' workflowInputs: arnRole: type: String steps: - name: aws_lambda_update_function_configuration_1 type: action action: aws.lambda.updateFunctionConfiguration version: '1' inputs: awsRoleArn: ${{ .workflowInputs.arnRole }} region: us-west-2 functionName: my-lambda-function-to-update parameters: Timeout:60 MemorySize:123 next: end`

Workflow example

name: lambda-update-config-test
    description: 'Updates the timeout and memory of a Lambda function'
    workflowInputs:
      arnRole:
        type: String
    steps:
      - name: aws_lambda_update_function_configuration_1
        type: action
        action: aws.lambda.updateFunctionConfiguration
        version: '1'
        inputs:
          awsRoleArn: ${{ .workflowInputs.arnRole }}
          region: us-west-2
          functionName: my-lambda-function-to-update
          parameters:
          Timeout:60
          MemorySize:123

        next: end

Retrieves the configuration details, code location, and other metadata for a specific AWS Lambda function.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
functionName	Required	String	`"my-lambda-function"`
parameters	Optional	Map	`{ "Qualifier": "1" },`
selectors	Optional	List	`[[{"name": "response", "expression": ".response"}]`

중요

To support a wide range of inputs, the parameters map accepts any optional argument available. This allows you to dynamically construct requests by adding multiple fields.

Output Field	Type	Example
response	object	`{"response":<aws api response> }` Response syntax can be referred to update_function_configuration - Boto3 documentation
success	Boolean	`success: true \| false`
errorMessage	String	`"errorMessage": "ResourceNotFoundException: Function not found"`

Output Field

Type

Example

response

object

{"response":<aws api response> }

Response syntax can be referred to update_function_configuration - Boto3 documentation

success

Boolean

success: true | false

errorMessage

String

"errorMessage": "ResourceNotFoundException: Function not found"

Workflow example
`name: lambda-get-function-test description: 'Retrieves the configuration of a specific Lambda function' workflowInputs: arnRole: type: String steps: - name: aws_lambda_getFunction_1 type: action action: aws.lambda.getFunction version: '1' inputs: awsRoleArn: ${{ .workflowInputs.arnRole }} region: us-east-1 FunctionName: hello-you parameters: Qualifier: 1 next: end`

Workflow example

name: lambda-get-function-test
    description: 'Retrieves the configuration of a specific Lambda function'
    workflowInputs:
      arnRole:
        type: String
    steps:
      - name: aws_lambda_getFunction_1
        type: action
        action: aws.lambda.getFunction
        version: '1'
        inputs:
          awsRoleArn: ${{ .workflowInputs.arnRole }}
          region: us-east-1
          FunctionName: hello-you
          parameters:
            Qualifier: 1
        next: end

Returns a list of aliases for a specific AWS Lambda function. Aliases are pointers to function versions.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
functionName	Required	String	`“my-lambda-function“`
marker	Optional	String	Pass the `NextMarker` token from a previous response for pagination. e.g., `“abcd....."`
maxItems	Optional	Int	Limit the number of aliases returned e.g., `123`
parameters	Optional	Map	For additional optional API parameters. e.g., `{"AnotherOptionalParam": "value"}`
selectors	Optional	List	`[{"name": "response", "expression": ".response"}]`

중요

Pagination: Use the Marker and MaxItems inputs to paginate through a large number of aliases.
To support a wide range of inputs, the parameters map accepts any optional argument available. This allows you to dynamically construct requests by adding multiple fields.

Output Field	Type	Example
response	object	`{"response":<aws api response> }` Response syntax can be referred to update_function_configuration - Boto3 documentation
success	Boolean	`success: true \| false`
errorMessage	String	`"errorMessage": "ResourceNotFoundException: Function not found"`

Output Field

Type

Example

response

object

{"response":<aws api response> }

Response syntax can be referred to update_function_configuration - Boto3 documentation

success

Boolean

success: true | false

errorMessage

String

"errorMessage": "ResourceNotFoundException: Function not found"

Workflow example
`name: lambda-list-aliases-test description: 'Lists all aliases for a Lambda function' workflowInputs: arnRole: type: String steps: - name: aws_lambda_list_aliases_1 type: action action: aws.lambda.listAliases version: '1' inputs: awsRoleArn: ${{ .workflowInputs.arnRole }} region: us-east-1 functionName: hello-you parameters: FunctionVersion: 1 next: end`

Workflow example

name: lambda-list-aliases-test
    description: 'Lists all aliases for a Lambda function'
    workflowInputs:
      arnRole:
        type: String
    steps:
      - name: aws_lambda_list_aliases_1
        type: action
        action: aws.lambda.listAliases
        version: '1'
        inputs:
          awsRoleArn: ${{ .workflowInputs.arnRole }}
          region: us-east-1
          functionName: hello-you
          parameters:
            FunctionVersion: 1
        next: end

EC2 actions

This action deletes an Amazon EC2 snapshot. You cannot delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first deregister the AMI before you can delete the snapshot.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`region: "us-east-2"`
snapshotId	Required	String	`“snapshot-id-1"`
selectors	Optional	String	`[{\"name\": \"response\", \"expression\": \".response\"}, {\"name\": \"success\", \"expression\": \".success\"}, {\"name\": \"errorMessage\", \"expression\": \".errorMessage\"}]`

팁

In the action input, at least one of the AWS credentials (short, long, role) should be provided, where the role takes precedence over the others.

Output Field	Type	Example
response	Object	No Response in case of success : true Response syntax can be referred delete_snapshot - Boto3 1.40.55 documentation.
success	Boolean	`success: true \| false`
errorMessage	String	`errorMessage: "Failed to delete snapshot"`

Output Field

Type

Example

response

Object

No Response in case of success : true

Response syntax can be referred delete_snapshot - Boto3 1.40.55 documentation.

success

Boolean

success: true | false

errorMessage

String

errorMessage: "Failed to delete snapshot"

Workflow Example
`name: ec2-deleteSnapshot-test description: '' workflowInputs: arnRole: type: String region: type: String defaultValue: us-west-2 snapshotId: type: List defaultValue: snapshot-id-1 steps: - name: aws_ec2_deleteSnapshot_1 type: action action: aws.ec2.deleteSnapshot version: '1' inputs: awsRoleArn: ${{ .workflowInputs.arnRole }} region: ${{ .workflowInputs.region }} snapshotId: ${{ .workflowInputs.snapshotId }} next: end`

Workflow Example

name: ec2-deleteSnapshot-test
    description: ''
    workflowInputs:
      arnRole:
        type: String
      region:
        type: String
        defaultValue: us-west-2
      snapshotId:
        type: List
        defaultValue: snapshot-id-1
    steps:
      - name: aws_ec2_deleteSnapshot_1
        type: action
        action: aws.ec2.deleteSnapshot
        version: '1'
        inputs:
          awsRoleArn: ${{ .workflowInputs.arnRole }}
          region: ${{ .workflowInputs.region }}
          snapshotId: ${{ .workflowInputs.snapshotId }}
        next: end

Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.

If an instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard reboot.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`region: "us-east-2"`
instanceIds	Required	List	`"[\"i-0123456789abcdef0\", \"i-0fedcba9876543210\"]"`
selectors	Optional	List	`[{\"name\": \"response\", \"expression\": \".response\"}, {\"name\": \"success\", \"expression\": \".success\"}, {\"name\": \"errorMessage\", \"expression\": \".errorMessage\"}]`

중요

In the action input, at least one of the AWS credentials (short, long, role) should be provided, where the role takes precedence over the others.

