View Source AWS.EC2 (aws-elixir v1.0.4)
Amazon Elastic Compute Cloud
You can access the features of Amazon Elastic Compute Cloud (Amazon EC2) programmatically.
For more information, see the Amazon EC2 Developer Guide.
Link to this section Summary
Functions
Accepts an Elastic IP address transfer.
Accepts a request to assign billing of the available capacity of a shared Capacity Reservation to your account.
Accepts the Convertible Reserved Instance exchange quote described in the
GetReservedInstancesExchangeQuote call.
Accepts a request to associate subnets with a transit gateway multicast domain.
Accepts a transit gateway peering attachment request.
Accepts a request to attach a VPC to a transit gateway.
Accepts connection requests to your VPC endpoint service.
Accept a VPC peering connection request.
Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).
Allocates an Elastic IP address to your Amazon Web Services account.
Allocates a Dedicated Host to your account.
Allocate a CIDR from an IPAM pool.
Applies a security group to the association between the target network and the Client VPN endpoint.
Assigns one or more IPv6 addresses to the specified network interface.
Assigns one or more secondary private IP addresses to the specified network interface.
Assigns private IPv4 addresses to a private NAT gateway.
Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface.
Initiates a request to assign billing of the unused capacity of a shared Capacity Reservation to a consumer account that is consolidated under the same Amazon Web Services organizations payer account.
Associates a target network with a Client VPN endpoint.
Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC.
Associates an Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate.
Associates an IAM instance profile with a running or stopped instance.
Associates one or more targets with an event window.
Associates your Autonomous System Number (ASN) with a BYOIP CIDR that you own in the same Amazon Web Services Region.
Associates an IPAM resource discovery with an Amazon VPC IPAM.
Associates Elastic IP addresses (EIPs) and private IPv4 addresses with a public NAT gateway.
Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC.
Associates a security group with another VPC in the same Region.
Associates a CIDR block with your subnet.
Associates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain.
Associates the specified transit gateway attachment with a transit gateway policy table.
Associates the specified attachment with the specified transit gateway route table.
Associates a branch network interface with a trunk network interface.
Associates a CIDR block with your VPC.
This action is deprecated.
Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC.
Attaches a network interface to an instance.
Attaches the specified Amazon Web Services Verified Access trust provider to the specified Amazon Web Services Verified Access instance.
Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.
Attaches an available virtual private gateway to a VPC.
Adds an ingress authorization rule to a Client VPN endpoint.
Adds the specified outbound (egress) rules to a security group.
Adds the specified inbound (ingress) rules to a security group.
Bundles an Amazon instance store-backed Windows instance.
Cancels a bundling operation for an instance store-backed Windows instance.
Cancels the specified Capacity Reservation, releases the reserved capacity, and
changes
the Capacity Reservation's state to cancelled.
Cancels one or more Capacity Reservation Fleets.
Cancels an active conversion task.
Cancels the generation of an account status report.
Cancels an active export task.
Removes your Amazon Web Services account from the launch permissions for the specified AMI.
Cancels an in-process import virtual machine or import snapshot task.
Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.
Cancels the specified Spot Fleet requests.
Cancels one or more Spot Instance requests.
Determines whether a product code is associated with an instance.
Copies the specified Amazon FPGA Image (AFI) to the current Region.
Initiates an AMI copy operation.
Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3.
Creates a new Capacity Reservation with the specified attributes.
Create a new Capacity Reservation by splitting the capacity of the source Capacity Reservation.
Creates a Capacity Reservation Fleet.
Creates a carrier gateway.
Creates a Client VPN endpoint.
Adds a route to a network to a Client VPN endpoint.
Creates a range of customer-owned IP addresses.
Creates a pool of customer-owned IP (CoIP) addresses.
Provides information to Amazon Web Services about your customer gateway device.
Creates a default subnet with a size /20 IPv4 CIDR block in the
specified Availability Zone in your default VPC.
Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet
in each Availability Zone.
Creates a custom set of DHCP options.
[IPv6 only] Creates an egress-only internet gateway for your VPC.
Creates an EC2 Fleet that contains the configuration information for On-Demand Instances and Spot Instances.
Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC.
Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).
Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.
Creates an EC2 Instance Connect Endpoint.
Creates an event window in which scheduled events for the associated Amazon EC2 instances can run.
Exports a running or stopped instance to an Amazon S3 bucket.
Creates an internet gateway for use with a VPC.
Create an IPAM.
Create a verification token.
Create an IP address pool for Amazon VPC IP Address Manager (IPAM).
Creates an IPAM resource discovery.
Create an IPAM scope.
Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified format.
Creates a launch template.
Creates a new version of a launch template.
Creates a static route for the specified local gateway route table.
Creates a local gateway route table.
Creates a local gateway route table virtual interface group association.
Associates the specified VPC with the specified local gateway route table.
Creates a managed prefix list.
Creates a NAT gateway in the specified subnet.
Creates a network ACL in a VPC.
Creates an entry (a rule) in a network ACL with the specified rule number.
Creates a Network Access Scope.
Creates a path to analyze for reachability.
Creates a network interface in the specified subnet.
Grants an Amazon Web Services-authorized account permission to attach the specified network interface to an instance in their account.
Creates a placement group in which to launch instances.
Creates a public IPv4 address pool.
Replaces the EBS-backed root volume for a running instance with a new
volume that is restored to the original root volume's launch state, that is
restored to a
specific snapshot taken from the original root volume, or that is restored from
an AMI
that has the same key characteristics as that of the instance.
Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace.
Starts a task that restores an AMI from an Amazon S3 object that was previously created by using CreateStoreImageTask. To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon EC2 User Guide.
Creates a route in a route table within a VPC.
Creates a route table for the specified VPC.
Creates a security group.
Creates a snapshot of an EBS volume and stores it in Amazon S3.
Creates crash-consistent snapshots of multiple EBS volumes and stores the data in S3.
Creates a data feed for Spot Instances, enabling you to view Spot Instance usage logs.
Stores an AMI as a single object in an Amazon S3 bucket.
Creates a subnet in the specified VPC.
Creates a subnet CIDR reservation.
Adds or overwrites only the specified tags for the specified Amazon EC2 resource or resources.
Creates a Traffic Mirror filter.
Creates a Traffic Mirror filter rule.
Creates a Traffic Mirror session.
Creates a target for your Traffic Mirror session.
Creates a transit gateway.
Creates a Connect attachment from a specified transit gateway attachment.
Creates a Connect peer for a specified transit gateway Connect attachment between a transit gateway and an appliance.
Creates a multicast domain using the specified transit gateway.
Requests a transit gateway peering attachment between the specified transit gateway (requester) and a peer transit gateway (accepter).
Creates a transit gateway policy table.
Creates a reference (route) to a prefix list in a specified transit gateway route table.
Creates a static route for the specified transit gateway route table.
Creates a route table for the specified transit gateway.
Advertises a new transit gateway route table.
Attaches the specified VPC to the specified transit gateway.
An Amazon Web Services Verified Access endpoint is where you define your application along with an optional endpoint-level access policy.
An Amazon Web Services Verified Access group is a collection of Amazon Web Services Verified Access endpoints who's associated applications have similar security requirements.
An Amazon Web Services Verified Access instance is a regional entity that evaluates application requests and grants access only when your security requirements are met.
A trust provider is a third-party entity that creates, maintains, and manages identity information for users and devices.
Creates an EBS volume that can be attached to an instance in the same Availability Zone.
Creates a VPC with the specified CIDR blocks.
Create a VPC Block Public Access (BPA) exclusion.
Creates a VPC endpoint.
Creates a connection notification for a specified VPC endpoint or VPC endpoint service.
Creates a VPC endpoint service to which service consumers (Amazon Web Services accounts, users, and IAM roles) can connect.
Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection.
Creates a VPN connection between an existing virtual private gateway or transit gateway and a customer gateway.
Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway.
Creates a virtual private gateway.
Deletes a carrier gateway.
Deletes the specified Client VPN endpoint.
Deletes a route from a Client VPN endpoint.
Deletes a range of customer-owned IP addresses.
Deletes a pool of customer-owned IP (CoIP) addresses.
Deletes the specified customer gateway.
Deletes the specified set of DHCP options.
Deletes an egress-only internet gateway.
Deletes the specified EC2 Fleets.
Deletes one or more flow logs.
Deletes the specified Amazon FPGA Image (AFI).
Deletes the specified EC2 Instance Connect Endpoint.
Deletes the specified event window.
Deletes the specified internet gateway.
Delete an IPAM.
Delete a verification token.
Delete an IPAM pool.
Deletes an IPAM resource discovery.
Delete the scope for an IPAM.
Deletes the specified key pair, by removing the public key from Amazon EC2.
Deletes a launch template.
Deletes one or more versions of a launch template.
Deletes the specified route from the specified local gateway route table.
Deletes a local gateway route table.
Deletes a local gateway route table virtual interface group association.
Deletes the specified association between a VPC and local gateway route table.
Deletes the specified managed prefix list.
Deletes the specified NAT gateway.
Deletes the specified network ACL.
Deletes the specified ingress or egress entry (rule) from the specified network ACL.
Deletes the specified Network Access Scope.
Deletes the specified Network Access Scope analysis.
Deletes the specified network insights analysis.
Deletes the specified path.
Deletes the specified network interface.
Deletes a permission for a network interface.
Deletes the specified placement group.
Delete a public IPv4 pool.
Deletes the queued purchases for the specified Reserved Instances.
Deletes the specified route from the specified route table.
Deletes the specified route table.
Deletes a security group.
Deletes the specified snapshot.
Deletes the data feed for Spot Instances.
Deletes the specified subnet.
Deletes a subnet CIDR reservation.
Deletes the specified set of tags from the specified set of resources.
Deletes the specified Traffic Mirror filter.
Deletes the specified Traffic Mirror rule.
Deletes the specified Traffic Mirror session.
Deletes the specified Traffic Mirror target.
Deletes the specified transit gateway.
Deletes the specified Connect attachment.
Deletes the specified Connect peer.
Deletes the specified transit gateway multicast domain.
Deletes a transit gateway peering attachment.
Deletes the specified transit gateway policy table.
Deletes a reference (route) to a prefix list in a specified transit gateway route table.
Deletes the specified route from the specified transit gateway route table.
Deletes the specified transit gateway route table.
Advertises to the transit gateway that a transit gateway route table is deleted.
Deletes the specified VPC attachment.
Delete an Amazon Web Services Verified Access endpoint.
Delete an Amazon Web Services Verified Access group.
Delete an Amazon Web Services Verified Access instance.
Delete an Amazon Web Services Verified Access trust provider.
Deletes the specified EBS volume.
Deletes the specified VPC.
Delete a VPC Block Public Access (BPA) exclusion.
Deletes the specified VPC endpoint connection notifications.
Deletes the specified VPC endpoint service configurations.
Deletes the specified VPC endpoints.
Deletes a VPC peering connection.
Deletes the specified VPN connection.
Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway.
Deletes the specified virtual private gateway.
Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.
Deprovisions your Autonomous System Number (ASN) from your Amazon Web Services account.
Deprovision a CIDR provisioned from an IPAM pool.
Deprovision a CIDR from a public IPv4 pool.
Deregisters the specified AMI.
Deregisters tag keys to prevent tags that have the specified tag keys from being included in scheduled event notifications for resources in the Region.
Deregisters the specified members (network interfaces) from the transit gateway multicast group.
Deregisters the specified sources (network interfaces) from the transit gateway multicast group.
Describes attributes of your Amazon Web Services account.
Describes an Elastic IP address transfer.
Describes the specified Elastic IP addresses or all of your Elastic IP addresses.
Describes the attributes of the specified Elastic IP addresses.
Describes the longer ID format settings for all resource types in a specific Region.
Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to you.
Describes the current Infrastructure Performance metric subscriptions.
Describes the specified bundle tasks or all of your bundle tasks.
Describes the IP address ranges that were specified in calls to
ProvisionByoipCidr.
Describes the events for the specified Capacity Block extension during the specified time.
Describes Capacity Block extension offerings available for purchase in the Amazon Web Services Region that you're currently using.
Describes Capacity Block offerings available for purchase in the Amazon Web Services Region that you're currently using.
Describes a request to assign the billing of the unused capacity of a Capacity Reservation.
Describes one or more Capacity Reservation Fleets.
Describes one or more of your Capacity Reservations.
Describes one or more of your carrier gateways.
This action is deprecated.
Describes the authorization rules for a specified Client VPN endpoint.
Describes active client connections and connections that have been terminated within the last 60 minutes for the specified Client VPN endpoint.
Describes one or more Client VPN endpoints in the account.
Describes the routes for the specified Client VPN endpoint.
Describes the target networks associated with the specified Client VPN endpoint.
Describes the specified customer-owned address pools or all of your customer-owned address pools.
Describes the specified conversion tasks or all your conversion tasks.
Describes one or more of your VPN customer gateways.
Describes the metadata of an account status report, including the status of the report.
Describes your DHCP option sets.
Describes your egress-only internet gateways.
Amazon Elastic Graphics reached end of life on January 8, 2024.
Describes the specified export image tasks or all of your export image tasks.
Describes the specified export instance tasks or all of your export instance tasks.
Describe details for Windows AMIs that are configured for Windows fast launch.
