AWS
Manage resources and execute AWS commands in workflows
Triggers
Section titled “Triggers” CloudWatch • On Alarm Listen to AWS CloudWatch alarm state change events
CodeArtifact • On Package Version Listen to AWS CodeArtifact package version events
ECR • On Image Push Listen to AWS ECR image push events
ECR • On Image Scan Listen to AWS ECR image scan events
SNS • On Topic Message Listen to AWS SNS topic notifications
Actions
Section titled “Actions” CodeArtifact • Copy Package Versions Copy package versions from one repository to another in the same domain
CodeArtifact • Create Repository Create an AWS CodeArtifact repository in a domain
CodeArtifact • Delete Package Versions Permanently delete one or more package versions from a repository
CodeArtifact • Delete Repository Delete an AWS CodeArtifact repository from a domain
CodeArtifact • Dispose Package Versions Delete assets and set package version status to Disposed (record remains)
CodeArtifact • Get Package Version Describe an AWS CodeArtifact package version
CodeArtifact • Update Package Versions Status Update the status of one or more package versions (Archived, Published, Unlisted)
ECR • Get Image Get an ECR image by digest or tag
ECR • Get Image Scan Findings Get ECR image scan findings by digest or tag
ECR • Scan Image Scan an ECR image for vulnerabilities
Lambda • Run Function Invoke a Lambda function, optionally creating it from inline JavaScript
SNS • Create Topic Create an AWS SNS topic
SNS • Delete Topic Delete an AWS SNS topic
SNS • Get Subscription Get an AWS SNS subscription by ARN
SNS • Get Topic Get an AWS SNS topic by ARN
SNS • Publish Message Publish a message to an AWS SNS topic
Instructions
Section titled “Instructions”Initially, you can leave the “IAM Role ARN” field empty, as you will be guided through the identity provider and IAM role creation process.
CloudWatch • On Alarm
Section titled “CloudWatch • On Alarm”The On Alarm trigger starts a workflow execution when a CloudWatch alarm transitions to the ALARM state.
Use Cases
Section titled “Use Cases”- Incident response: Notify responders and open incidents when alarms fire
- Auto-remediation: Execute rollback or recovery workflows immediately
- Audit and reporting: Track alarm transitions over time
Configuration
Section titled “Configuration”- Region: AWS region where alarms are evaluated
- Alarms: Optional alarm name filters (supports equals, not-equals, and regex matches)
- State: Only trigger for alarms in the specified state (OK, ALARM, or INSUFFICIENT_DATA)
Event Data
Section titled “Event Data”Each alarm event includes:
- detail.alarmName: CloudWatch alarm name
- detail.state.value: Current alarm state
- detail.previousState.value: Previous alarm state
Example Data
Section titled “Example Data”{ "data": { "account": "123456789012", "detail": { "alarmName": "HighCPUUtilization", "previousState": { "reason": "Threshold Crossed: 1 datapoint [35.0 (20/11/24 20:29:00)] was not greater than or equal to the threshold (90.0).", "timestamp": "2024-11-20T20:30:33.000+0000", "value": "OK" }, "state": { "reason": "Threshold Crossed: 1 datapoint [95.0 (20/11/24 20:34:00)] was greater than or equal to the threshold (90.0).", "timestamp": "2024-11-20T20:35:33.000+0000", "value": "ALARM" } }, "detail-type": "CloudWatch Alarm State Change", "id": "2f1ecf5c-8bc9-4b7d-9e76-8df420e8e1a7", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:HighCPUUtilization" ], "source": "aws.cloudwatch", "time": "2024-11-20T20:35:33Z", "version": "0" }, "timestamp": "2026-02-10T12:00:00Z", "type": "aws.cloudwatch.alarm"}CodeArtifact • On Package Version
Section titled “CodeArtifact • On Package Version”The On Package Version trigger starts a workflow execution when a package version is created, modified, or deleted in AWS CodeArtifact.