Output Field	Type	Example
response	Object	reboot_instances - Boto3 1.40.56 documentation
success	Boolean	`success: true \| false`
errorMessage	String	`errorMessage: ""`

Workflow example
`name: reboot-ec2-test description: '' workflowInputs: arnRole: type: String region: type: String defaultValue: us-west-2 instanceIds: type: List defaultValue: ["i-123456789abcdef0"] steps: - name: aws_ec2_rebootInstances_1 type: action action: aws.ec2.rebootInstances version: '1' inputs: awsRoleArn: ${{ .workflowInputs.arnRole }} region: ${{ .workflowInputs.region }} instanceIds: ${{ .workflowInputs.instanceIds }} next: end`

Workflow example

name: reboot-ec2-test
    description: ''
    workflowInputs:
      arnRole:
        type: String
      region:
        type: String
        defaultValue: us-west-2
      instanceIds:
        type: List
        defaultValue: ["i-123456789abcdef0"]
    steps:
      - name: aws_ec2_rebootInstances_1
        type: action
        action: aws.ec2.rebootInstances
        version: '1'
        inputs:
          awsRoleArn: ${{ .workflowInputs.arnRole }}
          region: ${{ .workflowInputs.region }}
          instanceIds: ${{ .workflowInputs.instanceIds }}
        next: end

Starts an Amazon EBS-backed instance that you previously stopped.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`region: "us-east-2"`
instanceIds	Required	List	`"[\"i-0123456789abcdef0\", \"i-0fedcba9876543210\"]"`
selectors	Optional	List	`[{\"name\": \"response\", \"expression\": \".response\"}, {\"name\": \"success\", \"expression\": \".success\"}, {\"name\": \"errorMessage\", \"expression\": \".errorMessage\"}]`

팁

In the action input, at least one of the AWS credentials (short, long, role) should be provided, where the role takes precedence over the others.

Output Field	Type	Example
response	Object	`{"response":{ 'StartingInstances': [ { 'InstanceId': 'String', 'CurrentState': { 'Code': 123, 'Name': 'pending'\|'running'\|'shutting-down'\|'terminated'\|'stopping'\|'stopped' }, 'PreviousState': { 'Code': 123, 'Name': 'pending'\|'running'\|'shutting-down'\|'terminated'\|'stopping'\|'stopped' } }, ] } } }` Response syntax can be referred start_instances - Boto3 1.40.50 documentation
success	Boolean	`success: true \| false`
errorMessage	String	`errorMessage: "The parameter instancesSet cannot be used with the parameter maxResults"`

Output Field

Type

Example

response

Object

{"response":{
        'StartingInstances': [
            {
                'InstanceId': 'String',
                'CurrentState': {
                    'Code': 123,
                    'Name': 'pending'|'running'|'shutting-down'|'terminated'|'stopping'|'stopped'
                },
                'PreviousState': {
                    'Code': 123,
                    'Name': 'pending'|'running'|'shutting-down'|'terminated'|'stopping'|'stopped'
                }
            },
        ]
    }

    }

    }

Response syntax can be referred start_instances - Boto3 1.40.50 documentation

success

Boolean

success: true | false

errorMessage

String

errorMessage: "The parameter instancesSet cannot be used with the parameter maxResults"

Workflow example
`name: ab-ec2-startInstance-test description: '' workflowInputs: arnRole: type: String region: type: String defaultValue: us-west-2 instanceIds: type: list defaultValue: ["i-123456789abcdef0"] steps: - name: aws_ec2_startInstances_1 type: action action: aws.ec2.startInstances version: '1' inputs: awsRoleArn: ${{ .workflowInputs.arnRole }} region: ${{ .workflowInputs.region }} instanceIds: ${{ .workflowInputs.instanceIds }} next: end`

Workflow example

name: ab-ec2-startInstance-test
    description: ''
    workflowInputs:
      arnRole:
        type: String
      region:
        type: String
        defaultValue: us-west-2
      instanceIds:
        type: list
        defaultValue: ["i-123456789abcdef0"]
    steps:
      - name: aws_ec2_startInstances_1
        type: action
        action: aws.ec2.startInstances
        version: '1'
        inputs:
          awsRoleArn: ${{ .workflowInputs.arnRole }}
          region: ${{ .workflowInputs.region }}
          instanceIds: ${{ .workflowInputs.instanceIds }}
        next: end

Terminates the specified instances. This operation is idempotent; if you terminate an instance more than once, each call succeeds.

If you specify multiple instances and the request fails (for example, because of a single incorrect instance ID), none of the instances are terminated.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`region: "us-east-2"`
instanceIds	Required	List	`"[\"i-0123456789abcdef0\", \"i-0fedcba9876543210\"]"`
selectors	Optional	List	`[{\"name\": \"response\", \"expression\": \".response\"}, {\"name\": \"success\", \"expression\": \".success\"}, {\"name\": \"errorMessage\", \"expression\": \".errorMessage\"}]`

중요

In the action input, at least one of the AWS credentials (short, long, role) should be provided, where the role takes precedence over the others.

Output Field	Type	Example
response	object	`{ 'TerminatingInstances': [ { 'InstanceId': 'String', 'CurrentState': { 'Code': 123, 'Name': 'pending'\|'running'\|'shutting-down'\|'terminated'\|'stopping'\|'stopped' }, 'PreviousState': { 'Code': 123, 'Name': 'pending'\|'running'\|'shutting-down'\|'terminated'\|'stopping'\|'stopped' } }, ] }` Response syntax can be referred terminate_instances - Boto3 1.40.50 documentation
success	Boolean	`success: true \| false`
errorMessage	String	`errorMessage: "An error occurred (`InvalidInstanceID.Malformed`) when calling the TerminateInstances operation: The instance ID 'i-012345678' is malformed"`

Output Field

Type

Example

response

object

{
    'TerminatingInstances': [
        {
            'InstanceId': 'String',
            'CurrentState': {
                'Code': 123,
                'Name': 'pending'|'running'|'shutting-down'|'terminated'|'stopping'|'stopped'
            },
            'PreviousState': {
                'Code': 123,
                'Name': 'pending'|'running'|'shutting-down'|'terminated'|'stopping'|'stopped'
            }
        },
    ]
}

Response syntax can be referred terminate_instances - Boto3 1.40.50 documentation

success

Boolean

success: true | false

errorMessage

String

errorMessage: "An error occurred (InvalidInstanceID.Malformed) when calling the TerminateInstances operation: The instance ID 'i-012345678' is malformed"

Workflow example
`name: ec2-terminate-test description: '' workflowInputs: arnRole: type: String region: type: String defaultValue: us-west-2 instanceIds: type: list defaultValue: ["i-123456789abcdef0"] steps: - name: aws_ec2_terminateInstances_1 type: action action: aws.ec2.terminateInstances version: '1' inputs: awsRoleArn: ${{ .workflowInputs.arnRole }} region: ${{ .workflowInputs.region }} instanceIds: ${{ .workflowInputs.instanceIds }} next: end`

Workflow example

name: ec2-terminate-test
    description: ''
    workflowInputs:
      arnRole:
        type: String
      region:
        type: String
        defaultValue: us-west-2
      instanceIds:
        type: list
        defaultValue: ["i-123456789abcdef0"]
    steps:
      - name: aws_ec2_terminateInstances_1
        type: action
        action: aws.ec2.terminateInstances
        version: '1'
        inputs:
          awsRoleArn: ${{ .workflowInputs.arnRole }}
          region: ${{ .workflowInputs.region }}
          instanceIds: ${{ .workflowInputs.instanceIds }}
        next: end

Launches the specified number of instances using an AMI for which you have permissions.