Describes the state of fast snapshot restores for your snapshots.
Describes the events for the specified EC2 Fleet during the specified time.
Describes the running instances for the specified EC2 Fleet.
Describes the specified EC2 Fleet or all of your EC2 Fleets.
Describes one or more flow logs.
Describes the specified attribute of the specified Amazon FPGA Image (AFI).
Describes the Amazon FPGA Images (AFIs) available to you.
Describes the Dedicated Host reservations that are available to purchase.
Describes reservations that are associated with Dedicated Hosts in your account.
Describes the specified Dedicated Hosts or all your Dedicated Hosts.
Describes your IAM instance profile associations.
Describes the ID format settings for your resources on a per-Region basis, for example, to view which resource types are enabled for longer IDs.
Describes the ID format settings for resources for the specified IAM user, IAM role, or root user.
Describes the specified attribute of the specified AMI.
Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.
Displays details about an import virtual machine or import snapshot tasks that are already created.
Describes your import snapshot tasks.
Describes the specified attribute of the specified instance.
Describes the specified EC2 Instance Connect Endpoints or all EC2 Instance Connect Endpoints.
Describes the credit option for CPU usage of the specified burstable performance instances.
Describes the tag keys that are registered to appear in scheduled event notifications for resources in the current Region.
Describes the specified event windows or all event windows.
Describes the AMI that was used to launch an instance, even if the AMI is deprecated, deregistered, made private (no longer public or shared with your account), or not allowed.
Describes the status of the specified instances or all of your instances.
Describes a tree-based hierarchy that represents the physical host placement of your EC2 instances within an Availability Zone or Local Zone.
Lists the instance types that are offered for the specified location.
Describes the specified instance types.
Describes the specified instances or all instances.
Describes your internet gateways.
Describes your Autonomous System Numbers (ASNs), their provisioning statuses, and the BYOIP CIDRs with which they are associated.
Describe verification tokens.
Get information about your IPAM pools.
Describes IPAM resource discoveries.
Describes resource discovery association with an Amazon VPC IPAM.
Get information about your IPAM scopes.
Get information about your IPAM pools.
Describes your IPv6 address pools.
Describes the specified key pairs or all of your key pairs.
Describes one or more versions of a specified launch template.
Describes one or more launch templates.
Describes the associations between virtual interface groups and local gateway route tables.
Describes the specified associations between VPCs and local gateway route tables.
Describes one or more local gateway route tables.
Describes the specified local gateway virtual interface groups.
Describes the specified local gateway virtual interfaces.
Describes one or more local gateways.
Describes the lock status for a snapshot.
Describes the specified EC2 Mac Dedicated Host or all of your EC2 Mac Dedicated Hosts.
Describes your managed prefix lists and any Amazon Web Services-managed prefix lists.
This action is deprecated.
Describes your NAT gateways.
Describes your network ACLs.
Describes the specified Network Access Scope analyses.
Describes the specified Network Access Scopes.
Describes one or more of your network insights analyses.
Describes one or more of your paths.
Describes a network interface attribute.
Describes the permissions for your network interfaces.
Describes one or more of your network interfaces.
Describes the specified placement groups or all of your placement groups.
Describes available Amazon Web Services services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.
Describes the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference.
Describes the specified IPv4 address pools.
Describes the Regions that are enabled for your account, or all Regions.
Describes a root volume replacement task.
Describes one or more of the Reserved Instances that you purchased.
Describes your account's Reserved Instance listings in the Reserved Instance Marketplace.
Describes the modifications made to your Reserved Instances.
Describes Reserved Instance offerings that are available for purchase.
Describes your route tables.
Finds available schedules that meet the specified criteria.
Describes the specified Scheduled Instances or all your Scheduled Instances.
Describes the VPCs on the other side of a VPC peering or Transit Gateway connection that are referencing the security groups you've specified in this request.
Describes one or more of your security group rules.
Describes security group VPC associations made with AssociateSecurityGroupVpc.
Describes the specified security groups or all of your security groups.
Describes the specified attribute of the specified snapshot.
Describes the storage tier status of one or more Amazon EBS snapshots.
Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you.
Describes the data feed for Spot Instances.
Describes the running instances for the specified Spot Fleet.
Describes the events for the specified Spot Fleet request during the specified time.
Describes your Spot Fleet requests.
Describes the specified Spot Instance requests.
Describes the Spot price history.
Describes the stale security group rules for security groups referenced across a VPC peering connection, transit gateway connection, or with a security group VPC association.
Describes the progress of the AMI store tasks.
Describes your subnets.
Describes the specified tags for your EC2 resources.
Describe traffic mirror filters that determine the traffic that is mirrored.
Describes one or more Traffic Mirror filters.
Describes one or more Traffic Mirror sessions.
Information about one or more Traffic Mirror targets.
Describes one or more attachments between resources and transit gateways.
Describes one or more Connect peers.
Describes one or more Connect attachments.
Describes one or more transit gateway multicast domains.
Describes your transit gateway peering attachments.
Describes one or more transit gateway route policy tables.
Describes one or more transit gateway route table advertisements.
Describes one or more transit gateway route tables.
Describes one or more VPC attachments.
Describes one or more transit gateways.
Describes one or more network interface trunk associations.
Describes the specified Amazon Web Services Verified Access endpoints.
Describes the specified Verified Access groups.
Describes the specified Amazon Web Services Verified Access instances.
Describes the specified Amazon Web Services Verified Access instances.
Describes the specified Amazon Web Services Verified Access trust providers.
Describes the specified attribute of the specified volume.
Describes the status of the specified volumes.
Describes the specified EBS volumes or all of your EBS volumes.
Describes the most recent volume modification request for the specified EBS volumes.
Describes the specified attribute of the specified VPC.
Describe VPC Block Public Access (BPA) exclusions.
Describe VPC Block Public Access (BPA) options.
This action is deprecated.
This action is deprecated.
Describes the VPC resources, VPC endpoint services, Amazon Lattice services, or service networks associated with the VPC endpoint.
Describes the connection notifications for VPC endpoints and VPC endpoint services.
Describes the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance.
Describes the VPC endpoint service configurations in your account (your services).
Describes the principals (service consumers) that are permitted to discover your VPC endpoint service.
Describes available services to which you can create a VPC endpoint.
Describes your VPC endpoints.
Describes your VPC peering connections.
Describes your VPCs.
Describes one or more of your VPN connections.
Describes one or more of your virtual private gateways.
This action is deprecated.
Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC.
Detaches a network interface from an instance.
Detaches the specified Amazon Web Services Verified Access trust provider from the specified Amazon Web Services Verified Access instance.
Detaches an EBS volume from an instance.
Detaches a virtual private gateway from a VPC.
Disables Elastic IP address transfer.
Disables Allowed AMIs for your account in the specified Amazon Web Services Region.
Disables Infrastructure Performance metric subscriptions.
Disables EBS encryption by default for your account in the current Region.
Discontinue Windows fast launch for a Windows AMI, and clean up existing pre-provisioned snapshots.
Disables fast snapshot restores for the specified snapshots in the specified Availability Zones.
Sets the AMI state to disabled and removes all launch permissions from the
AMI.
Disables block public access for AMIs at the account level in the specified Amazon Web Services Region.
Cancels the deprecation of the specified AMI.
Disables deregistration protection for an AMI.
Disable the IPAM account.
Disables access to the EC2 serial console of all instances for your account.
Disables the block public access for snapshots setting at the account level for the specified Amazon Web Services Region.
Disables the specified resource attachment from propagating routes to the specified propagation route table.
Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC.
This action is deprecated.
This action is deprecated.
Disassociates an Elastic IP address from the instance or network interface it's associated with.
Cancels a pending request to assign billing of the unused capacity of a Capacity Reservation to a consumer account, or revokes a request that has already been accepted.
Disassociates a target network from the specified Client VPN endpoint.
Disassociates an IAM role from an Certificate Manager (ACM) certificate.
Disassociates an IAM instance profile from a running or stopped instance.
Disassociates one or more targets from an event window.
Remove the association between your Autonomous System Number (ASN) and your BYOIP CIDR.
Disassociates a resource discovery from an Amazon VPC IPAM.
Disassociates secondary Elastic IP addresses (EIPs) from a public NAT gateway.
Disassociates a subnet or gateway from a route table.
Disassociates a security group from a VPC.
Disassociates a CIDR block from a subnet.
Disassociates the specified subnets from the transit gateway multicast domain.
Removes the association between an an attachment and a policy table.
Disassociates a resource attachment from a transit gateway route table.
Removes an association between a branch network interface with a trunk network interface.
Disassociates a CIDR block from a VPC.
Enables Elastic IP address transfer.
Enables Allowed AMIs for your account in the specified Amazon Web Services Region.
Enables Infrastructure Performance subscriptions.
Enables EBS encryption by default for your account in the current Region.
When you enable Windows fast launch for a Windows AMI, images are pre-provisioned, using snapshots to launch instances up to 65% faster.
Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.
Re-enables a disabled AMI.
Enables block public access for AMIs at the account level in the specified Amazon Web Services Region.
Enables deprecation of the specified AMI at the specified date and time.
Enables deregistration protection for an AMI.
Enable an Organizations member account as the IPAM admin account.
Establishes a trust relationship between Reachability Analyzer and Organizations.
Enables access to the EC2 serial console of all instances for your account.
Enables or modifies the block public access for snapshots setting at the account level for the specified Amazon Web Services Region.
Enables the specified attachment to propagate routes to the specified propagation route table.
Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC.
Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent.
This action is deprecated.
This action is deprecated.
Downloads the client certificate revocation list for the specified Client VPN endpoint.
Downloads the contents of the Client VPN endpoint configuration file for the specified Client VPN endpoint.
Exports an Amazon Machine Image (AMI) to a VM file.
Exports routes from the specified transit gateway route table to the specified S3 bucket.
Exports the client configuration for a Verified Access instance.
Gets the current state of the Allowed AMIs setting and the list of Allowed AMIs criteria at the account level in the specified Region.
Returns the IAM roles that are associated with the specified ACM (ACM) certificate.
Gets information about the IPv6 CIDR block associations for a specified IPv6 address pool.
Gets network performance data.
Gets usage information about a Capacity Reservation.
Describes the allocations from the specified customer-owned address pool.
Gets the console output for the specified instance.
Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.
Retrieves a summary of the account status report.
Describes the default credit option for CPU usage of a burstable performance instance family.
Describes the default KMS key for EBS encryption by default for your account in this Region.
Describes whether EBS encryption by default is enabled for your account in the current Region.
Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena.
Lists the resource groups to which a Capacity Reservation has been added.
Preview a reservation purchase with configurations that match those of your Dedicated Host.
Gets the current state of block public access for AMIs at the account level in the specified Amazon Web Services Region.
Gets the default instance metadata service (IMDS) settings that are set at the account level in the specified Amazon Web Services Region.
Gets the public endorsement key associated with the Nitro Trusted Platform Module (NitroTPM) for the specified instance.
Returns a list of instance types with the specified instance attributes.
A binary representation of the UEFI variable store.
Retrieve historical information about a CIDR within an IPAM scope.
Gets IPAM discovered accounts.
Gets the public IP addresses that have been discovered by IPAM.
Returns the resource CIDRs that are monitored as part of a resource discovery.
Get a list of all the CIDR allocations in an IPAM pool.
Get the CIDRs provisioned to an IPAM pool.
Returns resource CIDRs managed by IPAM in a given scope.
Retrieves the configuration data of the specified instance.
Gets information about the resources that are associated with the specified managed prefix list.
Gets information about the entries for a specified managed prefix list.
Gets the findings for the specified Network Access Scope analysis.
Gets the content for the specified Network Access Scope.
Retrieves the encrypted administrator password for a running Windows instance.
Returns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance.
Gets security groups that can be associated by the Amazon Web Services account making the request with network interfaces in the specified VPC.
Retrieves the access status of your account to the EC2 serial console of all instances.
Gets the current state of block public access for snapshots setting for the account and Region.
Calculates the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements.
Gets information about the subnet CIDR reservations.
Lists the route tables to which the specified resource attachment propagates routes.
Gets information about the associations for the transit gateway multicast domain.
Gets a list of the transit gateway policy table associations.
Returns a list of transit gateway policy table entries.
Gets information about the prefix list references in a specified transit gateway route table.
Gets information about the associations for the specified transit gateway route table.
Gets information about the route table propagations for the specified transit gateway route table.
Get the Verified Access policy associated with the endpoint.
Gets the targets for the specified network CIDR endpoint for Verified Access.
Shows the contents of the Verified Access policy associated with the group.
Download an Amazon Web Services-provided sample configuration file to be used with the customer gateway device specified for your Site-to-Site VPN connection.
Obtain a list of customer gateway devices for which sample configuration files can be provided.
Get details of available tunnel endpoint maintenance.
Uploads a client certificate revocation list to the specified Client VPN endpoint.
To import your virtual machines (VMs) with a console-based experience, you can use the Import virtual machine images to Amazon Web Services template in the Migration Hub Orchestrator console.
We recommend that you use the
ImportImage
API instead.
Imports the public key from an RSA or ED25519 key pair that you created using a third-party tool.
Imports a disk into an EBS snapshot.
This API action supports only single-volume VMs.
Lists one or more AMIs that are currently in the Recycle Bin.