Use Cases
Section titled “Use Cases”- Release automation: Trigger downstream workflows when a new package version is published
- Dependency monitoring: Notify teams about changes to shared libraries
- Compliance checks: Validate artifacts before promotion
Example Data
Section titled “Example Data”{ "data": { "account": "123456789012", "detail": { "changes": { "assetsAdded": 1, "assetsRemoved": 0, "assetsUpdated": 0, "metadataUpdated": false, "statusChanged": true }, "domainName": "example-domain", "domainOwner": "123456789012", "eventDeduplicationId": "5f87d1a3-2c1f-4ab0-8f55-8f4c2b4a5c76", "operationType": "Created", "packageFormat": "npm", "packageName": "@scope/example-package", "packageNamespace": null, "packageVersion": "1.2.3", "packageVersionRevision": "E30D52B451F42F41", "packageVersionState": "Published", "repositoryAdministrator": "arn:aws:sts::123456789012:assumed-role/ExampleRole/example-user", "repositoryName": "example-repo", "sequenceNumber": 1 }, "detail-type": "CodeArtifact Package Version State Change", "id": "d9e9ff4a-3514-3d2c-b6b8-1fb5e0b9d3b2", "region": "us-east-1", "resources": [ "arn:aws:codeartifact:us-east-1:123456789012:repository/example-domain/example-repo" ], "source": "aws.codeartifact", "time": "2024-11-20T20:35:33Z", "version": "0" }, "timestamp": "2026-03-10T14:25:30.31254162Z", "type": "aws.codeartifact.package.version"}ECR • On Image Push
Section titled “ECR • On Image Push”The On Image Push trigger starts a workflow execution when an image is pushed to an ECR repository.
Use Cases
Section titled “Use Cases”- Build pipelines: Trigger builds and deployments on container pushes
- Security automation: Kick off scans or alerts for newly pushed images
- Release workflows: Promote artifacts when a tag is published
Configuration
Section titled “Configuration”- Repositories: Optional filters for ECR repository names
- Image Tags: Optional filters for image tags (for example:
latestor^v[0-9]+)
Event Data
Section titled “Event Data”Each image push event includes:
- detail.repository-name: ECR repository name
- detail.image-tag: Tag that was pushed
- detail.image-digest: Digest of the image
Example Data
Section titled “Example Data”{ "data": { "account": "123456789012", "detail": { "action-type": "PUSH", "image-digest": "sha256:2c26b46b68ffc68ff99b453c1d30413413422f1642f0e2b8c7b8a0b8a96a909e", "image-tag": "latest", "repository-arn": "arn:aws:ecr:us-east-1:123456789012:repository/my-repo", "repository-name": "my-repo", "result": "SUCCESS" }, "detail-type": "ECR Image Action", "id": "c1b45a2c-9c3f-4c52-bc98-5ea31ce17692", "region": "us-east-1", "resources": [ "arn:aws:ecr:us-east-1:123456789012:repository/my-repo" ], "source": "aws.ecr", "time": "2024-01-01T12:00:00Z", "version": "0" }, "timestamp": "2026-02-03T12:00:00Z", "type": "aws.ecr.image.push"}ECR • On Image Scan
Section titled “ECR • On Image Scan”The On Image Scan trigger starts a workflow execution when an ECR image scan completes.
Use Cases
Section titled “Use Cases”- Security automation: Notify teams or open issues on new findings
- Compliance checks: Gate promotions based on severity thresholds
- Reporting: Aggregate scan findings across repositories
Configuration
Section titled “Configuration”- Repositories: Optional filters for ECR repository names
- Enhanced scanning: Enhanced scanning events are sent by Amazon Inspector (aws.inspector2)
Event Data
Section titled “Event Data”Each image scan event includes:
- detail.scan-status: Scan status (for example: COMPLETE)
- detail.repository-name: ECR repository name
- detail.image-digest: Digest of the image
- detail.image-tags: Tags associated with the image
- detail.finding-severity-counts: Counts per severity level (if any)
Example Data
Section titled “Example Data”{ "data": { "account": "123456789012", "detail": { "finding-severity-counts": { "CRITICAL": 10, "MEDIUM": 9 }, "image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234", "image-tags": [], "repository-name": "my-repo", "scan-status": "COMPLETE" }, "detail-type": "ECR Image Scan", "id": "df8b66c7-62c7-4b8a-9a6b-6ad7d6d8b3a2", "region": "us-east-1", "resources": [ "arn:aws:ecr:us-east-1:123456789012:repository/my-repo" ], "source": "aws.ecr", "time": "2024-01-01T12:00:00Z", "version": "0" }, "timestamp": "2026-03-10T14:25:30.31254162Z", "type": "aws.ecr.image.scan"}SNS • On Topic Message
Section titled “SNS • On Topic Message”The On Topic Message trigger starts a workflow execution when a message is published to an AWS SNS topic.