You can specify a number of options, or leave the default options. The following rules apply:

If you don’t specify a subnet ID, we choose a default subnet from your default VPC for you. If you don’t have a default VPC, you must specify a subnet ID in the request.

If any of the AMIs have a product code attached for which the user has not subscribed, the request fails.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`region: "us-east-2"`
imageId	Required	String	`“ami-0ca4d5db4872d0c28”`
instanceType	Required	String	`“t2.micro”`
minCount	Required	Int	`1`
maxCount	Required	Int	`10`
parameters	Optional	Map	`{ "EbsOptimized": false, "TagSpecifications": [ { "ResourceType": "instance", "Tags": [ { "Key": "Name", "Value": "My-Web-Server" } ] } }`
selectors	Optional	List	`[{\"name\": \"response\", \"expression\": \".response\"}, {\"name\": \"success\", \"expression\": \".success\"}, {\"name\": \"errorMessage\", \"expression\": \".errorMessage\"}]`

중요

To support a wide range of inputs, the parameters map accepts any optional argument available. This allows you to dynamically construct requests by adding multiple fields.

Output Field	Type	Example
response	object	Response syntax can be referred: run_instances - Boto3 1.40.50 documentation
success	Boolean	`success: true \| false`
errorMessage	String	`errorMessage: ""`

Output Field

Type

Example

response

object

Response syntax can be referred: run_instances - Boto3 1.40.50 documentation

success

Boolean

success: true | false

errorMessage

String

errorMessage: ""

Workflow example
`name: ec2_run_instance workflowInputs: arnRole: type: String required: true steps: - name: RunInstance type: action action: aws.ec2.runInstances version: '1' inputs: awsRoleArn: ${{.workflowInputs.arnRole}} region: us-east-2 imageId: ami-0ca4d5db4872d0c28 instanceType: t2.micro minCount: 1 maxCount: 1 parameters: EbsOptimized: false TagSpecifications: - ResourceType: instance Tags: - Key: Name Value: My-Test-Instance selectors: - name: instanceId expression: .response.Instances[0].InstanceId`

Workflow example

name: ec2_run_instance
  workflowInputs:
    arnRole:
      type: String
      required: true
  steps:
    - name: RunInstance
      type: action
      action: aws.ec2.runInstances
      version: '1'
      inputs:
        awsRoleArn: ${{.workflowInputs.arnRole}}
        region: us-east-2
        imageId: ami-0ca4d5db4872d0c28
        instanceType: t2.micro
        minCount: 1
        maxCount: 1
        parameters:
          EbsOptimized: false
          TagSpecifications:
            - ResourceType: instance
              Tags:
                - Key: Name
                  Value: My-Test-Instance
        selectors:
          - name: instanceId
            expression: .response.Instances[0].InstanceId

Systems Manager actions

Writes a document to the AWS account based on the AWS credentials passed in the action input. See AWS Systems Manager Documentation

Input Field	Optionality	Type	Example
awsAccessKeyId	Required	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Required	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`region: "us-east-2"`
documentName	Required	String	`documentName: "my-ssm-document"`
documentType	Optional	String	`documentType: "Command"`
documentFormat	Optional	String	`documentFormat: "YAML"`
documentContent	Required	String
override	Optional	Boolean	`override: true (default)`. When `true`, always write the document with the provided name even if one already exist. When `false`, if a document with the provided `documentName` already exist, the action returns `success: false` and `errorMessage:Document already exists`. Please enable override if you want to update the existing document.

Output Field	Type	Example
documentName	String	`documentName: "my-ssm-document"`
documentVersion	String	`documentVersion: 1`
documentType	String	`documentType: "Command"`
documentStatus	String	`documentStatus: "Active"`.
success	Boolean	`success: true`
errorMessage	String	`errorMessage: "Some error message from ssm"`

Workflow definition	Inputs	Outputs
`schemaVersion: '0.3' description: List all Lambda function names. mainSteps: - name: ExecuteAwsApi action: aws:executeAwsApi isEnd: true`	`inputs: Service: lambda Api: ListFunctions`	`outputs: - Name: resultFunctionName Selector: $..FunctionName Type: StringList outputs: - ExecuteAwsApi.resultFunctionName`

Workflow definition

Inputs

Outputs

schemaVersion: '0.3'
  description: List all Lambda function names.
  mainSteps:
    - name: ExecuteAwsApi
      action: aws:executeAwsApi
      isEnd: true

inputs:
          Service: lambda
          Api: ListFunctions

outputs:
        - Name: resultFunctionName
          Selector: $..FunctionName
          Type: StringList
  outputs:
    - ExecuteAwsApi.resultFunctionName

Deletes an AWS document in the AWS account based on the credentials passed in the action input. See AWS Systems Manager Documentation

Input Field	Optionality	Type	Example
awsAccessKeyId	Required	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Required	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`region: "us-east-2"`
documentName	Required	String	`documentName: "my-ssm-document"`

Output Field	Type	Example
documentName	String	documentName: "my-ssm-document"
success	Boolean	`success: true`
errorMessage	String	`errorMessage: "Some error message from ssm"`

Workflow definition	Inputs	Outputs
`schemaVersion: '0.3' description: List all Lambda function names. mainSteps: - name: ExecuteAwsApi action: aws:executeAwsApi isEnd: true`	`inputs: Service: lambda Api: ListFunctions`	`outputs: - Name: resultFunctionName Selector: $..FunctionName Type: StringList outputs: - ExecuteAwsApi.resultFunctionName`

Workflow definition

Inputs

Outputs

schemaVersion: '0.3'
  description: List all Lambda function names.
  mainSteps:
    - name: ExecuteAwsApi
      action: aws:executeAwsApi
      isEnd: true

inputs:
          Service: lambda
          Api: ListFunctions

outputs:
        - Name: resultFunctionName
          Selector: $..FunctionName
          Type: StringList
  outputs:
    - ExecuteAwsApi.resultFunctionName

Starts an automation using an AWS document. See AWS Systems Manager Documentation

Input Field	Optionality	Type	Example
awsAccessKeyId	Required	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Required	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`region: "us-east-2"`
documentName	Required	String	`documentName: "my-ssm-document"`
parameters	Optional	Map	`parameters: myKey: myValue`
idempotencyToken	Optional	UUID	`idempotencyToken: "any token"`

Output Field	Type	Example
automationExecutionId	String	`automationExecutionId: "3143a28d-241c-4abd-a3ca-9c0ff3890241"`
success	Boolean	`success: true`
errorMessage	String	`errorMessage: "Some error message from ssm"`

Workflow definition	Inputs	Outputs
`schemaVersion: '0.3' description: List all Lambda function names. mainSteps: - name: ExecuteAwsApi action: aws:executeAwsApi isEnd: true`	`Service: lambda Api: ListFunctions`	`- Name: resultFunctionName Selector: $..FunctionName Type: StringList outputs: - ExecuteAwsApi.resultFunctionName`

Workflow definition

Inputs

Outputs

schemaVersion: '0.3'
    description: List all Lambda function names.
    mainSteps:
      - name: ExecuteAwsApi
        action: aws:executeAwsApi
        isEnd: true

Service: lambda
          Api: ListFunctions

- Name: resultFunctionName
            Selector: $..FunctionName
            Type: StringList
    outputs:
      - ExecuteAwsApi.resultFunctionName

Waits for an automation using an AWS document. See AWS Systems Manager Documentation for more information.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`region: "us-east-2"`
automationExecutionId	Required	String	`automationExecutionId: "3143a28d-241c-4abd-a3ca-9c0ff3890241"`. The automation executionID for which we need to wait for its completion.
automationExecutionStatuses	Optional	List	List of automation execution statuses from AutomationExecution that can stop the waiting, `Default: ["Success", "Failed"]`
timeout	Optional	int	`timeout: 600`. The duration in seconds can wait for automation status to be one of the expected `automationExecutionStatuses`. Post this timeout duration, the action return value with timeout error.
selectors	Optional	List	`[{\"name\": \"automationExecutionStatus\", \"expression\": \".automationExecutionStatus\"}, {\"name\": \"scriptOutput\", \"expression\": \".automationExecutionOutputs.pythonStep.scriptOutput \| tojson\"}]`.