Lists one or more snapshots that are currently in the Recycle Bin.
Locks an Amazon EBS snapshot in either governance or compliance mode to protect it against accidental or malicious deletions for a specific duration.
Modifies an attribute of the specified Elastic IP address.
Changes the opt-in status of the specified zone group for your account.
Modifies a Capacity Reservation's capacity, instance eligibility, and the conditions under which it is to be released.
Modifies a Capacity Reservation Fleet.
Modifies the specified Client VPN endpoint.
Modifies the default credit option for CPU usage of burstable performance instances.
Changes the default KMS key for EBS encryption by default for your account in this Region.
Modifies the specified EC2 Fleet.
Modifies the specified attribute of the specified Amazon FPGA Image (AFI).
Modify the auto-placement setting of a Dedicated Host.
Modifies the ID format for the specified resource on a per-Region basis.
Modifies the ID format of a resource for a specified IAM user, IAM role, or the root user for an account; or all IAM users, IAM roles, and the root user for an account.
Modifies the specified attribute of the specified AMI.
Modifies the specified attribute of the specified instance.
Modifies the Capacity Reservation settings for a stopped instance.
By default, all vCPUs for the instance type are active when you launch an instance.
Modifies the credit option for CPU usage on a running or stopped burstable performance instance.
Modifies the start time for a scheduled Amazon EC2 instance event.
Modifies the specified event window.
Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default.
Modifies the default instance metadata service (IMDS) settings at the account level in the specified Amazon Web Services Region.
Modify the instance metadata parameters on a running or stopped instance.
Modifies the placement attributes for a specified instance.
Modify the configurations of an IPAM.
Modify the configurations of an IPAM pool.
Modify a resource CIDR.
Modifies a resource discovery.
Modify an IPAM scope.
Modifies a launch template.
Modifies the specified local gateway route.
Modifies the specified managed prefix list.
Modifies the specified network interface attribute.
Modifies the options for instance hostnames for the specified instance.
Modifies the configuration of your Reserved Instances, such as the Availability Zone, instance count, or instance type.
Modifies the rules of a security group.
Adds or removes permission settings for the specified snapshot.
Archives an Amazon EBS snapshot.
Modifies the specified Spot Fleet request.
Modifies a subnet attribute.
Allows or restricts mirroring network services.
Modifies the specified Traffic Mirror rule.
Modifies a Traffic Mirror session.
Modifies the specified transit gateway.
Modifies a reference (route) to a prefix list in a specified transit gateway route table.
Modifies the specified VPC attachment.
Modifies the configuration of the specified Amazon Web Services Verified Access endpoint.
Modifies the specified Amazon Web Services Verified Access endpoint policy.
Modifies the specified Amazon Web Services Verified Access group configuration.
Modifies the specified Amazon Web Services Verified Access group policy.
Modifies the configuration of the specified Amazon Web Services Verified Access instance.
Modifies the logging configuration for the specified Amazon Web Services Verified Access instance.
Modifies the configuration of the specified Amazon Web Services Verified Access trust provider.
You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity.
Modifies a volume attribute.
Modifies the specified attribute of the specified VPC.
Modify VPC Block Public Access (BPA) exclusions.
Modify VPC Block Public Access (BPA) options.
Modifies attributes of a specified VPC endpoint.
Modifies a connection notification for VPC endpoint or VPC endpoint service.
Modifies the attributes of the specified VPC endpoint service configuration.
Modifies the payer responsibility for your VPC endpoint service.
Modifies the permissions for your VPC endpoint service.
Modifies the VPC peering connection options on one side of a VPC peering connection.
Modifies the instance tenancy attribute of the specified VPC.
Modifies the customer gateway or the target gateway of an Amazon Web Services Site-to-Site VPN connection.
Modifies the connection options for your Site-to-Site VPN connection.
Modifies the VPN tunnel endpoint certificate.
Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN connection.
Enables detailed monitoring for a running instance.
This action is deprecated.
Move a BYOIPv4 CIDR to IPAM from a public IPv4 pool.
Move available capacity from a source Capacity Reservation to a destination Capacity Reservation.
Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool.
Provisions your Autonomous System Number (ASN) for use in your Amazon Web Services account.
Provision a CIDR to an IPAM pool.
Provision a CIDR to a public IPv4 pool.
Purchase the Capacity Block for use with your account.
Purchase the Capacity Block extension for use with your account.
Purchase a reservation with configurations that match those of your Dedicated Host.
Purchases a Reserved Instance for use with your account.
You can no longer purchase Scheduled Instances.
Requests a reboot of the specified instances.
Registers an AMI.
Registers a set of tag keys to include in scheduled event notifications for your resources.
Registers members (network interfaces) with the transit gateway multicast group.
Registers sources (network interfaces) with the specified transit gateway multicast group.
Rejects a request to assign billing of the available capacity of a shared Capacity Reservation to your account.
Rejects a request to associate cross-account subnets with a transit gateway multicast domain.
Rejects a transit gateway peering attachment request.
Rejects a request to attach a VPC to a transit gateway.
Rejects VPC endpoint connection requests to your VPC endpoint service.
Rejects a VPC peering connection request.
Releases the specified Elastic IP address.
When you no longer want to use an On-Demand Dedicated Host it can be released.
Release an allocation within an IPAM pool.
Replaces an IAM instance profile for the specified running instance.
Sets or replaces the criteria for Allowed AMIs.
Changes which network ACL a subnet is associated with.
Replaces an entry (rule) in a network ACL.
Replaces an existing route within a route table in a VPC.
Changes the route table associated with a given subnet, internet gateway, or virtual private gateway in a VPC.
Replaces the specified route in the specified transit gateway route table.
Trigger replacement of specified VPN tunnel.
Submits feedback about the status of an instance.
Creates a Spot Fleet request.
Creates a Spot Instance request.
Resets the attribute of the specified IP address.
Resets the default KMS key for EBS encryption for your account in this Region to the Amazon Web Services managed KMS key for EBS.
Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its default value.
Resets an attribute of an AMI to its default value.
Resets an attribute of an instance to its default value.
Resets a network interface attribute.
Resets permission settings for the specified snapshot.
This action is deprecated.
Restores an AMI from the Recycle Bin.
Restores the entries from a previous version of a managed prefix list to a new version of the prefix list.
Restores a snapshot from the Recycle Bin.
Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore period or restore type for a snapshot that was previously temporarily restored.
Removes an ingress authorization rule from a Client VPN endpoint.
Removes the specified outbound (egress) rules from the specified security group.
Removes the specified inbound (ingress) rules from a security group.
Launches the specified number of instances using an AMI for which you have permissions.
Launches the specified Scheduled Instances.
Searches for routes in the specified local gateway route table.
Searches one or more transit gateway multicast groups and returns the group membership information.
Searches for routes in the specified transit gateway route table.
Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a kernel panic (on Linux instances), or a blue screen/stop error (on Windows instances).
Generates an account status report.
Starts an Amazon EBS-backed instance that you've previously stopped.
Starts analyzing the specified Network Access Scope.
Starts analyzing the specified path.
Initiates the verification process to prove that the service provider owns the private DNS name domain for the endpoint service.
Stops an Amazon EBS-backed instance.
Terminates active Client VPN endpoint connections.
Shuts down the specified instances.
Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a network interface.
Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation prefixes from a network interface.
Unassigns secondary private IPv4 addresses from a private NAT gateway.
Unlocks a snapshot that is locked in governance mode or that is locked in compliance mode but still in the cooling-off period.
Disables detailed monitoring for a running instance.
Updates the description of an egress (outbound) security group rule.
Updates the description of an ingress (inbound) security group rule.
Stops advertising an address range that is provisioned as an address pool.
Link to this section Functions
Accepts an Elastic IP address transfer.
For more information, see Accept a transferred Elastic IP address in the Amazon VPC User Guide.
accept_capacity_reservation_billing_ownership(client, input, options \\ [])
View SourceAccepts a request to assign billing of the available capacity of a shared Capacity Reservation to your account.
For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
accept_reserved_instances_exchange_quote(client, input, options \\ [])
View SourceAccepts the Convertible Reserved Instance exchange quote described in the
GetReservedInstancesExchangeQuote call.
accept_transit_gateway_multicast_domain_associations(client, input, options \\ [])
View SourceAccepts a request to associate subnets with a transit gateway multicast domain.
accept_transit_gateway_peering_attachment(client, input, options \\ [])
View SourceAccepts a transit gateway peering attachment request.
The peering attachment must be
in the pendingAcceptance state.
accept_transit_gateway_vpc_attachment(client, input, options \\ [])
View SourceAccepts a request to attach a VPC to a transit gateway.
The VPC attachment must be in the pendingAcceptance state.
Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment
requests.
Use RejectTransitGatewayVpcAttachment to reject a VPC attachment request.
Accepts connection requests to your VPC endpoint service.
Accept a VPC peering connection request.
To accept a request, the VPC peering connection must
be in the pending-acceptance state, and you must be the owner of the peer VPC.
Use DescribeVpcPeeringConnections to view your outstanding VPC
peering connection requests.
For an inter-Region VPC peering connection request, you must accept the VPC peering connection in the Region of the accepter VPC.
Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).
You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.
We recommend that you stop advertising the BYOIP CIDR from other locations when you advertise it from Amazon Web Services. To minimize down time, you can configure your Amazon Web Services resources to use an address from a BYOIP CIDR before it is advertised, and then simultaneously stop advertising it from the current location and start advertising it through Amazon Web Services.
It can take a few minutes before traffic to the specified addresses starts routing to Amazon Web Services because of BGP propagation delays.
To stop advertising the BYOIP CIDR, use WithdrawByoipCidr.
Allocates an Elastic IP address to your Amazon Web Services account.
After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different Amazon Web Services account.
You can allocate an Elastic IP address from an address pool owned by Amazon Web Services or from an address pool created from a public IPv4 address range that you have brought to Amazon Web Services for use with your Amazon Web Services resources using bring your own IP addresses (BYOIP). For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon EC2 User Guide.
If you release an Elastic IP address, you might be able to recover it. You cannot recover an Elastic IP address that you released after it is allocated to another Amazon Web Services account. To attempt to recover an Elastic IP address that you released, specify it in this operation.
For more information, see Elastic IP Addresses in the Amazon EC2 User Guide.
You can allocate a carrier IP address which is a public IP address from a telecommunication carrier, to a network interface which resides in a subnet in a Wavelength Zone (for example an EC2 instance).
Allocates a Dedicated Host to your account.
At a minimum, specify the supported instance type or instance family, the Availability Zone in which to allocate the host, and the number of hosts to allocate.
Allocate a CIDR from an IPAM pool.
The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations.
In IPAM, an allocation is a CIDR assignment from an IPAM pool to another IPAM pool or to a resource. For more information, see Allocate CIDRs in the Amazon VPC IPAM User Guide.
This action creates an allocation with strong consistency. The returned CIDR will not overlap with any other allocations from the same pool.
apply_security_groups_to_client_vpn_target_network(client, input, options \\ [])
View SourceApplies a security group to the association between the target network and the Client VPN endpoint.
This action replaces the existing security groups with the specified security groups.
Assigns one or more IPv6 addresses to the specified network interface.
You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type.
You must specify either the IPv6 addresses or the IPv6 address count in the request.
You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Assigning prefixes to network interfaces in the Amazon EC2 User Guide.
Assigns one or more secondary private IP addresses to the specified network interface.
You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet's CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon EC2 User Guide.
When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.
Remapping an IP address is an asynchronous operation. When you move an IP
address from one network
interface to another, check network/interfaces/macs/mac/local-ipv4s in the
instance
metadata to confirm that the remapping is complete.
You must specify either the IP addresses or the IP address count in the request.
You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Assigning prefixes to network interfaces in the Amazon EC2 User Guide.
Assigns private IPv4 addresses to a private NAT gateway.
For more information, see Work with NAT gateways in the Amazon VPC User Guide.
Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface.
Before you can use an Elastic IP address, you must allocate it to your account.
If the Elastic IP address is already associated with a different instance, it is disassociated from that instance and associated with the specified instance. If you associate an Elastic IP address with an instance that has an existing Elastic IP address, the existing address is disassociated from the instance, but remains allocated to your account.
[Subnets in Wavelength Zones] You can associate an IP address from the telecommunication carrier to the instance or network interface.
You cannot associate an Elastic IP address with an interface in a different network border group.
This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn't return an error, and you may be charged for each time the Elastic IP address is remapped to the same instance. For more information, see the Elastic IP Addresses section of Amazon EC2 Pricing.
associate_capacity_reservation_billing_owner(client, input, options \\ [])
View SourceInitiates a request to assign billing of the unused capacity of a shared Capacity Reservation to a consumer account that is consolidated under the same Amazon Web Services organizations payer account.
For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
Associates a target network with a Client VPN endpoint.
A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.
If you specified a VPC when you created the Client VPN endpoint or if you have
previous subnet associations, the specified subnet must be in the same VPC. To
specify a subnet that's in a different VPC, you must first modify the Client VPN
endpoint (ModifyClientVpnEndpoint) and change the VPC that's associated with
it.
Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC.
After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don't need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operating system on the instance.
For more information, see DHCP option sets in the Amazon VPC User Guide.
associate_enclave_certificate_iam_role(client, input, options \\ [])
View SourceAssociates an Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate.