Use Cases
Section titled “Use Cases”- Event-driven automation: React to messages published by external systems
- Notification processing: Handle SNS payloads in workflow steps
- Routing and enrichment: Trigger downstream workflows based on topic activity
How it works
Section titled “How it works”During setup, SuperPlane creates a webhook endpoint for this trigger and subscribes it to the selected SNS topic using HTTPS. SNS sends notification payloads to the webhook endpoint, which then emits workflow events.
Example Data
Section titled “Example Data”{ "data": { "account": "123456789012", "detail": { "message": "{\"orderId\":\"ord_123\",\"status\":\"created\"}", "messageId": "95df01b4-ee98-5cb9-9903-4c221d41eb5e", "subject": "order.created", "timestamp": "2026-01-10T10:00:00Z", "topicArn": "arn:aws:sns:us-east-1:123456789012:orders-events" }, "message": "{\"orderId\":\"ord_123\",\"status\":\"created\"}", "messageAttributes": { "eventType": { "Type": "String", "Value": "order.created" } }, "messageId": "95df01b4-ee98-5cb9-9903-4c221d41eb5e", "region": "us-east-1", "subject": "order.created", "timestamp": "2026-01-10T10:00:00Z", "topicArn": "arn:aws:sns:us-east-1:123456789012:orders-events", "type": "Notification" }, "timestamp": "2026-01-10T10:00:02.000000000Z", "type": "aws.sns.topic.message"}CodeArtifact • Copy Package Versions
Section titled “CodeArtifact • Copy Package Versions”The Copy Package Versions component copies one or more package versions from a source repository to a destination repository in the same domain.
Use Cases
Section titled “Use Cases”- Promotion: Copy approved versions from staging to production
- Replication: Mirror packages across repositories
- Migration: Move versions between repos in the same domain
Example Output
Section titled “Example Output”{ "failedVersions": {}, "successfulVersions": { "1.0.0": { "revision": "REVISION1", "status": "Published" }, "1.0.1": { "revision": "REVISION2", "status": "Published" } }}CodeArtifact • Create Repository
Section titled “CodeArtifact • Create Repository”The Create Repository component creates a new repository in an AWS CodeArtifact domain.
Use Cases
Section titled “Use Cases”- Automated setup: Create repositories as part of onboarding or pipeline setup
- Environment replication: Mirror repository structure across domains
- Workflow provisioning: Create a destination repository before copying packages
Example Output
Section titled “Example Output”{ "repository": { "administratorAccount": "123456789012", "arn": "arn:aws:codeartifact:us-east-1:123456789012:repository/example-domain/my-repo", "createdTime": 1706961600, "description": "Example repository created by workflow", "domainName": "example-domain", "domainOwner": "123456789012", "name": "my-repo" }}CodeArtifact • Delete Package Versions
Section titled “CodeArtifact • Delete Package Versions”The Delete Package Versions component permanently removes package versions and their assets. Deleted versions cannot be restored. To remove from view but keep the option to restore later, use Update Package Versions Status to set status to Archived instead.
Use Cases
Section titled “Use Cases”- Cleanup: Remove obsolete or invalid versions
- Compliance: Permanently remove versions that must not be retained
- Storage: Free space by deleting unused versions
Example Output
Section titled “Example Output”{ "failedVersions": {}, "successfulVersions": { "1.0.0": { "revision": "REVISION1", "status": "Deleted" } }}CodeArtifact • Delete Repository
Section titled “CodeArtifact • Delete Repository”The Delete Repository component deletes a repository from an AWS CodeArtifact domain.