중요

In the action input, only awsAccessKeyId and awsSecretAccessKey can be provided, but they should be static credentials of an IAM user.
If session credentials are to be used, awsAccessKeyId, awsSecretAccessKey and awsSessionToken must be passed to the action input.
Refer to the instructions to set up AWS credentials.
Use selectors to get only the specified parameters as output.

Output Field	Type	Example
automationExecutionId	String	`automationExecutionId: "3143a28d-241c-4abd-a3ca-9c0ff3890241"`
automationExecutionStatus	String	`automationExecutionStatus: "Success"`. If action is successful, It will either of the values passed in `automationExecutionStatuses` input field. Else, this will be null.
automationExecutionOutputs	Map	`"automationExecutionOutputs": { "ExecuteGetApiResources": { "resultResourceId": [ "pky3cb" ] }, "ExecuteListVersionsByFunction": { "resultLambdaVersionArn": [ "arn:aws:lambda:us-east-2:123456789012:function:ApiGwTestFn:1" ] } }` The output will be a map of output values from the document. Any output in the document can be collected using this output field and can be used in subsequent steps of the workflow automation definition.
success	Boolean	`success: true`
errorMessage	String	`errorMessage: "Some error message from ssm"`

Workflow definition	Inputs	Outputs
`schemaVersion: '0.3' description: List all Lambda function names. mainSteps: - name: ExecuteAwsApi action: aws:executeAwsApi isEnd: true`	`Service: lambda Api: ListFunctions`	`- Name: resultFunctionName Selector: $..FunctionName Type: StringList outputs: - ExecuteAwsApi.resultFunctionName`

Workflow definition

Inputs

Outputs

schemaVersion: '0.3'
    description: List all Lambda function names.
    mainSteps:
      - name: ExecuteAwsApi
        action: aws:executeAwsApi
        isEnd: true

Service: lambda
          Api: ListFunctions

- Name: resultFunctionName
            Selector: $..FunctionName
            Type: StringList
    outputs:
      - ExecuteAwsApi.resultFunctionName

General AWS actions

This action allows you to execute any AWS API operation for a specified service. It supports providing AWS credentials, region, service name, API name, and optional parameters. The action can return outputs such as success status, response data, and error messages, making it versatile for interacting with AWS services programmatically.

Security and IAM configuration

To use this action, you must configure AWS credentials. See Set up AWS credentials for detailed instructions on creating an IAM role or IAM user.

중요

Security best practice: When defining IAM policies for this action, always use least-privilege access. Grant only the specific AWS API actions your workflow requires, and restrict permissions to specific resources rather than using wildcards.

Required IAM permissions

The permissions you need depend on which AWS services and APIs your workflow calls. Use the examples below as templates for creating least-privilege policies.

Example: Allow sending messages to a specific SQS queue

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "sqs:SendMessage",
      "Resource": "arn:aws:sqs:us-west-2:<your-aws-account-id>:<your-queue-name>"
    }
  ]
}

Example: Allow querying a specific DynamoDB table

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "dynamodb:Query",
      "Resource": "arn:aws:dynamodb:us-west-2:<your-aws-account-id>:table/<your-table-name>"
    }
  ]
}

Example: Multiple services with specific permissions

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "sqs:SendMessage",
      "Resource": "arn:aws:sqs:us-west-2:<your-aws-account-id>:<your-queue-name>"
    },
    {
      "Effect": "Allow",
      "Action": "dynamodb:Query",
      "Resource": "arn:aws:dynamodb:us-west-2:<your-aws-account-id>:table/<your-table-name>"
    }
  ]
}

팁

Replace <your-aws-account-id>, <your-queue-name>, and <your-table-name> with your actual values
Find available AWS service APIs in the Boto3 documentation
For more complex IAM policy patterns, see the AWS IAM documentation

For more information on how this action works, see the AWS Systems Manager executeAwsApi documentation.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`region: "us-east-2"`
service	Required	String	`service: "sqs"`.AWS available services
api	Required	String	api: "create_queue"
parameters	Required	Map	`parameters: { "QueueName": "dks-testing-queue", "Attributes": { "DelaySeconds": "0", "MessageRetentionPeriod": "86400" } }`
selectors	Optional	List	`[{\"name\": \"response\", \"expression\": \".response\"}, {\"name\": \"success\", \"expression\": \".success\"}, {\"name\": \"errorMessage\", \"expression\": \".errorMessage\"}]`

팁

In the action input, at least one of the AWS credentials (short, long, role) should be provided, where the role takes precedence over the others.
In the action input, if awsAccessKeyId and awsSecretAccessKey are to be provided, make sure they are static credentials of an IAM user.
If session credentials are to be used, awsAccessKeyId, awsSecretAccessKey and awsSessionToken must be passed to the action input.
Refer to AWS credentials for instructions.
Use selectors to get only the specified parameters as output.

Output Field	Type	Example
response	object	`{"response":<aws api reponse>` }} each service and api have different response for example https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/client/query.html.
success	Boolean	`success: true \| false`
errorMessage	String	`errorMessage: "User does not have permission to query DynamoDB"`

Example 1: Send a message to an SQS queue

This example demonstrates how to send a message to an Amazon SQS queue using the aws.execute.api action with IAM role authentication.

name: sqs_send_message_example

workflowInputs:
  awsRoleArn:
    type: String
    description: "ARN of the IAM role to assume (e.g., arn:aws:iam::123456789012:role/workflow-sqs-role)"
  awsRegion:
    type: String
    defaultValue: us-east-2
  awsQueueUrl:
    type: String
    defaultValue: "https://sqs.us-east-2.amazonaws.com/<your-account-id>/<your-queue-name>"

steps:
  - name: sendSqsMessage
    type: action
    action: aws.execute.api
    version: 1
    inputs:
      awsRoleArn: ${{ .workflowInputs.awsRoleArn }}
      region: ${{ .workflowInputs.awsRegion }}
      service: sqs
      api: send_message
      parameters:
        QueueUrl: ${{ .workflowInputs.awsQueueUrl }}
        MessageBody: |
          {
            "message": "deployment is bad",
            "status": "not good"
          }
      selectors:
        - name: success
          expression: '.success'
        - name: messageId
          expression: '.response.MessageId'
        - name: errorMessage
          expression: '.errorMessage'

  - name: logResult
    type: action
    action: newrelic.ingest.sendLogs
    version: 1
    inputs:
      message: 'SQS message sent. Success: ${{ .steps.sendSqsMessage.outputs.success }}, MessageId: ${{ .steps.sendSqsMessage.outputs.messageId }}'
      licenseKey: '${{ :secrets:NEW_RELIC_LICENSE_KEY }}'