This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the Amazon Web Services Nitro Enclaves User Guide.
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 location that only the associated IAM role can access. The private key of the certificate is encrypted with an Amazon Web Services managed key that has an attached attestation-based key policy.
To enable the IAM role to access the Amazon S3 object, you must grant it
permission to call s3:GetObject
on the Amazon S3 bucket returned by the command. To enable the IAM role to
access the KMS key,
you must grant it permission to call kms:Decrypt on the KMS key returned by
the command.
For more information, see
Grant the role permission to access the certificate and encryption
key
in the
Amazon Web Services Nitro Enclaves User Guide.
Associates an IAM instance profile with a running or stopped instance.
You cannot associate more than one IAM instance profile with an instance.
Associates one or more targets with an event window.
Only one type of target (instance IDs, Dedicated Host IDs, or tags) can be specified with an event window.
For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.
Associates your Autonomous System Number (ASN) with a BYOIP CIDR that you own in the same Amazon Web Services Region.
For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
After the association succeeds, the ASN is eligible for advertisement. You can view the association with DescribeByoipCidrs. You can advertise the CIDR with AdvertiseByoipCidr.
Associates an IPAM resource discovery with an Amazon VPC IPAM.
A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Associates Elastic IP addresses (EIPs) and private IPv4 addresses with a public NAT gateway.
For more information, see Work with NAT gateways in the Amazon VPC User Guide.
By default, you can associate up to 2 Elastic IP addresses per public NAT gateway. You can increase the limit by requesting a quota adjustment. For more information, see Elastic IP address quotas in the Amazon VPC User Guide.
When you associate an EIP or secondary EIPs with a public NAT gateway, the network border group of the EIPs must match the network border group of the Availability Zone (AZ) that the public NAT gateway is in. If it's not the same, the EIP will fail to associate. You can see the network border group for the subnet's AZ by viewing the details of the subnet. Similarly, you can view the network border group of an EIP by viewing the details of the EIP address. For more information about network border groups and EIPs, see Allocate an Elastic IP address in the Amazon VPC User Guide.
Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC.
This association causes traffic from the subnet or gateway to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table later. A route table can be associated with multiple subnets.
For more information, see Route tables in the Amazon VPC User Guide.
Associates a security group with another VPC in the same Region.
This enables you to use the same security group with network interfaces and instances in the specified VPC.
The VPC you want to associate the security group with must be in the same Region.
You can associate the security group with another VPC if your account owns the VPC or if the VPC was shared with you.
You must own the security group and the VPC that it was created in.
You cannot use this feature with default security groups.
You cannot use this feature with the default VPC.
Associates a CIDR block with your subnet.
You can only associate a single IPv6 CIDR block with your subnet.
associate_transit_gateway_multicast_domain(client, input, options \\ [])
View SourceAssociates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain.
The transit gateway attachment must be in the available state before you can add a resource. Use DescribeTransitGatewayAttachments to see the state of the attachment.
associate_transit_gateway_policy_table(client, input, options \\ [])
View SourceAssociates the specified transit gateway attachment with a transit gateway policy table.
associate_transit_gateway_route_table(client, input, options \\ [])
View SourceAssociates the specified attachment with the specified transit gateway route table.
You can associate only one route table with an attachment.
Associates a branch network interface with a trunk network interface.
Before you create the association, use
CreateNetworkInterface
command and set the interface type
to trunk. You must also create a network interface for
each branch network interface that you want to associate with the trunk
network interface.
Associates a CIDR block with your VPC.
You can associate a secondary IPv4 CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). You must specify one of the following in the request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR block.
For more information about associating CIDR blocks with your VPC and applicable restrictions, see IP addressing for your VPCs and subnets in the Amazon VPC User Guide.
This action is deprecated.
Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more
of the VPC
security groups. You cannot link an EC2-Classic instance to more than one VPC at
a time. You
can only link an instance that's in the running state. An instance is
automatically unlinked from a VPC when it's stopped - you can link it to the VPC
again when
you restart it.
After you've linked an instance, you cannot change the VPC security groups that are associated with it. To change the security groups, you must first unlink the instance, and then link it again.
Linking your instance to a VPC is sometimes referred to as attaching your instance.
Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC.
For more information, see Internet gateways in the Amazon VPC User Guide.
Attaches a network interface to an instance.
attach_verified_access_trust_provider(client, input, options \\ [])
View SourceAttaches the specified Amazon Web Services Verified Access trust provider to the specified Amazon Web Services Verified Access instance.
Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.
Encrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.
After you attach an EBS volume, you must make it available. For more information, see Make an EBS volume available for use.
If a volume has an Amazon Web Services Marketplace product code:
* The volume can be attached only to a stopped instance.
* Amazon Web Services Marketplace product codes are copied from the volume to the instance.
* You must be subscribed to the product.
* The instance type and operating system of the instance must support the product. For example, you can't detach a volume from a Windows instance and attach it to a Linux instance.
For more information, see Attach an Amazon EBS volume to an instance in the Amazon EBS User Guide.
Attaches an available virtual private gateway to a VPC.
You can attach one virtual private gateway to one VPC at a time.
For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.
Adds an ingress authorization rule to a Client VPN endpoint.
Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in Amazon Web Services or on-premises networks.
Adds the specified outbound (egress) rules to a security group.
An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address ranges, the IP address ranges specified by a prefix list, or the instances that are associated with a source security group. For more information, see Security group rules.
You must specify exactly one of the following destinations: an IPv4 or IPv6 address range, a prefix list, or a security group. You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP type and code.
Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide.
For information about security group quotas, see Amazon VPC quotas in the Amazon VPC User Guide.
Adds the specified inbound (ingress) rules to a security group.
An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see Security group rules.
You must specify exactly one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code.
Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide.
For more information about security group quotas, see Amazon VPC quotas in the Amazon VPC User Guide.
Bundles an Amazon instance store-backed Windows instance.
During bundling, only the root device volume (C:) is bundled. Data on other instance store volumes is not preserved.
This action is not applicable for Linux/Unix instances or Windows instances that are backed by Amazon EBS.
Cancels a bundling operation for an instance store-backed Windows instance.
Cancels the specified Capacity Reservation, releases the reserved capacity, and
changes
the Capacity Reservation's state to cancelled.
You can cancel a Capacity Reservation that is in the following states:
*
assessing
*
active and there is no commitment duration or the commitment
duration has elapsed. You can't cancel a future-dated Capacity Reservation
during the commitment duration.
If a future-dated Capacity Reservation enters the delayed state, the
commitment
duration is waived, and you can cancel it as soon as it enters the active
state.
Instances running in the reserved capacity continue running until you stop them. Stopped instances that target the Capacity Reservation can no longer launch. Modify these instances to either target a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation that has matching attributes and sufficient capacity.
Cancels one or more Capacity Reservation Fleets.
When you cancel a Capacity Reservation Fleet, the following happens:
*
The Capacity Reservation Fleet's status changes to
cancelled.
* The individual Capacity Reservations in the Fleet are cancelled. Instances running in the Capacity Reservations at the time of cancelling the Fleet continue to run in shared capacity.
* The Fleet stops creating new Capacity Reservations.
Cancels an active conversion task.
The task can be the import of an instance or volume. The action removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is in the process of transferring the final disk image, the command fails and returns an exception.
Cancels the generation of an account status report.
You can only cancel a report while it has the running status. Reports
with other statuses (complete, cancelled, or
error) can't be canceled.
For more information, see Generating the account status report for declarative policies in the Amazon Web Services Organizations User Guide.
Cancels an active export task.
The request removes all artifacts of the export, including any partially-created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk image, the command fails and returns an error.
Removes your Amazon Web Services account from the launch permissions for the specified AMI.
For more information, see Cancel having an AMI shared with your Amazon Web Services account in the Amazon EC2 User Guide.
Cancels an in-process import virtual machine or import snapshot task.
Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.
For more information, see Sell in the Reserved Instance Marketplace in the Amazon EC2 User Guide.
Cancels the specified Spot Fleet requests.
After you cancel a Spot Fleet request, the Spot Fleet launches no new instances.
You must also specify whether a canceled Spot Fleet request should terminate its
instances. If you
choose to terminate the instances, the Spot Fleet request enters the
cancelled_terminating state. Otherwise, the Spot Fleet request enters
the cancelled_running state and the instances continue to run until they
are interrupted or you terminate them manually.
restrictions
Restrictions
* You can delete up to 100 fleets in a single request. If you exceed the specified number, no fleets are deleted.
Cancels one or more Spot Instance requests.
Canceling a Spot Instance request does not terminate running Spot Instances associated with the request.
Determines whether a product code is associated with an instance.
This action can only be used by the owner of the product code. It is useful when a product code owner must verify whether another user's instance is eligible for support.
Copies the specified Amazon FPGA Image (AFI) to the current Region.
Initiates an AMI copy operation.
You can copy an AMI from one Region to another, or from a Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask. When you copy an AMI from one Region to another, the destination Region is the current Region.
When you copy an AMI from a Region to an Outpost, specify the ARN of the Outpost as the destination. Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region or the key that you specify. Outposts do not support unencrypted snapshots.
For information about the prerequisites when copying an AMI, see Copy an AMI in the Amazon EC2 User Guide.
Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3.
You can copy a snapshot within the same Region, from one Region to another, or from a Region to an Outpost. You can't copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.
You can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs).
When copying snapshots to a Region, copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted snapshots remain unencrypted, unless you enable encryption for the snapshot copy operation. By default, encrypted snapshot copies use the default KMS key; however, you can specify a different KMS key. To copy an encrypted snapshot that has been shared from another account, you must have permissions for the KMS key used to encrypt the snapshot.
Snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon EBS User Guide.
Snapshots created by copying another snapshot have an arbitrary volume ID that should not be used for any purpose.
For more information, see Copy an Amazon EBS snapshot in the Amazon EBS User Guide.
Creates a new Capacity Reservation with the specified attributes.
Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration.
You can create a Capacity Reservation at any time, and you can choose when it starts. You can create a Capacity Reservation for immediate use or you can request a Capacity Reservation for a future date.
For more information, see Reserve compute capacity with On-Demand Capacity Reservations in the Amazon EC2 User Guide.
Your request to create a Capacity Reservation could fail if:
* Amazon EC2 does not have sufficient capacity. In this case, try again at a later time, try in a different Availability Zone, or request a smaller Capacity Reservation. If your workload is flexible across instance types and sizes, try with different instance attributes.
The requested quantity exceeds your On-Demand Instance quota. In this case, increase your On-Demand Instance quota for the requested instance type and try again. For more information, see Amazon EC2 Service Quotas in the Amazon EC2 User Guide*.
create_capacity_reservation_by_splitting(client, input, options \\ [])
View SourceCreate a new Capacity Reservation by splitting the capacity of the source Capacity Reservation.
The new Capacity Reservation will have the same attributes as the source
Capacity Reservation except for tags. The source Capacity Reservation must be
active and owned by your Amazon Web Services account.
Creates a Capacity Reservation Fleet.
For more information, see Create a Capacity Reservation Fleet in the Amazon EC2 User Guide.
Creates a carrier gateway.
For more information about carrier gateways, see Carrier gateways in the Amazon Web Services Wavelength Developer Guide.
Creates a Client VPN endpoint.
A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated.
Adds a route to a network to a Client VPN endpoint.
Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks.
Creates a range of customer-owned IP addresses.
Creates a pool of customer-owned IP (CoIP) addresses.
Provides information to Amazon Web Services about your customer gateway device.
The customer gateway device is the appliance at your end of the VPN connection. You must provide the IP address of the customer gateway device’s external interface. The IP address must be static and can be behind a device performing network address translation (NAT).
For devices that use Border Gateway Protocol (BGP), you can also provide the device's BGP Autonomous System Number (ASN). You can use an existing ASN assigned to your network. If you don't have an ASN already, you can use a private ASN. For more information, see Customer gateway options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.
To create more than one customer gateway with the same VPN type, IP address, and BGP ASN, specify a unique device name for each customer gateway. An identical request returns information about the existing customer gateway; it doesn't create a new customer gateway.
Creates a default subnet with a size /20 IPv4 CIDR block in the
specified Availability Zone in your default VPC.
You can have only one default subnet per Availability Zone. For more information, see Create a default subnet in the Amazon VPC User Guide.
Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet
in each Availability Zone.
For more information about the components of a default VPC, see Default VPCs in the Amazon VPC User Guide. You cannot specify the components of the default VPC yourself.
If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region.
Creates a custom set of DHCP options.
After you create a DHCP option set, you associate it with a VPC. After you associate a DHCP option set with a VPC, all existing and newly launched instances in the VPC use this set of DHCP options.
The following are the individual DHCP options you can specify. For more information, see DHCP option sets in the Amazon VPC User Guide.
*
domain-name - If you're using AmazonProvidedDNS in us-east-1,
specify ec2.internal. If you're using AmazonProvidedDNS in any other Region,
specify region.compute.internal. Otherwise, specify a custom domain name.
This value is used to complete unqualified DNS hostnames.
Some Linux operating systems accept multiple domain names separated by spaces. However, Windows and other Linux operating systems treat the value as a single domain, which results in unexpected behavior. If your DHCP option set is associated with a VPC that has instances running operating systems that treat the value as a single domain, specify only one domain name.