Use Cases
Section titled “Use Cases”- Cleanup: Remove repositories after migration or deprecation
- Environment teardown: Delete temporary repositories created by workflows
- Lifecycle management: Enforce retention by deleting old repositories
Example Output
Section titled “Example Output”{ "repository": { "administratorAccount": "123456789012", "arn": "arn:aws:codeartifact:us-east-1:123456789012:repository/example-domain/my-repo", "createdTime": 1706961600, "description": "Deleted repository", "domainName": "example-domain", "domainOwner": "123456789012", "name": "my-repo" }}CodeArtifact • Dispose Package Versions
Section titled “CodeArtifact • Dispose Package Versions”The Dispose Package Versions component deletes the assets of package versions and sets their status to Disposed. The version record remains so you can still see it in ListPackageVersions with status Disposed; assets cannot be restored.
Use Cases
Section titled “Use Cases”- Retention: Keep version metadata for audit while removing binary assets
- Storage: Free asset storage while preserving version history
- Lifecycle: Mark versions as disposed after a retention period
Example Output
Section titled “Example Output”{ "failedVersions": {}, "successfulVersions": { "1.0.0": { "revision": "REVISION1", "status": "Disposed" } }}CodeArtifact • Get Package Version
Section titled “CodeArtifact • Get Package Version”The Get Package Version component retrieves metadata for a specific package version in AWS CodeArtifact.
Use Cases
Section titled “Use Cases”- Release automation: Resolve package metadata before promotion
- Audit trails: Capture version details for reporting
- Dependency checks: Validate status and origin of package versions
Example Output
Section titled “Example Output”{ "data": { "assets": [ { "hashes": { "sha256": "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" }, "name": "example-package-1.2.3.tgz", "size": 1234567890 } ], "package": { "displayName": "example-package", "format": "npm", "homePage": "https://example.com/example-package", "licenses": [ { "name": "MIT", "url": "https://opensource.org/licenses/MIT" } ], "namespace": "@scope", "origin": { "domainEntryPoint": { "externalConnectionName": "npmjs", "repositoryName": "example-repo" }, "originType": "EXTERNAL" }, "packageName": "@scope/example-package", "revision": "E30D52B451F42F41", "sourceCodeRepository": "https://github.com/example/example-package", "status": "Published", "summary": "Example package for demonstration.", "version": "1.2.3" } }, "timestamp": "2026-02-03T12:00:00Z", "type": "aws.codeartifact.package.version"}CodeArtifact • Update Package Versions Status
Section titled “CodeArtifact • Update Package Versions Status”The Update Package Versions Status component sets the status of package versions to Archived, Published, or Unlisted.
Use Cases
Section titled “Use Cases”- Lifecycle management: Archive old versions or publish after validation
- Visibility: Unlist versions without deleting them
- Compliance: Align version status with release policies
Example Output
Section titled “Example Output”{ "failedVersions": {}, "successfulVersions": { "1.0.0": { "revision": "REVISION1", "status": "Archived" }, "1.0.1": { "revision": "REVISION2", "status": "Archived" } }}ECR • Get Image
Section titled “ECR • Get Image”The Get Image component retrieves image metadata from an ECR repository by digest, tag, or both.
Use Cases
Section titled “Use Cases”- Release automation: Fetch image details before deployment
- Audit trails: Resolve digests and tags for traceability
- Security workflows: Enrich findings with image metadata
Configuration
Section titled “Configuration”- Region: AWS region of the ECR repository
- Repository: ECR repository name or ARN
- Image Digest: Digest of the image (optional)
- Image Tag: Tag of the image (optional)
At least one of Image Digest or Image Tag is required. If both are provided, the request includes both.
Example Output
Section titled “Example Output”{ "data": { "artifactMediaType": "application/vnd.docker.container.image.v1+json", "imageDigest": "sha256:8f1d3e4f5a6b7c8d9e0f11121314151617181920212223242526272829303132", "imageManifestMediaType": "application/vnd.docker.distribution.manifest.v2+json", "imagePushedAt": "2026-02-03T12:00:00Z", "imageSizeInBytes": 48273912, "imageTags": [ "latest", "v1.2.3" ], "registryId": "123456789012", "repositoryName": "my-repo" }, "timestamp": "2026-02-03T12:00:00Z", "type": "aws.ecr.image"}ECR • Get Image Scan Findings
Section titled “ECR • Get Image Scan Findings”The Get Image Scan Findings component retrieves vulnerability scan results for an ECR image.