Required IAM policy for this example:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "sqs:SendMessage",
      "Resource": "arn:aws:sqs:us-east-2:<your-aws-account-id>:<your-queue-name>"
    }
  ]
}

Expected outputs:

success: Boolean indicating whether the message was sent successfully
messageId: The unique ID assigned by SQS to the sent message
errorMessage: Error message if the operation failed

Example 2: Query a DynamoDB table

This example demonstrates how to query a DynamoDB table using the aws.execute.api action with session credentials.

name: dynamodb_query_example

workflowInputs:
  awsAccessKeyId:
    type: String
    defaultValue: "${{ :secrets:AWS_ACCESS_KEY_ID }}"
  awsSecretAccessKey:
    type: String
    defaultValue: "${{ :secrets:AWS_SECRET_ACCESS_KEY }}"
  awsSessionToken:
    type: String
    defaultValue: "${{ :secrets:AWS_SESSION_TOKEN }}"
  awsRegion:
    type: String
    defaultValue: us-east-2
  tableName:
    type: String
    defaultValue: workflow-definitions-prod
  scopedName:
    type: String
    description: "The scoped name to query"
  version:
    type: String
    defaultValue: "1"

steps:
  - name: queryDynamoDB
    type: action
    action: aws.execute.api
    version: 1
    inputs:
      awsAccessKeyId: ${{ .workflowInputs.awsAccessKeyId }}
      awsSecretAccessKey: ${{ .workflowInputs.awsSecretAccessKey }}
      awsSessionToken: ${{ .workflowInputs.awsSessionToken }}
      region: ${{ .workflowInputs.awsRegion }}
      service: dynamodb
      api: query
      parameters:
        TableName: ${{ .workflowInputs.tableName }}
        KeyConditionExpression: "ScopedName = :scopedNameValue AND Version = :versionValue"
        ExpressionAttributeValues:
          ":scopedNameValue":
            S: ${{ .workflowInputs.scopedName }}
          ":versionValue":
            N: ${{ .workflowInputs.version }}
      selectors:
        - name: success
          expression: '.success'
        - name: response
          expression: '.response'
        - name: errorMessage
          expression: '.errorMessage'

  - name: logResult
    type: action
    action: newrelic.ingest.sendLogs
    version: 1
    inputs:
      message: 'DynamoDB query result: ${{ .steps.queryDynamoDB.outputs.response.Items }}'
      licenseKey: '${{ :secrets:NEW_RELIC_LICENSE_KEY }}'

Required IAM policy for this example:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "dynamodb:Query",
      "Resource": "arn:aws:dynamodb:us-east-2:<your-aws-account-id>:table/workflow-definitions-prod"
    }
  ]
}

Expected outputs:

success: Boolean indicating whether the query was successful
response: The DynamoDB query response containing the matching items
errorMessage: Error message if the operation failed

CloudWatch actions

This action retrieves a batch of log events from a specified log stream in AWS CloudWatch Logs. It's essential for monitoring, auditing, and troubleshooting applications by programmatically fetching log data.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
logStreamName	Required	String	`"2023/10/27/[$LATEST]abcdef123456"`
logGroupName	Optional	String	`"/aws/lambda/my-function"`
logGroupIdentifier	Optional	String	`“arn:partition:service:region:account-id:resource”`
startTime	Optional	Int	`1759296000000`
endTime	Optional	Int	`1759296000000`
limit	Optional	Int	`50`
startFromHead	Optional	Boolean	`true`
unmask	Optional	Boolean	`false`
nextToken	Optional	String	`“f/39218833627378687642013305455131706539523449361490509828/s”`

Output Field	Type	Example
response	object	`{ 'events': [ { 'timestamp': 123, 'message': 'string', 'ingestionTime': 123 }, ], 'nextForwardToken': 'string', 'nextBackwardToken': 'string' }`
success	Boolean	`success: true \| false`
errorMessage	String	`“An error occurred (ExpiredTokenException) when calling the GetLogEvents operation: The security token included in the request is expired”`

Workflow example
name: get-lambda-logs description: 'Retrieve log events from an AWS Lambda function' workflowInputs: region: type: String defaultValue: us-east-2 logGroupName: type: String defaultValue: /aws/lambda/my-function logStreamName: type: String defaultValue: 2023/10/27/[$LATEST]abcdef123456 steps: name: get_events_step type: action action: aws.cloudwatch.get_log_events version: '1' inputs: region: ${{ .workflowInputs.region }} logGroupName: ${{ .workflowInputs.logGroupName }} logStreamName: ${{ .workflowInputs.logStreamName }} limit: 100

Workflow example

name: get-lambda-logs
description: 'Retrieve log events from an AWS Lambda function'
workflowInputs:
  region:
    type: String
    defaultValue: us-east-2
  logGroupName:
    type: String
    defaultValue: /aws/lambda/my-function
  logStreamName:
    type: String
    defaultValue: 2023/10/27/[$LATEST]abcdef123456
steps:
  name: get_events_step
  type: action
  action: aws.cloudwatch.get_log_events
  version: '1'
  inputs:
    region: ${{ .workflowInputs.region }}
    logGroupName: ${{ .workflowInputs.logGroupName }}
    logStreamName: ${{ .workflowInputs.logStreamName }}
    limit: 100

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
logGroupName	Required	String	`"/aws/lambda/hello-you"`
logStreamName	Required	String	`"2025/09/24/[$LATEST]09f7ca9e9ab044f389419ce60305f594"`
logEvents	Required	List	`[ { "timestamp": 1698384000000, "message": "Workflow task started." }, { "timestamp": 1698384000015, "message": "Data validated successfully." } ]`
entity	Optional	Dict	`{ "entity": { "keyAttributes": { "ResourceType": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Identifier": "app/my-web-lb/12345", "Environment": "Production" }, "attributes": { "MonitoringTier": "Gold", "OwnerTeam": "Networking", "MaintenanceWindow": "Sat: 0200-0400" } } }`

Output Field	Type	Example
response	object	`{ 'events': [ { 'timestamp': 123, 'message': 'string', 'ingestionTime': 123 }, ], 'nextForwardToken': 'string', 'nextBackwardToken': 'string' }`
success	Boolean	`success: true \| false`
errorMessage	String	`“An error occurred (ExpiredTokenException) when calling the GetLogEvents operation: The security token included in the request is expired”`

Workflow example
name: get-lambda-logs description: 'Retrieve log events from an AWS Lambda function' workflowInputs: region: type: String defaultValue: us-east-2 logGroupName: type: String defaultValue: /aws/lambda/my-function logStreamName: type: String defaultValue: 2023/10/27/[$LATEST]abcdef123456 steps: name: get_events_step type: action action: aws.cloudwatch.get_log_events version: '1' inputs: region: ${{ .workflowInputs.region }} logGroupName: ${{ .workflowInputs.logGroupName }} logStreamName: ${{ .workflowInputs.logStreamName }} limit: 100

Workflow example

name: get-lambda-logs
description: 'Retrieve log events from an AWS Lambda function'
workflowInputs:
  region:
    type: String
    defaultValue: us-east-2
  logGroupName:
    type: String
    defaultValue: /aws/lambda/my-function
  logStreamName:
    type: String
    defaultValue: 2023/10/27/[$LATEST]abcdef123456
steps:
  name: get_events_step
  type: action
  action: aws.cloudwatch.get_log_events
  version: '1'
  inputs:
    region: ${{ .workflowInputs.region }}
    logGroupName: ${{ .workflowInputs.logGroupName }}
    logStreamName: ${{ .workflowInputs.logStreamName }}
    limit: 100