*
domain-name-servers - The IP addresses of up to four DNS servers,
or AmazonProvidedDNS. To specify multiple domain name servers in a single
parameter,
separate the IP addresses using commas. To have your instances receive custom
DNS
hostnames as specified in domain-name, you must specify a custom DNS
server.
*
ntp-servers - The IP addresses of up to eight Network Time Protocol (NTP)
servers (four IPv4 addresses and four IPv6 addresses).
*
netbios-name-servers - The IP addresses of up to four NetBIOS name
servers.
*
netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We recommend that
you specify 2. Broadcast and multicast are not supported. For more information
about
NetBIOS node types, see RFC 2132.
*
ipv6-address-preferred-lease-time - A value (in seconds, minutes, hours, or
years) for how frequently a running instance with an IPv6 assigned to it goes
through DHCPv6 lease renewal.
Acceptable values are between 140 and 2147483647 seconds (approximately 68
years). If no value is entered, the default lease time is 140 seconds. If you
use long-term addressing for EC2 instances, you can increase the lease time and
avoid frequent
lease renewal requests. Lease renewal typically occurs when half of the lease
time has elapsed.
[IPv6 only] Creates an egress-only internet gateway for your VPC.
An egress-only internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.
Creates an EC2 Fleet that contains the configuration information for On-Demand Instances and Spot Instances.
Instances are launched immediately if there is available capacity.
A single EC2 Fleet can include multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.
For more information, see EC2 Fleet in the Amazon EC2 User Guide.
Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC.
Flow log data for a monitored network interface is recorded as flow log records, which are log events consisting of fields that describe the traffic flow. For more information, see Flow log records in the Amazon VPC User Guide.
When publishing to CloudWatch Logs, flow log records are published to a log group, and each network interface has a unique log stream in the log group. When publishing to Amazon S3, flow log records for all of the monitored network interfaces are published to a single log file object that is stored in the specified bucket.
For more information, see VPC Flow Logs in the Amazon VPC User Guide.
Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).
The create operation is asynchronous. To verify that the AFI is ready for use, check the output logs.
An AFI contains the FPGA bitstream that is ready to download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated instances. For more information, see the Amazon Web Services FPGA Hardware Development Kit.
Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.
If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes.
For more information, see Create an Amazon EBS-backed Linux AMI in the Amazon Elastic Compute Cloud User Guide.
Creates an EC2 Instance Connect Endpoint.
An EC2 Instance Connect Endpoint allows you to connect to an instance, without requiring the instance to have a public IPv4 address. For more information, see Connect to your instances without requiring a public IPv4 address using EC2 Instance Connect Endpoint in the Amazon EC2 User Guide.
Creates an event window in which scheduled events for the associated Amazon EC2 instances can run.
You can define either a set of time ranges or a cron expression when creating the event window, but not both. All event window times are in UTC.
You can create up to 200 event windows per Amazon Web Services Region.
When you create the event window, targets (instance IDs, Dedicated Host IDs, or
tags)
are not yet associated with it. To ensure that the event window can be used, you
must
associate one or more targets with it by using the
AssociateInstanceEventWindow API.
Event windows are applicable only for scheduled events that stop, reboot, or terminate instances.
Event windows are not applicable for:
Expedited scheduled events and network maintenance events.
Unscheduled maintenance such as AutoRecovery and unplanned reboots.
For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.
Exports a running or stopped instance to an Amazon S3 bucket.
For information about the prerequisites for your Amazon S3 bucket, supported operating systems, image formats, and known limitations for the types of instances you can export, see Exporting an instance as a VM Using VM Import/Export in the VM Import/Export User Guide.
Creates an internet gateway for use with a VPC.
After creating the internet gateway,
you attach it to a VPC using AttachInternetGateway.
For more information, see Internet gateways in the Amazon VPC User Guide.
Create an IPAM.
Amazon VPC IP Address Manager (IPAM) is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization.
For more information, see Create an IPAM in the Amazon VPC IPAM User Guide.
create_ipam_external_resource_verification_token(client, input, options \\ [])
View SourceCreate a verification token.
A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
Create an IP address pool for Amazon VPC IP Address Manager (IPAM).
In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.
For more information, see Create a top-level pool in the Amazon VPC IPAM User Guide.
Creates an IPAM resource discovery.
A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Create an IPAM scope.
In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.
For more information, see Add a scope in the Amazon VPC IPAM User Guide.
Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified format.
Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.
The key pair returned to you is available only in the Amazon Web Services Region
in which you create it.
If you prefer, you can create your own key pair using a third-party tool and
upload it
to any Region using ImportKeyPair.
You can have up to 5,000 key pairs per Amazon Web Services Region.
For more information, see Amazon EC2 key pairs in the Amazon EC2 User Guide.
Creates a launch template.
A launch template contains the parameters to launch an instance. When you launch
an
instance using RunInstances, you can specify a launch template instead
of providing the launch parameters in the request. For more information, see
Launch an instance from a launch
template
in the
Amazon EC2 User Guide.
To clone an existing launch template as the basis for a new launch template, use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more information, see Create a launch template from an existing launch template in the Amazon EC2 User Guide.
Creates a new version of a launch template.
You must specify an existing launch template, either by name or ID. You can determine whether the new version inherits parameters from a source version, and add or overwrite parameters as needed.
Launch template versions are numbered in the order in which they are created. You can't specify, change, or replace the numbering of launch template versions.
Launch templates are immutable; after you create a launch template, you can't modify it. Instead, you can create a new version of the launch template that includes the changes that you require.
For more information, see Modify a launch template (manage launch template versions) in the Amazon EC2 User Guide.
Creates a static route for the specified local gateway route table.
You must specify one of the following targets:
*
LocalGatewayVirtualInterfaceGroupId
*
NetworkInterfaceId
Creates a local gateway route table.
create_local_gateway_route_table_virtual_interface_group_association(client, input, options \\ [])
View SourceCreates a local gateway route table virtual interface group association.
create_local_gateway_route_table_vpc_association(client, input, options \\ [])
View SourceAssociates the specified VPC with the specified local gateway route table.
Creates a managed prefix list.
You can specify one or more entries for the prefix list. Each entry consists of a CIDR block and an optional description.
Creates a NAT gateway in the specified subnet.
This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. You can create either a public NAT gateway or a private NAT gateway.
With a public NAT gateway, internet-bound traffic from a private subnet can be routed to the NAT gateway, so that instances in a private subnet can connect to the internet.
With a private NAT gateway, private communication is routed across VPCs and on-premises networks through a transit gateway or virtual private gateway. Common use cases include running large workloads behind a small pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and communicating between overlapping networks.
For more information, see NAT gateways in the Amazon VPC User Guide.
When you create a public NAT gateway and assign it an EIP or secondary EIPs, the network border group of the EIPs must match the network border group of the Availability Zone (AZ) that the public NAT gateway is in. If it's not the same, the NAT gateway will fail to launch. You can see the network border group for the subnet's AZ by viewing the details of the subnet. Similarly, you can view the network border group of an EIP by viewing the details of the EIP address. For more information about network border groups and EIPs, see Allocate an Elastic IP address in the Amazon VPC User Guide.
Creates a network ACL in a VPC.
Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC.
For more information, see Network ACLs in the Amazon VPC User Guide.
Creates an entry (a rule) in a network ACL with the specified rule number.
Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules.
We recommend that you leave room between the rule numbers (for example, 100, 110, 120, ...), and not number them one right after the other (for example, 101, 102, 103, ...). This makes it easier to add a rule between existing ones without having to renumber the rules.
After you add an entry, you can't modify it; you must either replace it, or create an entry and delete the old one.
For more information about network ACLs, see Network ACLs in the Amazon VPC User Guide.
create_network_insights_access_scope(client, input, options \\ [])
View SourceCreates a Network Access Scope.
Amazon Web Services Network Access Analyzer enables cloud networking and cloud operations teams to verify that their networks on Amazon Web Services conform to their network security and governance objectives. For more information, see the Amazon Web Services Network Access Analyzer Guide.
Creates a path to analyze for reachability.
Reachability Analyzer enables you to analyze and debug network reachability between two resources in your virtual private cloud (VPC). For more information, see the Reachability Analyzer Guide.
Creates a network interface in the specified subnet.
The number of IP addresses you can assign to a network interface varies by instance type.
For more information about network interfaces, see Elastic network interfaces in the Amazon EC2 User Guide.
Grants an Amazon Web Services-authorized account permission to attach the specified network interface to an instance in their account.
You can grant permission to a single Amazon Web Services account only, and only one account at a time.
Creates a placement group in which to launch instances.
The strategy of the placement group determines how the instances are organized within the group.
A cluster placement group is a logical grouping of instances within a
single Availability Zone that benefit from low network latency, high network
throughput.
A spread placement group places instances on distinct hardware. A
partition placement group places groups of instances in different
partitions, where instances in one partition do not share the same hardware with
instances in another partition.
For more information, see Placement groups in the Amazon EC2 User Guide.
Creates a public IPv4 address pool.
A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only. To monitor the status of pool creation, use DescribePublicIpv4Pools.
Replaces the EBS-backed root volume for a running instance with a new
volume that is restored to the original root volume's launch state, that is
restored to a
specific snapshot taken from the original root volume, or that is restored from
an AMI
that has the same key characteristics as that of the instance.
For more information, see Replace a root volume in the Amazon EC2 User Guide.
Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace.
You can submit one Standard Reserved Instance listing at a time. To get a list
of your
Standard Reserved Instances, you can use the DescribeReservedInstances
operation.
Only Standard Reserved Instances can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances cannot be sold.
The Reserved Instance Marketplace matches sellers who want to resell Standard Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.
To sell your Standard Reserved Instances, you must first register as a seller in
the Reserved Instance
Marketplace. After completing the registration process, you can create a
Reserved Instance
Marketplace listing of some or all of your Standard Reserved Instances, and
specify the upfront price
to receive for them. Your Standard Reserved Instance listings then become
available for purchase. To
view the details of your Standard Reserved Instance listing, you can use the
DescribeReservedInstancesListings operation.
For more information, see Sell in the Reserved Instance Marketplace in the Amazon EC2 User Guide.
Starts a task that restores an AMI from an Amazon S3 object that was previously created by using CreateStoreImageTask. To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon EC2 User Guide.
For more information, see Store and restore an AMI using Amazon S3 in the Amazon EC2 User Guide.
Creates a route in a route table within a VPC.
You must specify either a destination CIDR block or a prefix list ID. You must also specify exactly one of the resources from the parameter list.
When determining how to route traffic, we use the route with the most specific
match.
For example, traffic is destined for the IPv4 address 192.0.2.3, and the
route table includes the following two IPv4 routes:
*
192.0.2.0/24 (goes to some target A)
*
192.0.2.0/28 (goes to some target B)
Both routes apply to the traffic destined for 192.0.2.3. However, the second
route
in the list covers a smaller number of IP addresses and is therefore more
specific,
so we use that route to determine where to target the traffic.
For more information about route tables, see Route tables in the Amazon VPC User Guide.
Creates a route table for the specified VPC.
After you create a route table, you can add routes and associate the table with a subnet.
For more information, see Route tables in the Amazon VPC User Guide.
Creates a security group.
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see Amazon EC2 security groups in the Amazon EC2 User Guide and Security groups for your VPC in the Amazon VPC User Guide.
When you create a security group, you specify a friendly name of your choice. You can't have two security groups for the same VPC with the same name.
You have a default security group for use in your VPC. If you don't specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other.
You can add or remove rules from your security groups using
AuthorizeSecurityGroupIngress,
AuthorizeSecurityGroupEgress,
RevokeSecurityGroupIngress, and
RevokeSecurityGroupEgress.
For more information about VPC security group limits, see Amazon VPC Limits.
Creates a snapshot of an EBS volume and stores it in Amazon S3.
You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance.
You can create snapshots of volumes in a Region and volumes on an Outpost. If you create a snapshot of a volume in a Region, the snapshot must be stored in the same Region as the volume. If you create a snapshot of a volume on an Outpost, the snapshot can be stored on the same Outpost as the volume, or in the Region for that Outpost.
When a snapshot is created, any Amazon Web Services Marketplace product codes that are associated with the source volume are propagated to the snapshot.
You can take a snapshot of an attached volume that is in use. However, snapshots
only
capture data that has been written to your Amazon EBS volume at the time the
snapshot command is
issued; this might exclude any data that has been cached by any applications or
the operating
system. If you can pause any file systems on the volume long enough to take a
snapshot, your
snapshot should be complete. However, if you cannot pause all file writes to the
volume, you
should unmount the volume from within the instance, issue the snapshot command,
and then
remount the volume to ensure a consistent and complete snapshot. You may remount
and use your
volume while the snapshot status is pending.
When you create a snapshot for an EBS volume that serves as a root device, we recommend that you stop the instance before taking the snapshot.
Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted. Your encrypted volumes and any associated snapshots always remain protected.
You can tag your snapshots during creation. For more information, see Tag your Amazon EC2 resources in the Amazon EC2 User Guide.
For more information, see Amazon EBS and Amazon EBS encryption in the Amazon EBS User Guide.
Creates crash-consistent snapshots of multiple EBS volumes and stores the data in S3.