Use Cases
Section titled “Use Cases”- Security automation: Pull scan findings to drive alerting or approvals
- Compliance checks: Validate images against severity thresholds
- Reporting: Capture scan summaries and findings for audits
Configuration
Section titled “Configuration”- Region: AWS region of the ECR repository
- Repository: ECR repository name or ARN
- Image Digest: Digest of the image (optional)
- Image Tag: Tag of the image (optional)
At least one of Image Digest or Image Tag is required. If both are provided, the request includes both.
Example Output
Section titled “Example Output”{ "data": { "imageId": { "imageDigest": "sha256:8f1d3e4f5a6b7c8d9e0f11121314151617181920212223242526272829303132", "imageTag": "latest" }, "imageScanFindings": { "findingSeverityCounts": { "HIGH": 1 }, "findings": [ { "attributes": [ { "key": "package_name", "value": "openssl" }, { "key": "package_version", "value": "1.1.1k" } ], "description": "Example vulnerability in a package.", "name": "CVE-2024-12345", "severity": "HIGH", "uri": "https://example.com/cve-2024-12345" } ], "imageScanCompletedAt": "2026-02-03T12:05:00Z", "vulnerabilitySourceUpdatedAt": "2026-02-03T00:00:00Z" }, "imageScanStatus": { "description": "Scan completed", "status": "COMPLETE" }, "registryId": "123456789012", "repositoryName": "my-repo" }, "timestamp": "2026-02-03T12:05:00Z", "type": "aws.ecr.image.scanFindings"}ECR • Scan Image
Section titled “ECR • Scan Image”The Scan Image component scans an ECR image for vulnerabilities.
Use Cases
Section titled “Use Cases”- Security automation: Scan images for vulnerabilities
- Compliance checks: Validate images against severity thresholds
- Reporting: Capture scan summaries and findings for audits
Configuration
Section titled “Configuration”- Region: AWS region of the ECR repository
- Repository: ECR repository name or ARN
- Image Digest: Digest of the image (optional)
- Image Tag: Tag of the image (optional)
At least one of Image Digest or Image Tag is required. If both are provided, the request includes both.
Example Output
Section titled “Example Output”{ "data": { "imageId": { "imageDigest": "sha256:8f1d3e4f5a6b7c8d9e0f11121314151617181920212223242526272829303132", "imageTag": "latest" }, "imageScanFindings": { "findingSeverityCounts": { "HIGH": 1 }, "findings": [ { "attributes": [ { "key": "package_name", "value": "openssl" }, { "key": "package_version", "value": "1.1.1k" } ], "description": "Example vulnerability in a package.", "name": "CVE-2024-12345", "severity": "HIGH", "uri": "https://example.com/cve-2024-12345" } ], "imageScanCompletedAt": "2026-02-03T12:05:00Z", "vulnerabilitySourceUpdatedAt": "2026-02-03T00:00:00Z" }, "imageScanStatus": { "description": "Scan completed", "status": "COMPLETE" }, "registryId": "123456789012", "repositoryName": "my-repo" }, "timestamp": "2026-02-03T12:05:00Z", "type": "aws.ecr.image.scanFindings"}Lambda • Run Function
Section titled “Lambda • Run Function”The Run Lambda component invokes a Lambda function.
Use Cases
Section titled “Use Cases”- Automated workflows: Trigger Lambda functions from SuperPlane workflows
- Event processing: Process events from other applications
- Data transformation: Transform data in real-time
- API integrations: Call Lambda functions from other applications
How It Works
Section titled “How It Works”- Invokes the specified Lambda function with the provided payload
- Returns the function’s response including status code, payload, and log output
- Optionally creates a new Lambda function from inline JavaScript code
Example Output
Section titled “Example Output”{ "payload": { "message": "hello from lambda" }, "report": { "billedDuration": "100 ms", "duration": "89.81 ms", "initDuration": "160.97 ms", "maxMemoryUsed": "82 MB", "memorySize": "128 MB" }, "requestId": "9f8d2b5e-1c7a-4d62-8f1a-0f8b8e4f3a12"}SNS • Create Topic
Section titled “SNS • Create Topic”The Create Topic component creates an AWS SNS topic and returns its metadata.