S3 actions

The listObjectsV2 method returns some or all (up to 1,000) of the objects in a bucket. It is a more modern and recommended version of list_objects.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
bucket	Required	String	"`examplebucket`"
prefix	Optional	String	"`path/to/folder/`"
maxKeys	Optional	Integer	`100`
continuationToken	Optional	String	`some-token`
parameters	Optional	Map	`{ "Delimiter": "/" }`
selectors	Optional	List	`[{\"name\": \"response\", \"expression\": \".response\"}, {\"name\": \"success\", \"expression\": \".success\"}, {\"name\": \"errorMessage\", \"expression\": \".errorMessage\"}]`

Input Field	Type
EncodingType	String
FetchOwner	Boolean
StartAfter	String
RequestPayer	String
ExpectedBucketOwner	String
OptionalObjectAttributes	List
Delimiter	String

Output Field	Type	Example
response	object	{ 'IsTruncated': True\|False, 'Contents': [ { 'Key': 'string', 'LastModified': datetime(2015, 1, 1), 'ETag': 'string', 'ChecksumAlgorithm': [ 'CRC32'\|'CRC32C'\|'SHA1'\|'SHA256'\|'CRC64NVME', ], 'ChecksumType': 'COMPOSITE'\|'FULL_OBJECT', 'Size': 123, 'StorageClass': 'STANDARD'\|'REDUCED_REDUNDANCY'\|'GLACIER'\|'STANDARD_IA'\|'ONEZONE_IA'\|'INTELLIGENT_TIERING'\|'DEEP_ARCHIVE'\|'OUTPOSTS'\|'GLACIER_IR'\|'SNOW'\|'EXPRESS_ONEZONE'\|'FSX_OPENZFS', 'Owner': { 'DisplayName': 'string', 'ID': 'string' }, 'RestoreStatus': { 'IsRestoreInProgress': True\|False, 'RestoreExpiryDate': datetime(2015, 1, 1) } }, ], 'Name': 'string', 'Prefix': 'string', 'Delimiter': 'string', 'MaxKeys': 123, 'CommonPrefixes': [ { 'Prefix': 'string' }, ], 'EncodingType': 'url', 'KeyCount': 123, 'ContinuationToken': 'string', 'NextContinuationToken': 'string', 'StartAfter': 'string', 'RequestCharged': 'requester' } Response syntax can be referred to in the list_objects_v2 - Boto3 1.40.52 documentation
success	Boolean	`success: true \| false`
errorMessage	String	`errorMessage: "Parameter validation failed:\nInvalid bucket name \"s3-activity-test \": Bucket name must match the regex \"^[a-zA-Z0-9.\\-_]{1,255}$\" or be an ARN matching the regex \"^arn:(aws).:(s3\|s3-object-lambda):[a-z\\-0-9]:[0-9]{12}:accesspoint[/:][a-zA-Z0-9\\-.]{1,63}$\|^arn:(aws).*:s3-outposts:[a-z\\-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9\\-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9\\-]{1,63}$\""`

Output Field

Type

Example

response

object

{
    'IsTruncated': True|False,
    'Contents': [
        {
            'Key': 'string',
            'LastModified': datetime(2015, 1, 1),
            'ETag': 'string',
            'ChecksumAlgorithm': [
                'CRC32'|'CRC32C'|'SHA1'|'SHA256'|'CRC64NVME',
            ],
            'ChecksumType': 'COMPOSITE'|'FULL_OBJECT',
            'Size': 123,
            'StorageClass': 'STANDARD'|'REDUCED_REDUNDANCY'|'GLACIER'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'|'OUTPOSTS'|'GLACIER_IR'|'SNOW'|'EXPRESS_ONEZONE'|'FSX_OPENZFS',
            'Owner': {
                'DisplayName': 'string',
                'ID': 'string'
            },
            'RestoreStatus': {
                'IsRestoreInProgress': True|False,
                'RestoreExpiryDate': datetime(2015, 1, 1)
            }
        },
    ],
    'Name': 'string',
    'Prefix': 'string',
    'Delimiter': 'string',
    'MaxKeys': 123,
    'CommonPrefixes': [
        {
            'Prefix': 'string'
        },
    ],
    'EncodingType': 'url',
    'KeyCount': 123,
    'ContinuationToken': 'string',
    'NextContinuationToken': 'string',
    'StartAfter': 'string',
    'RequestCharged': 'requester'
}

Response syntax can be referred to in the list_objects_v2 - Boto3 1.40.52 documentation

success

Boolean

success: true | false

errorMessage

String

errorMessage: "Parameter validation failed:\nInvalid bucket name \"s3-activity-test \": Bucket name must match the regex \"^[a-zA-Z0-9.\\-_]{1,255}$\" or be an ARN matching the regex \"^arn:(aws).:(s3|s3-object-lambda):[a-z\\-0-9]:[0-9]{12}:accesspoint[/:][a-zA-Z0-9\\-.]{1,63}$|^arn:(aws).*:s3-outposts:[a-z\\-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9\\-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9\\-]{1,63}$\""

Workflow example

name: aws-s3-list-objects-v2
description: 'List Objects in an AWS S3 Bucket'
      
steps:
  - name: aws_s3_listObjectsV2_1
    type: action
    action: aws.s3.listObjectsV2
    version: '1'
    inputs:
      awsRoleArn: "arn:aws:iam::123456789012:role/my-workflow-role"
      region: "us-east-2"
      bucket: "examplebucket"
      prefix: "path/to/folder/"
      maxKeys: 100
      continuationToken: "some-token"
    next: end

The deleteObject method permanently removes a single object from a bucket. For versioned buckets, this operation inserts a delete marker, which hides the object without permanently deleting it unless a VersionId is specified.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
bucket	Required	String	"`examplebucket`"
key	Required	String	"`path/to/object.txt`"
parameters	Optional	Map	`{ "RequestPayer": "test", "BypassGovernanceRetention": false "VersionId":"testVersion", "MFA":"Test" }`
selectors	Optional	List	`[{\"name\": \"response\", \"expression\": \".response\"}, {\"name\": \"success\", \"expression\": \".success\"}, {\"name\": \"errorMessage\", \"expression\": \".errorMessage\"}]`

Output Field	Type	Example
response	object
success	Boolean	`success: true \| false`
errorMessage	String	`errorMessage: "Parameter validation failed:\nInvalid bucket name \"s3-activity-test \": Bucket name must match the regex \"^[a-zA-Z0-9.\\-_]{1,255}$\" or be an ARN matching the regex \"^arn:(aws).:(s3\|s3-object-lambda):[a-z\\-0-9]:[0-9]{12}:accesspoint[/:][a-zA-Z0-9\\-.]{1,63}$\|^arn:(aws).*:s3-outposts:[a-z\\-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9\\-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9\\-]{1,63}$\""`

Workflow example

name: aws-s3-delete-object
description: 'Delete an AWS S3 Object'

steps:
  - name: aws_s3_deleteObject_1
    type: action
    action: aws.s3.deleteObject
    version: '1'
    inputs:
      awsRoleArn: "arn:aws:iam::123456789012:role/my-workflow-role"
      region: "us-west-2"
      bucket: "my-bucket"
      key: "path/to/object.txt"
    next: end