Volumes are chosen by specifying an instance. Any attached volumes will produce one snapshot each that is crash-consistent across the instance.
You can include all of the volumes currently attached to the instance, or you can exclude the root volume or specific data (non-root) volumes from the multi-volume snapshot set.
You can create multi-volume snapshots of instances in a Region and instances on an Outpost. If you create snapshots from an instance in a Region, the snapshots must be stored in the same Region as the instance. If you create snapshots from an instance on an Outpost, the snapshots can be stored on the same Outpost as the instance, or in the Region for that Outpost.
Creates a data feed for Spot Instances, enabling you to view Spot Instance usage logs.
You can create one data feed per Amazon Web Services account. For more information, see Spot Instance data feed in the Amazon EC2 User Guide.
Stores an AMI as a single object in an Amazon S3 bucket.
To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon EC2 User Guide.
For more information, see Store and restore an AMI using Amazon S3 in the Amazon EC2 User Guide.
Creates a subnet in the specified VPC.
For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block.
A subnet CIDR block must not overlap the CIDR block of an existing subnet in the VPC. After you create a subnet, you can't change its CIDR block.
The allowed size for an IPv4 subnet is between a /28 netmask (16 IP addresses) and a /16 netmask (65,536 IP addresses). Amazon Web Services reserves both the first four and the last IPv4 address in each subnet's CIDR block. They're not available for your use.
If you've associated an IPv6 CIDR block with your VPC, you can associate an IPv6 CIDR block with a subnet when you create it.
If you add more than one subnet to a VPC, they're set up in a star topology with a logical router in the middle.
When you stop an instance in a subnet, it retains its private IPv4 address. It's therefore possible to have a subnet with no running instances (they're all stopped), but no remaining IP addresses available.
For more information, see Subnets in the Amazon VPC User Guide.
Creates a subnet CIDR reservation.
For more information, see Subnet CIDR reservations in the Amazon VPC User Guide and Manage prefixes for your network interfaces in the Amazon EC2 User Guide.
Adds or overwrites only the specified tags for the specified Amazon EC2 resource or resources.
When you specify an existing tag key, the value is overwritten with the new value. Each resource can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique per resource.
For more information about tags, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide. For more information about creating IAM policies that control users' access to resources based on tags, see Supported resource-level permissions for Amazon EC2 API actions in the Amazon Elastic Compute Cloud User Guide.
Creates a Traffic Mirror filter.
A Traffic Mirror filter is a set of rules that defines the traffic to mirror.
By default, no traffic is mirrored. To mirror traffic, use CreateTrafficMirrorFilterRule to add Traffic Mirror rules to the filter. The rules you add define what traffic gets mirrored. You can also use ModifyTrafficMirrorFilterNetworkServices to mirror supported network services.
Creates a Traffic Mirror filter rule.
A Traffic Mirror rule defines the Traffic Mirror source traffic to mirror.
You need the Traffic Mirror filter ID when you create the rule.
Creates a Traffic Mirror session.
A Traffic Mirror session actively copies packets from a Traffic Mirror source to a Traffic Mirror target. Create a filter, and then assign it to the session to define a subset of the traffic to mirror, for example all TCP traffic.
The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in a different VPC connected via VPC peering or a transit gateway.
By default, no traffic is mirrored. Use CreateTrafficMirrorFilter to create filter rules that specify the traffic to mirror.
Creates a target for your Traffic Mirror session.
A Traffic Mirror target is the destination for mirrored traffic. The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in different VPCs connected via VPC peering or a transit gateway.
A Traffic Mirror target can be a network interface, a Network Load Balancer, or a Gateway Load Balancer endpoint.
To use the target in a Traffic Mirror session, use CreateTrafficMirrorSession.
Creates a transit gateway.
You can use a transit gateway to interconnect your virtual private clouds (VPC)
and on-premises networks.
After the transit gateway enters the available state, you can attach your VPCs
and VPN
connections to the transit gateway.
To attach your VPCs, use CreateTransitGatewayVpcAttachment.
To attach a VPN connection, use CreateCustomerGateway to create a customer
gateway and specify the ID of the customer gateway and the ID of the transit
gateway in a call to
CreateVpnConnection.
When you create a transit gateway, we create a default transit gateway route
table and use it as the default association route table
and the default propagation route table. You can use
CreateTransitGatewayRouteTable to create
additional transit gateway route tables. If you disable automatic route
propagation, we do not create a default transit gateway route table.
You can use EnableTransitGatewayRouteTablePropagation to propagate routes from
a resource
attachment to a transit gateway route table. If you disable automatic
associations, you can use AssociateTransitGatewayRouteTable to associate a
resource attachment with a transit gateway route table.
Creates a Connect attachment from a specified transit gateway attachment.
A Connect attachment is a GRE-based tunnel attachment that you can use to establish a connection between a transit gateway and an appliance.
A Connect attachment uses an existing VPC or Amazon Web Services Direct Connect attachment as the underlying transport mechanism.
Creates a Connect peer for a specified transit gateway Connect attachment between a transit gateway and an appliance.
The peer address and transit gateway address must be the same IP address family (IPv4 or IPv6).
For more information, see Connect peers in the Amazon Web Services Transit Gateways Guide.
create_transit_gateway_multicast_domain(client, input, options \\ [])
View SourceCreates a multicast domain using the specified transit gateway.
The transit gateway must be in the available state before you create a domain. Use DescribeTransitGateways to see the state of transit gateway.
create_transit_gateway_peering_attachment(client, input, options \\ [])
View SourceRequests a transit gateway peering attachment between the specified transit gateway (requester) and a peer transit gateway (accepter).
The peer transit gateway can be in your account or a different Amazon Web Services account.
After you create the peering attachment, the owner of the accepter transit gateway must accept the attachment request.
Creates a transit gateway policy table.
create_transit_gateway_prefix_list_reference(client, input, options \\ [])
View SourceCreates a reference (route) to a prefix list in a specified transit gateway route table.
Creates a static route for the specified transit gateway route table.
Creates a route table for the specified transit gateway.
create_transit_gateway_route_table_announcement(client, input, options \\ [])
View SourceAdvertises a new transit gateway route table.
create_transit_gateway_vpc_attachment(client, input, options \\ [])
View SourceAttaches the specified VPC to the specified transit gateway.
If you attach a VPC with a CIDR range that overlaps the CIDR range of a VPC that is already attached, the new VPC CIDR range is not propagated to the default propagation route table.
To send VPC traffic to an attached transit gateway, add a route to the VPC route
table using CreateRoute.
An Amazon Web Services Verified Access endpoint is where you define your application along with an optional endpoint-level access policy.
An Amazon Web Services Verified Access group is a collection of Amazon Web Services Verified Access endpoints who's associated applications have similar security requirements.
Each instance within a Verified Access group shares an Verified Access policy. For example, you can group all Verified Access instances associated with "sales" applications together and use one common Verified Access policy.
An Amazon Web Services Verified Access instance is a regional entity that evaluates application requests and grants access only when your security requirements are met.
create_verified_access_trust_provider(client, input, options \\ [])
View SourceA trust provider is a third-party entity that creates, maintains, and manages identity information for users and devices.
When an application request is made, the identity information sent by the trust provider is evaluated by Verified Access before allowing or denying the application request.
Creates an EBS volume that can be attached to an instance in the same Availability Zone.
You can create a new empty volume or restore a volume from an EBS snapshot. Any Amazon Web Services Marketplace product codes from the snapshot are propagated to the volume.
You can create encrypted volumes. Encrypted volumes must be attached to instances that support Amazon EBS encryption. Volumes that are created from encrypted snapshots are also automatically encrypted. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.
You can tag your volumes during creation. For more information, see Tag your Amazon EC2 resources in the Amazon EC2 User Guide.
For more information, see Create an Amazon EBS volume in the Amazon EBS User Guide.
Creates a VPC with the specified CIDR blocks.
For more information, see IP addressing for your VPCs and subnets in the Amazon VPC User Guide.
You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). By default, each instance that you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP option sets in the Amazon VPC User Guide.
You can specify the instance tenancy value for the VPC when you create it. You can't change this value for the VPC after you create it. For more information, see Dedicated Instances in the Amazon EC2 User Guide.
create_vpc_block_public_access_exclusion(client, input, options \\ [])
View SourceCreate a VPC Block Public Access (BPA) exclusion.
A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
Creates a VPC endpoint.
A VPC endpoint provides a private connection between the specified VPC and the specified endpoint service. You can use an endpoint service provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or another Amazon Web Services account. For more information, see the Amazon Web Services PrivateLink User Guide.
create_vpc_endpoint_connection_notification(client, input, options \\ [])
View SourceCreates a connection notification for a specified VPC endpoint or VPC endpoint service.
A connection notification notifies you of specific endpoint events. You must create an SNS topic to receive notifications. For more information, see Creating an Amazon SNS topic in the Amazon SNS Developer Guide.
You can create a connection notification for interface endpoints only.
create_vpc_endpoint_service_configuration(client, input, options \\ [])
View SourceCreates a VPC endpoint service to which service consumers (Amazon Web Services accounts, users, and IAM roles) can connect.
Before you create an endpoint service, you must create one of the following for your service:
* A Network Load Balancer. Service consumers connect to your service using an interface endpoint.
* A Gateway Load Balancer. Service consumers connect to your service using a Gateway Load Balancer endpoint.
If you set the private DNS name, you must prove that you own the private DNS domain name.
For more information, see the Amazon Web Services PrivateLink Guide.
Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection.
The accepter VPC can belong to another Amazon Web Services account and can be in a different Region to the requester VPC. The requester VPC and accepter VPC cannot have overlapping CIDR blocks.
Limitations and rules apply to a VPC peering connection. For more information, see the VPC peering limitations in the VPC Peering Guide.
The owner of the accepter VPC must accept the peering request to activate the peering connection. The VPC peering connection request expires after 7 days, after which it cannot be accepted or rejected.
If you create a VPC peering connection request between VPCs with overlapping
CIDR
blocks, the VPC peering connection has a status of failed.
Creates a VPN connection between an existing virtual private gateway or transit gateway and a customer gateway.
The supported connection type is
ipsec.1.
The response includes information that you need to give to your network administrator to configure your customer gateway.
We strongly recommend that you use HTTPS when calling this operation because the response contains sensitive cryptographic information for configuring your customer gateway device.
If you decide to shut down your VPN connection for any reason and later create a new VPN connection, you must reconfigure your customer gateway with the new information returned from this call.
This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn't return an error.
For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.
Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway.
The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.
For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.
Creates a virtual private gateway.
A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself.
For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.
Deletes a carrier gateway.
If you do not delete the route that contains the carrier gateway as the Target, the route is a blackhole route. For information about how to delete a route, see DeleteRoute.
Deletes the specified Client VPN endpoint.
You must disassociate all target networks before you can delete a Client VPN endpoint.
Deletes a route from a Client VPN endpoint.
You can only delete routes that you manually added using the CreateClientVpnRoute action. You cannot delete routes that were automatically added when associating a subnet. To remove routes that have been automatically added, disassociate the target subnet from the Client VPN endpoint.
Deletes a range of customer-owned IP addresses.
Deletes a pool of customer-owned IP (CoIP) addresses.
Deletes the specified customer gateway.
You must delete the VPN connection before you can delete the customer gateway.
Deletes the specified set of DHCP options.
You must disassociate the set of DHCP options before you can delete it. You can disassociate the set of DHCP options by associating either a new set of options or the default set of options with the VPC.
Deletes an egress-only internet gateway.
Deletes the specified EC2 Fleets.
After you delete an EC2 Fleet, it launches no new instances.
You must also specify whether a deleted EC2 Fleet should terminate its
instances. If you
choose to terminate the instances, the EC2 Fleet enters the
deleted_terminating
state. Otherwise, the EC2 Fleet enters the deleted_running state, and the
instances
continue to run until they are interrupted or you terminate them manually.
For instant fleets, EC2 Fleet must terminate the instances when the fleet is
deleted. Up to 1000 instances can be terminated in a single request to delete
instant fleets. A deleted instant fleet with running instances
is not supported.
restrictions
Restrictions
*
You can delete up to 25 fleets of type instant in a single
request.
*
You can delete up to 100 fleets of type maintain or
request in a single request.
* You can delete up to 125 fleets in a single request, provided you do not exceed the quota for each fleet type, as specified above.
* If you exceed the specified number of fleets to delete, no fleets are deleted.
For more information, see Delete an EC2 Fleet in the Amazon EC2 User Guide.
Deletes one or more flow logs.
Deletes the specified Amazon FPGA Image (AFI).
Deletes the specified EC2 Instance Connect Endpoint.
Deletes the specified event window.
For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.
Deletes the specified internet gateway.
You must detach the internet gateway from the VPC before you can delete it.
Delete an IPAM.
Deleting an IPAM removes all monitored data associated with the IPAM including the historical data for CIDRs.
For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide.
delete_ipam_external_resource_verification_token(client, input, options \\ [])
View SourceDelete a verification token.
A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
Delete an IPAM pool.
You cannot delete an IPAM pool if there are allocations in it or CIDRs provisioned to it. To release allocations, see ReleaseIpamPoolAllocation. To deprovision pool CIDRs, see DeprovisionIpamPoolCidr.