Use Cases
Section titled “Use Cases”- Provisioning workflows: Create topics as part of environment setup
- Automation bootstrap: Prepare topics before publishing messages
- Self-service operations: Provision messaging resources on demand
Example Output
Section titled “Example Output”{ "data": { "attributes": { "DisplayName": "Orders Events", "Owner": "123456789012", "TopicArn": "arn:aws:sns:us-east-1:123456789012:orders-events" }, "contentBasedDeduplication": false, "displayName": "Orders Events", "fifoTopic": false, "name": "orders-events", "owner": "123456789012", "topicArn": "arn:aws:sns:us-east-1:123456789012:orders-events" }, "timestamp": "2026-01-10T10:00:02.000000000Z", "type": "aws.sns.topic"}SNS • Delete Topic
Section titled “SNS • Delete Topic”The Delete Topic component deletes an AWS SNS topic.
Use Cases
Section titled “Use Cases”- Cleanup workflows: Remove temporary topics after execution
- Lifecycle management: Decommission unused messaging resources
- Rollback automation: Remove topics created in failed provisioning runs
Example Output
Section titled “Example Output”{ "data": { "deleted": true, "topicArn": "arn:aws:sns:us-east-1:123456789012:orders-events" }, "timestamp": "2026-01-10T10:00:02.000000000Z", "type": "aws.sns.topic.deleted"}SNS • Get Subscription
Section titled “SNS • Get Subscription”The Get Subscription component retrieves metadata and attributes for an AWS SNS subscription.
Use Cases
Section titled “Use Cases”- Subscription audits: Inspect endpoint and delivery configuration
- Workflow enrichment: Load subscription metadata before downstream actions
- Validation: Confirm subscription existence and protocol
Example Output
Section titled “Example Output”{ "data": { "attributes": { "Endpoint": "https://example.com/sns/events", "Protocol": "https", "RawMessageDelivery": "true", "TopicArn": "arn:aws:sns:us-east-1:123456789012:orders-events" }, "endpoint": "https://example.com/sns/events", "owner": "123456789012", "pendingConfirmation": false, "protocol": "https", "rawMessageDelivery": true, "subscriptionArn": "arn:aws:sns:us-east-1:123456789012:orders-events:7f8a3d50-f160-4d2d-8f8a-fb95d7f86a51", "topicArn": "arn:aws:sns:us-east-1:123456789012:orders-events" }, "timestamp": "2026-01-10T10:00:02.000000000Z", "type": "aws.sns.subscription"}SNS • Get Topic
Section titled “SNS • Get Topic”The Get Topic component retrieves metadata and attributes for an AWS SNS topic.
Use Cases
Section titled “Use Cases”- Configuration audits: Verify topic settings and attributes
- Workflow enrichment: Load topic metadata before downstream actions
- Validation: Confirm topic existence and ownership
Example Output
Section titled “Example Output”{ "data": { "attributes": { "DisplayName": "Orders Events", "Owner": "123456789012", "TopicArn": "arn:aws:sns:us-east-1:123456789012:orders-events" }, "contentBasedDeduplication": false, "displayName": "Orders Events", "fifoTopic": false, "name": "orders-events", "owner": "123456789012", "topicArn": "arn:aws:sns:us-east-1:123456789012:orders-events" }, "timestamp": "2026-01-10T10:00:02.000000000Z", "type": "aws.sns.topic"}SNS • Publish Message
Section titled “SNS • Publish Message”The Publish Message component sends a message to an AWS SNS topic.
Use Cases
Section titled “Use Cases”- Event fan-out: Broadcast workflow results to multiple subscribers
- Notifications: Send operational updates to users and systems
- Automation: Trigger downstream subscribers through SNS delivery
Example Output
Section titled “Example Output”{ "data": { "messageId": "a730a53a-a86d-5fcb-9ad1-ff72b8d0f104", "topicArn": "arn:aws:sns:us-east-1:123456789012:orders-events" }, "timestamp": "2026-01-10T10:00:02.000000000Z", "type": "aws.sns.message.published"}