Adds an object to a bucket. Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
bucket	Required	String	"`examplebucket`"
key	Required	String	"`path/to/object.txt`"
body	Required	String	`file content`
contentType	Required	String	"`plain/text`"
tagging	Optional	String	`“key1=value1"`
parameters	Optional	Map	`{ "ServerSideEncryption": "AES256", "Metadata": { 'metadata1': 'value1', 'metadata2': 'value2', } }`
selectors	Optional	List	`[{\"name\": \"response\", \"expression\": \".response\"}, {\"name\": \"success\", \"expression\": \".success\"}, {\"name\": \"errorMessage\", \"expression\": \".errorMessage\"}]`

Input Field	Type
RequestPayer	String
ACL	String
CacheControl	String
ContentDisposition	String
ContentEncoding	String
ContentLanguage	String
ContentLength	Int
ContentMD5	String
ChecksumAlgorithm	String
ChecksumCRC32	String
ChecksumCRC32C	String
ChecksumCRC64NVME	String
ChecksumSHA1	String
ChecksumSHA256	String
Expires	Map
IfMatch	String
IfNoneMatch	String
GrantFullControl	String
GrantRead	String
GrantReadACP	String
GrantWriteACP	String
WriteOffsetBytes	Int
ServerSideEncryption	String
StorageClass	String
WebsiteRedirectLocation	String
SSECustomerAlgorithm	String
SSECustomerKey	String
SSEKMSKeyId	String
SSEKMSEncryptionContext	String
BucketKeyEnabled	Boolean
RequestPayer	String
ObjectLockMode	String
ObjectLockRetainUntilDate	Map
ObjectLockLegalHoldStatus	String
ExpectedBucketOwner	String
Metadata	Map

Output Field

Type

Example

response

object

{
  'Expiration': 'string',
  'ETag': 'string',
  'ChecksumCRC32': 'string',
  'ChecksumCRC32C': 'string',
  'ChecksumCRC64NVME': 'string',
  'ChecksumSHA1': 'string',
  'ChecksumSHA256': 'string',
  'ChecksumType': 'COMPOSITE'|'FULL_OBJECT',
  'ServerSideEncryption': 'AES256'|'aws:fsx'|'aws:kms'|'aws:kms:dsse',
  'VersionId': 'string',
  'SSECustomerAlgorithm': 'string',
  'SSECustomerKeyMD5': 'string',
  'SSEKMSKeyId': 'string',
  'SSEKMSEncryptionContext': 'string',
  'BucketKeyEnabled': True|False,
  'Size': 123,
  'RequestCharged': 'requester'
  }

Response syntax can be referred put_object - Boto3 1.40.59 documentation

success

Boolean

success: true | false

errorMessage

String

errorMessage: "An error occurred (NoSuchBucket) when calling the PutObject operation: The specified bucket does not exist"

Workflow example

name: s3-put-object
description: 'Put an AWS S3 Object'

steps:
  - name: aws_s3_putObject_1
    type: action
    action: aws.s3.putObject
    version: '1'
    inputs:
      awsRoleArn: "arn:aws:iam::123456789012:role/my-workflow-role"
      region: "us-east-2"
      bucket: "examplebucket"
      key: "path/to/object.txt"
      body: "Hello world"
      contentType: "plain/text"
      tagging: "key1=value1"
    next: end

In the GetObject request, specify the full key name for the object.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
bucket	Required	String	"`examplebucket`"
key	Required	String	"`path/to/object.txt`"
versionId	Optional	String	`"some-version-id"`
range	Optional	String	`bytes=0-99`
parameters	Optional	Map	`{ "ChecksumMode": "ENABLED", "ExpectedBucketOwner": "test-user" }`
selectors	Optional	List	`[{\"name\": \"response\", \"expression\": \".response\"}, {\"name\": \"success\", \"expression\": \".success\"}, {\"name\": \"errorMessage\", \"expression\": \".errorMessage\"}]`

중요

The action will fail if the object is more than 100kb.

Input Field	Type
IfMatch	String
IfModifiedSince	Map
IfNoneMatch	String
IfUnmodifiedSince	Map
ResponseCacheControl	String
ResponseContentDisposition	String
ResponseContentEncoding	String
ResponseContentLanguage	String
ResponseContentType	String
ResponseExpires	Map
SSECustomerAlgorithm	String
SSECustomerKey	String
RequestPayer	String
PartNumber	Int
ExpectedBucketOwner	String
ChecksumMode	String

Output Field

Type

Example

response

object

{
  'Body': StreamingBody(),
  'DeleteMarker': True|False,
  'AcceptRanges': 'string',
  'Expiration': 'string',
  'Restore': 'string',
  'LastModified': datetime(2015, 1, 1),
  'ContentLength': 123,
  'ETag': 'string',
  'ChecksumCRC32': 'string',
  'ChecksumCRC32C': 'string',
  'ChecksumCRC64NVME': 'string',
  'ChecksumSHA1': 'string',
  'ChecksumSHA256': 'string',
  'ChecksumType': 'COMPOSITE'|'FULL_OBJECT',
  'MissingMeta': 123,
  'VersionId': 'string',
  'CacheControl': 'string',
  'ContentDisposition': 'string',
  'ContentEncoding': 'string',
  'ContentLanguage': 'string',
  'ContentRange': 'string',
  'ContentType': 'string',
  'Expires': datetime(2015, 1, 1),
  'ExpiresString': 'string',
  'WebsiteRedirectLocation': 'string',
  'ServerSideEncryption': 'AES256'|'aws:fsx'|'aws:kms'|'aws:kms:dsse',
  'Metadata': {
      'string': 'string'
  },
  'SSECustomerAlgorithm': 'string',
  'SSECustomerKeyMD5': 'string',
  'SSEKMSKeyId': 'string',
  'BucketKeyEnabled': True|False,
  'StorageClass': 'STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'GLACIER'|'DEEP_ARCHIVE'|'OUTPOSTS'|'GLACIER_IR'|'SNOW'|'EXPRESS_ONEZONE'|'FSX_OPENZFS',
  'RequestCharged': 'requester',
  'ReplicationStatus': 'COMPLETE'|'PENDING'|'FAILED'|'REPLICA'|'COMPLETED',
  'PartsCount': 123,
  'TagCount': 123,
  'ObjectLockMode': 'GOVERNANCE'|'COMPLIANCE',
  'ObjectLockRetainUntilDate': datetime(2015, 1, 1),
  'ObjectLockLegalHoldStatus': 'ON'|'OFF'
  }

Response syntax can be referred to in the get_object - Boto3 1.40.59 documentation

success

Boolean

success: true | false

errorMessage

String

errorMessage: "An error occurred (InvalidArgument) when calling the GetObject operation: Invalid version id specified"

Workflow example

name: s3-get-object
description: 'Get an AWS S3 Object'

steps:
  - name: aws_s3_getObject_1
    type: action
    action: aws.s3.getObject
    version: '1'
    inputs:
      awsRoleArn: "arn:aws:iam::123456789012:role/my-workflow-role"
      region: "us-east-2"
      bucket: "examplebucket"
      key: "path/to/object.txt"
    next: end