For more information, see Delete a pool in the Amazon VPC IPAM User Guide.
Deletes an IPAM resource discovery.
A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Delete the scope for an IPAM.
You cannot delete the default scopes.
For more information, see Delete a scope in the Amazon VPC IPAM User Guide.
Deletes the specified key pair, by removing the public key from Amazon EC2.
Deletes a launch template.
Deleting a launch template deletes all of its versions.
Deletes one or more versions of a launch template.
You can't delete the default version of a launch template; you must first assign
a
different version as the default. If the default version is the only version for
the
launch template, you must delete the entire launch template using
DeleteLaunchTemplate.
You can delete up to 200 launch template versions in a single request. To delete
more
than 200 versions in a single request, use DeleteLaunchTemplate, which
deletes the launch template and all of its versions.
For more information, see Delete a launch template version in the Amazon EC2 User Guide.
Deletes the specified route from the specified local gateway route table.
Deletes a local gateway route table.
delete_local_gateway_route_table_virtual_interface_group_association(client, input, options \\ [])
View SourceDeletes a local gateway route table virtual interface group association.
delete_local_gateway_route_table_vpc_association(client, input, options \\ [])
View SourceDeletes the specified association between a VPC and local gateway route table.
Deletes the specified managed prefix list.
You must first remove all references to the prefix list in your resources.
Deletes the specified NAT gateway.
Deleting a public NAT gateway disassociates its Elastic IP address, but does not release the address from your account. Deleting a NAT gateway does not delete any NAT gateway routes in your route tables.
Deletes the specified network ACL.
You can't delete the ACL if it's associated with any subnets. You can't delete the default network ACL.
Deletes the specified ingress or egress entry (rule) from the specified network ACL.
delete_network_insights_access_scope(client, input, options \\ [])
View SourceDeletes the specified Network Access Scope.
delete_network_insights_access_scope_analysis(client, input, options \\ [])
View SourceDeletes the specified Network Access Scope analysis.
Deletes the specified network insights analysis.
Deletes the specified path.
Deletes the specified network interface.
You must detach the network interface before you can delete it.
Deletes a permission for a network interface.
By default, you cannot delete the permission if the account for which you're removing the permission has attached the network interface to an instance. However, you can force delete the permission, regardless of any attachment.
Deletes the specified placement group.
You must terminate all instances in the placement group before you can delete the placement group. For more information, see Placement groups in the Amazon EC2 User Guide.
Delete a public IPv4 pool.
A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only.
Deletes the queued purchases for the specified Reserved Instances.
Deletes the specified route from the specified route table.
Deletes the specified route table.
You must disassociate the route table from any subnets before you can delete it. You can't delete the main route table.
Deletes a security group.
If you attempt to delete a security group that is associated with an instance or
network interface, is
referenced by another security group in the same VPC, or has a VPC association,
the operation fails with
DependencyViolation.
Deletes the specified snapshot.
When you make periodic snapshots of a volume, the snapshots are incremental, and only the blocks on the device that have changed since your last snapshot are saved in the new snapshot. When you delete a snapshot, only the data not needed for any other snapshot is removed. So regardless of which prior snapshots have been deleted, all active snapshots will have access to all the information needed to restore the volume.
You cannot delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first de-register the AMI before you can delete the snapshot.
For more information, see Delete an Amazon EBS snapshot in the Amazon EBS User Guide.
Deletes the data feed for Spot Instances.
Deletes the specified subnet.
You must terminate all running instances in the subnet before you can delete the subnet.
Deletes a subnet CIDR reservation.
Deletes the specified set of tags from the specified set of resources.
To list the current tags, use DescribeTags. For more information about
tags, see Tag your Amazon EC2
resources
in the Amazon Elastic Compute Cloud User
Guide.
Deletes the specified Traffic Mirror filter.
You cannot delete a Traffic Mirror filter that is in use by a Traffic Mirror session.
Deletes the specified Traffic Mirror rule.
Deletes the specified Traffic Mirror session.
Deletes the specified Traffic Mirror target.
You cannot delete a Traffic Mirror target that is in use by a Traffic Mirror session.
Deletes the specified transit gateway.
Deletes the specified Connect attachment.
You must first delete any Connect peers for the attachment.
Deletes the specified Connect peer.
delete_transit_gateway_multicast_domain(client, input, options \\ [])
View SourceDeletes the specified transit gateway multicast domain.
delete_transit_gateway_peering_attachment(client, input, options \\ [])
View SourceDeletes a transit gateway peering attachment.
Deletes the specified transit gateway policy table.
delete_transit_gateway_prefix_list_reference(client, input, options \\ [])
View SourceDeletes a reference (route) to a prefix list in a specified transit gateway route table.
Deletes the specified route from the specified transit gateway route table.
Deletes the specified transit gateway route table.
If there are any route tables associated with
the transit gateway route table, you must first run DisassociateRouteTable
before you can delete the transit gateway route table. This removes any route
tables associated with the transit gateway route table.
delete_transit_gateway_route_table_announcement(client, input, options \\ [])
View SourceAdvertises to the transit gateway that a transit gateway route table is deleted.
delete_transit_gateway_vpc_attachment(client, input, options \\ [])
View SourceDeletes the specified VPC attachment.
Delete an Amazon Web Services Verified Access endpoint.
Delete an Amazon Web Services Verified Access group.
Delete an Amazon Web Services Verified Access instance.
delete_verified_access_trust_provider(client, input, options \\ [])
View SourceDelete an Amazon Web Services Verified Access trust provider.
Deletes the specified EBS volume.
The volume must be in the available state
(not attached to an instance).
The volume can remain in the deleting state for several minutes.
For more information, see Delete an Amazon EBS volume in the Amazon EBS User Guide.
Deletes the specified VPC.
You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on. When you delete the VPC, it deletes the default security group, network ACL, and route table for the VPC.
If you created a flow log for the VPC that you are deleting, note that flow logs for deleted VPCs are eventually automatically removed.
delete_vpc_block_public_access_exclusion(client, input, options \\ [])
View SourceDelete a VPC Block Public Access (BPA) exclusion.
A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
delete_vpc_endpoint_connection_notifications(client, input, options \\ [])
View SourceDeletes the specified VPC endpoint connection notifications.
delete_vpc_endpoint_service_configurations(client, input, options \\ [])
View SourceDeletes the specified VPC endpoint service configurations.
Before you can delete
an endpoint service configuration, you must reject any Available or
PendingAcceptance interface endpoint connections that are attached to
the service.
Deletes the specified VPC endpoints.
When you delete a gateway endpoint, we delete the endpoint routes in the route tables for the endpoint.
When you delete a Gateway Load Balancer endpoint, we delete its endpoint network interfaces. You can only delete Gateway Load Balancer endpoints when the routes that are associated with the endpoint are deleted.
When you delete an interface endpoint, we delete its endpoint network interfaces.
Deletes a VPC peering connection.
Either the owner of the requester VPC or the owner
of the accepter VPC can delete the VPC peering connection if it's in the
active state. The owner of the requester VPC can delete a VPC peering
connection in the pending-acceptance state. You cannot delete a VPC peering
connection that's in the failed or rejected state.
Deletes the specified VPN connection.
If you're deleting the VPC and its associated components, we recommend that you detach the virtual private gateway from the VPC and delete the VPC before deleting the VPN connection. If you believe that the tunnel credentials for your VPN connection have been compromised, you can delete the VPN connection and create a new one that has new keys, without needing to delete the VPC or virtual private gateway. If you create a new VPN connection, you must reconfigure the customer gateway device using the new configuration information returned with the new VPN connection ID.
For certificate-based authentication, delete all Certificate Manager (ACM) private certificates used for the Amazon Web Services-side tunnel endpoints for the VPN connection before deleting the VPN connection.
Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway.
The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.
Deletes the specified virtual private gateway.
You must first detach the virtual private gateway from the VPC. Note that you don't need to delete the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and your network.
Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.
Before you can release an address range, you must stop advertising it using
WithdrawByoipCidr and you must not have any IP addresses allocated from its
address range.
Deprovisions your Autonomous System Number (ASN) from your Amazon Web Services account.
This action can only be called after any BYOIP CIDR associations are removed from your Amazon Web Services account with DisassociateIpamByoasn. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
Deprovision a CIDR provisioned from an IPAM pool.
If you deprovision a CIDR from a pool that has a source pool, the CIDR is recycled back into the source pool. For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User Guide.
Deprovision a CIDR from a public IPv4 pool.
Deregisters the specified AMI.
After you deregister an AMI, it can't be used to launch new instances.
If you deregister an AMI that matches a Recycle Bin retention rule, the AMI is retained in the Recycle Bin for the specified retention period. For more information, see Recycle Bin in the Amazon EC2 User Guide.
When you deregister an AMI, it doesn't affect any instances that you've already launched from the AMI. You'll continue to incur usage costs for those instances until you terminate them.
When you deregister an Amazon EBS-backed AMI, it doesn't affect the snapshot that was created for the root volume of the instance during the AMI creation process. When you deregister an instance store-backed AMI, it doesn't affect the files that you uploaded to Amazon S3 when you created the AMI.
deregister_instance_event_notification_attributes(client, input, options \\ [])
View SourceDeregisters tag keys to prevent tags that have the specified tag keys from being included in scheduled event notifications for resources in the Region.
deregister_transit_gateway_multicast_group_members(client, input, options \\ [])
View SourceDeregisters the specified members (network interfaces) from the transit gateway multicast group.
deregister_transit_gateway_multicast_group_sources(client, input, options \\ [])
View SourceDeregisters the specified sources (network interfaces) from the transit gateway multicast group.
Describes attributes of your Amazon Web Services account.
The following are the supported account attributes:
*
default-vpc: The ID of the default VPC for your account, or none.
*
max-instances: This attribute is no longer supported. The returned
value does not reflect your actual vCPU limit for running On-Demand Instances.
For more information, see On-Demand Instance Limits
in the
Amazon Elastic Compute Cloud User Guide.
*
max-elastic-ips: The maximum number of Elastic IP addresses that you can
allocate.
*
supported-platforms: This attribute is deprecated.
*
vpc-max-elastic-ips: The maximum number of Elastic IP addresses that you can
allocate.
*
vpc-max-security-groups-per-interface: The maximum number of security groups
that you can assign to a network interface.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes an Elastic IP address transfer.
For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.
When you transfer an Elastic IP address, there is a two-step handshake between the source and transfer Amazon Web Services accounts. When the source account starts the transfer, the transfer account has seven days to accept the Elastic IP address transfer. During those seven days, the source account can view the pending transfer by using this action. After seven days, the transfer expires and ownership of the Elastic IP address returns to the source account. Accepted transfers are visible to the source account for 14 days after the transfers have been accepted.
Describes the specified Elastic IP addresses or all of your Elastic IP addresses.
Describes the attributes of the specified Elastic IP addresses.
For requirements, see Using reverse DNS for email applications.
Describes the longer ID format settings for all resource types in a specific Region.
This request is useful for performing a quick audit to determine whether a specific Region is fully opted in for longer IDs (17-character IDs).
This request only returns information about resource types that support longer IDs.
The following resource types support longer IDs: bundle |
conversion-task | customer-gateway | dhcp-options |
elastic-ip-allocation | elastic-ip-association |
export-task | flow-log | image |
import-task | instance | internet-gateway |
network-acl | network-acl-association |
network-interface | network-interface-attachment |
prefix-list | reservation | route-table |
route-table-association | security-group |
snapshot | subnet |
subnet-cidr-block-association | volume | vpc |
vpc-cidr-block-association | vpc-endpoint |
vpc-peering-connection | vpn-connection | vpn-gateway.
Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to you.
If there is an event impacting a zone, you can use this request to view the state and any provided messages for that zone.
For more information about Availability Zones, Local Zones, and Wavelength Zones, see Regions and zones in the Amazon EC2 User Guide.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
describe_aws_network_performance_metric_subscriptions(client, input, options \\ [])
View SourceDescribes the current Infrastructure Performance metric subscriptions.
Describes the specified bundle tasks or all of your bundle tasks.
Completed bundle tasks are listed for only a limited time. If your bundle task
is no
longer in the list, you can still register an AMI from it. Just use
RegisterImage with the Amazon S3 bucket name and image manifest name you
provided
to the bundle task.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the IP address ranges that were specified in calls to
ProvisionByoipCidr.
To describe the address pools that were created when you provisioned the address
ranges, use DescribePublicIpv4Pools or DescribeIpv6Pools.
describe_capacity_block_extension_history(client, input, options \\ [])
View SourceDescribes the events for the specified Capacity Block extension during the specified time.
describe_capacity_block_extension_offerings(client, input, options \\ [])
View SourceDescribes Capacity Block extension offerings available for purchase in the Amazon Web Services Region that you're currently using.
Describes Capacity Block offerings available for purchase in the Amazon Web Services Region that you're currently using.
With Capacity Blocks, you purchase a specific instance type for a period of time.
describe_capacity_reservation_billing_requests(client, input, options \\ [])
View SourceDescribes a request to assign the billing of the unused capacity of a Capacity Reservation.
For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
describe_capacity_reservation_fleets(client, input, options \\ [])
View SourceDescribes one or more Capacity Reservation Fleets.
Describes one or more of your Capacity Reservations.