Sends a message to an Amazon SNS topic. All subscribers to the topic will receive the message.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
message	Required	String	Messages must be UTF-8 encoded strings and at most 256 KB in size `'Workflow failed at step 3'`
topicArn	Optional	String	If you don’t specify a value for the topicArn parameter, Must specify a value for the targetArn parameters. `“arn:aws:sns:us-east-2:123456789012:my-topic”`
targetArn	Optional	String	If you don’t specify a value for the topicArn parameter, Must specify a value for the targetArn parameters. `"arn:aws:sns:us-east-2:123456789012:MySNSTopic"`
subject	Optional	String	`"Workflow Update"`
MessageStructure	Optional	String	`MessageStructure`
messageAttributes	Optional	Map	`{ 'string': { 'DataType': 'string', 'StringValue': 'string', 'BinaryValue': b'bytes' } },`
messageDeduplicationId	Optional	String	`“abc123deduplicationId5678”`
messageGroupId	Optional	String	`“order-processing-group-2023_A”`

Output Field

Type

Example

response

object

[{"success":true,"response":{"MessageId":"2333ededwedwed-52f5-a716-e10355e3e2ff"}}]

Response syntax can be referred to sns-publish- Boto3 documentation](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sns/client/publish.html)

success

Boolean

success: true | false

errorMessage

String

[{"errorMessage":"An error occurred (InvalidParameter) when calling the Publish operation: Invalid parameter: TopicArn or TargetArn Reason: no value for required parameter","success":false,"response":null}]

Workflow example

name: sns-publish-test
description: Publishes a notification to an SNS topic
workflowInputs:
  arnRole:
    type: String
steps:
  - name: aws_sns_publish_1
    type: action
    action: aws.sns.publish
    version: '1'
    inputs:
      awsRoleArn: ${{ .workflowInputs.arnRole }}
      region: us-east-1
      topicArn: arn:aws:sns:us-east-1:123456789012:workflow-test-topic
      subject: "Workflow Update"
      message: "The data processing workflow has completed successfully."
    next: end

SQS actions

Sends a message to a specified Amazon SQS queue.

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
queueUrl	Required	String	"`https://sqs.us-east-2.amazonaws.com/123456789012/my-queue`"
messageBody	Required	String	`“This is a test message”`
messageDeduplicationId	Optional	String	`“abc123deduplicationId5678”`
messageGroupId	Optional	String	`“group1”`
messageAttributes	Optional	Map	`{ "my_attribute_name_1": { "DataType": "String", "StringValue":"my_attribute_value_1"},` `"my_attribute_name_2": { "DataType": "String", "StringValue":"my_attribute_value_2"}}`
delaySeconds	Optional	Int	`123`

Output Field

Type

Example

response

object

{"statusCode":200, "payload":{"status":"success","data":{"MessageId":"e9b73a52-d018-4a73-9fcd-8efb682fba43","MD5OfMessageBody":"fae535c7f7c5687a1c3d8bc52288e33a","MD5OfMessageAttributes":"3ae3c4f59958e031d0d53af2d157e834", }, "message":"Message sent successfully to the SQS queue." }}

Response syntax can be referred to SQS send_message - Boto3 documentation

success

Boolean

success: true | false

errorMessage

String

"errorMessage": "SQS.Client.exceptions.QueueDoesNotExist: "The specified queue does not exist.""

Workflow example

name: sqs-send-message-test
description: Sends a message to an SQS queue
workflowInputs:
  arnRole:
    type: String
steps:
  - name: aws_sqs_sendMessage_1
    type: action
    action: aws.sqs.sendMessage
    version: '1'
    inputs:
      awsRoleArn: ${{ .workflowInputs.arnRole }}
      region: us-east-2
      queueUrl: https://sqs.us-east-2.amazonaws.com/123456789012/workflow-test-queue
      messageBody: "This is a test message"
      messageAttributes:
        my_attribute_name_1:
          DataType: "String"
          StringValue: "my_attribute_value_1"
        my_attribute_name_2:
          DataType: "String"
          StringValue: "my_attribute_value_2"
    next: end

Retrieves one or more messages, from the specified queue

Input Field	Optionality	Type	Example
awsRoleArn	Optional	String	`arn:aws:iam::123456789012:role/my-workflow-role`
awsAccessKeyId	Optional	String	`${{ :secrets:<awsAccessKeyId> }}`
awsSecretAccessKey	Optional	String	`${{ :secrets:<awsSecretAccessKey> }}`
awsSessionToken	Optional	String	`${{ :secrets:<awsSessionToken> }}`
region	Required	String	`"us-east-2"`
queueUrl	Required	String	"`https://sqs.us-east-2.amazonaws.com/123456789012/my-queue`"
maxNumberOfMessages	Optional	Int	`10`
waitTimeSeconds	Optional	Int	`5`
VisibilityTimeout	Optional	Int	`123`
AttributeNames	Optional	List	`[ 'All'\|'Policy'\|'VisibilityTimeout'\|'MaximumMessageSize'\|'MessageRetentionPeriod'\|'ApproximateNumberOfMessages'\|'ApproximateNumberOfMessagesNotVisible'\|'CreatedTimestamp'\|'LastModifiedTimestamp'\|'QueueArn'\|'ApproximateNumberOfMessagesDelayed'\|'DelaySeconds'\|'ReceiveMessageWaitTimeSeconds'\|'RedrivePolicy'\|'FifoQueue'\|'ContentBasedDeduplication'\|'KmsMasterKeyId'\|'KmsDataKeyReusePeriodSeconds'\|'DeduplicationScope'\|'FifoThroughputLimit'\|'RedriveAllowPolicy'\|'SqsManagedSseEnabled', ]`
messageAttributeNames	Optional	List	`[ 'message_attribute_name', ],`
messageSystemAttributeNames	Optional	List	`['SenderId', 'SentTimestamp']`
receiveRequestAttemptId	Optional	String	`“req-1234abcd”`

Output Field

Type

Example

response

object

{"response":<aws api response> }<br/>

Response syntax can be referred to receive_message - Boto3 documentation](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sqs/client/receive_message.html)

success

Boolean

success: true | false

errorMessage

String

"errorMessage": "SQS.Client.exceptions.QueueDoesNotExist: "The specified queue does not exist.""

Workflow example

name: sqs-receive-message-test
description: 'Receives a message from an SQS queue'
steps:
  - name: aws_sqs_receiveMessage_1
    type: action
    action: aws.sqs.receiveMessage
    version: '1'
    inputs:
      awsRoleArn: ${{ :secrets:awsRoleArn }}
      region: us-east-1
      queueUrl: https://sqs.us-east-1.amazonaws.com/123456789012/workflow-test-queue
      waitTimeSeconds: 5
      maxNumberOfMessages: 10
      messageAttributeNames: ['message_attribute_name'],

Input Field	Type
RequestPayer	String
BypassGovernanceRetention	Boolean
ExpectedBucketOwner	String
IfMatch	String
IfMatchLastModifiedTime	Map
IfMatchSize	Int
VersionId	String
MFA	String

preview

Prerequisites.css-21sua1{background:none;border:none;width:0;padding:0;}

Lambda actions

Update function configuration

Get function

List aliases

EC2 actions

Delete snapshot

Reboot instances

Start instances

Terminate instances

Run instances

Systems Manager actions

Create document

Delete document

Start automation

Wait for automation status

General AWS actions

Execute an AWS API

CloudWatch actions

Get log events

Put log events

S3 actions

List objects in an AWS S3 bucket

Response syntax

Delete object

Response syntax

Adds an object to AWS S3 bucket

Response syntax

Get object

Response syntax

SNS actions

Publish a message to an AWS SNS topic

SQS actions

Send a message to an AWS SQS queue

Receives a message from an AWS SQS queue

Prerequisites