The results describe only the Capacity Reservations in the Amazon Web Services Region that you're currently using.
Describes one or more of your carrier gateways.
This action is deprecated.
Describes your linked EC2-Classic instances. This request only returns information about EC2-Classic instances linked to a VPC through ClassicLink. You cannot use this request to return information about other instances.
describe_client_vpn_authorization_rules(client, input, options \\ [])
View SourceDescribes the authorization rules for a specified Client VPN endpoint.
Describes active client connections and connections that have been terminated within the last 60 minutes for the specified Client VPN endpoint.
Describes one or more Client VPN endpoints in the account.
Describes the routes for the specified Client VPN endpoint.
Describes the target networks associated with the specified Client VPN endpoint.
Describes the specified customer-owned address pools or all of your customer-owned address pools.
Describes the specified conversion tasks or all your conversion tasks.
For more information, see the VM Import/Export User Guide.
For information about the import manifest referenced by this API action, see VM Import Manifest.
Describes one or more of your VPN customer gateways.
For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.
describe_declarative_policies_reports(client, input, options \\ [])
View SourceDescribes the metadata of an account status report, including the status of the report.
To view the full report, download it from the Amazon S3 bucket where it was
saved.
Reports are accessible only when they have the complete status. Reports
with other statuses (running, cancelled, or
error) are not available in the S3 bucket. For more information about
downloading objects from an S3 bucket, see Downloading objects
in
the Amazon Simple Storage Service User Guide.
For more information, see Generating the account status report for declarative policies in the Amazon Web Services Organizations User Guide.
Describes your DHCP option sets.
The default is to describe all your DHCP option sets. Alternatively, you can specify specific DHCP option set IDs or filter the results to include only the DHCP option sets that match specific criteria.
For more information, see DHCP option sets in the Amazon VPC User Guide.
describe_egress_only_internet_gateways(client, input, options \\ [])
View SourceDescribes your egress-only internet gateways.
The default is to describe all your egress-only internet gateways. Alternatively, you can specify specific egress-only internet gateway IDs or filter the results to include only the egress-only internet gateways that match specific criteria.
Amazon Elastic Graphics reached end of life on January 8, 2024.
Describes the Elastic Graphics accelerator associated with your instances.
Describes the specified export image tasks or all of your export image tasks.
Describes the specified export instance tasks or all of your export instance tasks.
Describe details for Windows AMIs that are configured for Windows fast launch.
Describes the state of fast snapshot restores for your snapshots.
Describes the events for the specified EC2 Fleet during the specified time.
EC2 Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. EC2 Fleet events are available for 48 hours.
For more information, see Monitor fleet events using Amazon EventBridge in the Amazon EC2 User Guide.
Describes the running instances for the specified EC2 Fleet.
Currently, DescribeFleetInstances does not support fleets of type
instant. Instead, use DescribeFleets, specifying the
instant fleet ID in the request.
For more information, see Describe your EC2 Fleet in the Amazon EC2 User Guide.
Describes the specified EC2 Fleet or all of your EC2 Fleets.
If a fleet is of type instant, you must specify the fleet ID in the
request, otherwise the fleet does not appear in the response.
For more information, see Describe your EC2 Fleet in the Amazon EC2 User Guide.
Describes one or more flow logs.
To view the published flow log records, you must view the log destination. For example, the CloudWatch Logs log group, the Amazon S3 bucket, or the Kinesis Data Firehose delivery stream.
Describes the specified attribute of the specified Amazon FPGA Image (AFI).
Describes the Amazon FPGA Images (AFIs) available to you.
These include public AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services accounts for which you have load permissions.
Describes the Dedicated Host reservations that are available to purchase.
The results describe all of the Dedicated Host reservation offerings, including offerings that might not match the instance family and Region of your Dedicated Hosts. When purchasing an offering, ensure that the instance family and Region of the offering matches that of the Dedicated Hosts with which it is to be associated. For more information about supported instance types, see Dedicated Hosts in the Amazon EC2 User Guide.
Describes reservations that are associated with Dedicated Hosts in your account.
Describes the specified Dedicated Hosts or all your Dedicated Hosts.
The results describe only the Dedicated Hosts in the Region you're currently
using.
All listed instances consume capacity on your Dedicated Host. Dedicated Hosts
that have
recently been released are listed with the state released.
describe_iam_instance_profile_associations(client, input, options \\ [])
View SourceDescribes your IAM instance profile associations.
Describes the ID format settings for your resources on a per-Region basis, for example, to view which resource types are enabled for longer IDs.
This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types.
The following resource types support longer IDs: bundle |
conversion-task | customer-gateway | dhcp-options |
elastic-ip-allocation | elastic-ip-association |
export-task | flow-log | image |
import-task | instance | internet-gateway |
network-acl | network-acl-association |
network-interface | network-interface-attachment |
prefix-list | reservation | route-table |
route-table-association | security-group |
snapshot | subnet |
subnet-cidr-block-association | volume | vpc
| vpc-cidr-block-association | vpc-endpoint |
vpc-peering-connection | vpn-connection | vpn-gateway.
These settings apply to the IAM user who makes the request; they do not apply to
the entire
Amazon Web Services account. By default, an IAM user defaults to the same
settings as the root user, unless
they explicitly override the settings by running the ModifyIdFormat command.
Resources
created with longer IDs are visible to all IAM users, regardless of these
settings and
provided that they have permission to use the relevant Describe command for
the
resource type.
Describes the ID format settings for resources for the specified IAM user, IAM role, or root user.
For example, you can view the resource types that are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.
The following resource types support longer IDs: bundle |
conversion-task | customer-gateway | dhcp-options |
elastic-ip-allocation | elastic-ip-association |
export-task | flow-log | image |
import-task | instance | internet-gateway |
network-acl | network-acl-association |
network-interface | network-interface-attachment |
prefix-list | reservation | route-table |
route-table-association | security-group |
snapshot | subnet |
subnet-cidr-block-association | volume | vpc
| vpc-cidr-block-association | vpc-endpoint |
vpc-peering-connection | vpn-connection | vpn-gateway.
These settings apply to the principal specified in the request. They do not apply to the principal that makes the request.
Describes the specified attribute of the specified AMI.
You can specify only one attribute at a time.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.
The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions.
Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found.
When Allowed AMIs is set to enabled, only allowed images are returned in the
results, with the imageAllowed field set to true for each image. In
audit-mode, the imageAllowed field is set to true for
images that meet the account's Allowed AMIs criteria, and false for images
that
don't meet the criteria. For more information, see
EnableAllowedImagesSettings.
We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Displays details about an import virtual machine or import snapshot tasks that are already created.
Describes your import snapshot tasks.
Describes the specified attribute of the specified instance.
You can specify only one
attribute at a time. Valid attribute values are: instanceType |
kernel | ramdisk | userData |
disableApiTermination | instanceInitiatedShutdownBehavior
| rootDeviceName | blockDeviceMapping |
productCodes | sourceDestCheck | groupSet |
ebsOptimized | sriovNetSupport
Describes the specified EC2 Instance Connect Endpoints or all EC2 Instance Connect Endpoints.
describe_instance_credit_specifications(client, input, options \\ [])
View SourceDescribes the credit option for CPU usage of the specified burstable performance instances.
The credit options are standard and
unlimited.
If you do not specify an instance ID, Amazon EC2 returns burstable performance
instances with the unlimited credit option, as well as instances that were
previously configured as T2, T3, and T3a with the unlimited credit option.
For example, if you resize a T2 instance, while it is configured as
unlimited, to an M4 instance, Amazon EC2 returns the M4
instance.
If you specify one or more instance IDs, Amazon EC2 returns the credit option
(standard or unlimited) of those instances. If you specify
an instance ID that is not valid, such as an instance that is not a burstable
performance instance, an error is returned.
Recently terminated instances might appear in the returned results. This interval is usually less than one hour.
If an Availability Zone is experiencing a service disruption and you specify instance IDs in the affected zone, or do not specify any instance IDs at all, the call fails. If you specify only instance IDs in an unaffected zone, the call works normally.
For more information, see Burstable performance instances in the Amazon EC2 User Guide.
describe_instance_event_notification_attributes(client, input, options \\ [])
View SourceDescribes the tag keys that are registered to appear in scheduled event notifications for resources in the current Region.
Describes the specified event windows or all event windows.
If you specify event window IDs, the output includes information for only the specified event windows. If you specify filters, the output includes information for only those event windows that meet the filter criteria. If you do not specify event windows IDs or filters, the output includes information for all event windows, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.
For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.
Describes the AMI that was used to launch an instance, even if the AMI is deprecated, deregistered, made private (no longer public or shared with your account), or not allowed.
If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance.
If you specify an instance ID that is not valid, an instance that doesn't exist,
or an
instance that you do not own, an error (InvalidInstanceID.NotFound) is
returned.
Recently terminated instances might appear in the returned results. This interval is usually less than one hour.
In the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected Availability Zone, or do not specify any instance IDs at all, the call fails. If you specify only instance IDs that are in an unaffected Availability Zone, the call works normally.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the status of the specified instances or all of your instances.
By default, only running instances are described, unless you specifically indicate to return the status of all instances.
Instance status includes the following components:
*
Status checks - Amazon EC2 performs status checks on running EC2 instances to identify hardware and software issues. For more information, see Status checks for your instances and Troubleshoot instances with failed status checks in the Amazon EC2 User Guide.
*
Scheduled events - Amazon EC2 can schedule events (such as reboot, stop, or terminate) for your instances related to hardware issues, software updates, or system maintenance. For more information, see Scheduled events for your instances in the Amazon EC2 User Guide.
*
Instance state - You can manage your instances from the moment you launch them through their termination. For more information, see Instance lifecycle in the Amazon EC2 User Guide.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes a tree-based hierarchy that represents the physical host placement of your EC2 instances within an Availability Zone or Local Zone.
You can use this information to determine the relative proximity of your EC2 instances within the Amazon Web Services network to support your tightly coupled workloads.
limitations
Limitations
* Supported zones
*Availability Zone
*Local Zone
* Supported instance types
*hpc6a.48xlarge | hpc6id.32xlarge | |
hpc7a.12xlarge | hpc7a.24xlarge | |
hpc7a.48xlarge | hpc7a.96xlarge | |
hpc7g.4xlarge | hpc7g.8xlarge |
hpc7g.16xlarge
*p3dn.24xlarge | p4d.24xlarge | |
p4de.24xlarge | p5.48xlarge |
p5e.48xlarge
*trn1.2xlarge | trn1.32xlarge |
trn1n.32xlarge
For more information, see Amazon EC2 instance topology in the Amazon EC2 User Guide.
Lists the instance types that are offered for the specified location.
If no location is specified, the default is to list the instance types that are offered in the current Region.
Describes the specified instance types.
By default, all instance types for the current Region are described. Alternatively, you can filter the results.
Describes the specified instances or all instances.
If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.
If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the output.
Recently terminated instances might appear in the returned results. This interval is usually less than one hour.
If you describe instances in the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected zone, or do not specify any instance IDs at all, the call fails. If you describe instances and specify only instance IDs that are in an unaffected zone, the call works normally.
We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes your internet gateways.
The default is to describe all your internet gateways. Alternatively, you can specify specific internet gateway IDs or filter the results to include only the internet gateways that match specific criteria.
Describes your Autonomous System Numbers (ASNs), their provisioning statuses, and the BYOIP CIDRs with which they are associated.
For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
describe_ipam_external_resource_verification_tokens(client, input, options \\ [])
View SourceDescribe verification tokens.
A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
Get information about your IPAM pools.
Describes IPAM resource discoveries.
A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
describe_ipam_resource_discovery_associations(client, input, options \\ [])
View SourceDescribes resource discovery association with an Amazon VPC IPAM.
An associated resource discovery is a resource discovery that has been associated with an IPAM..
Get information about your IPAM scopes.
Get information about your IPAM pools.
For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.
Describes your IPv6 address pools.
Describes the specified key pairs or all of your key pairs.
For more information about key pairs, see Amazon EC2 key pairs in the Amazon EC2 User Guide.
Describes one or more versions of a specified launch template.
You can describe all versions, individual versions, or a range of versions. You can also describe all the latest versions or all the default versions of all the launch templates in your account.
Describes one or more launch templates.
describe_local_gateway_route_table_virtual_interface_group_associations(client, input, options \\ [])
View SourceDescribes the associations between virtual interface groups and local gateway route tables.
describe_local_gateway_route_table_vpc_associations(client, input, options \\ [])
View SourceDescribes the specified associations between VPCs and local gateway route tables.
Describes one or more local gateway route tables.
By default, all local gateway route tables are described. Alternatively, you can filter the results.
describe_local_gateway_virtual_interface_groups(client, input, options \\ [])
View SourceDescribes the specified local gateway virtual interface groups.
describe_local_gateway_virtual_interfaces(client, input, options \\ [])
View SourceDescribes the specified local gateway virtual interfaces.
Describes one or more local gateways.
By default, all local gateways are described. Alternatively, you can filter the results.
Describes the lock status for a snapshot.
Describes the specified EC2 Mac Dedicated Host or all of your EC2 Mac Dedicated Hosts.
Describes your managed prefix lists and any Amazon Web Services-managed prefix lists.
To view the entries for your prefix list, use GetManagedPrefixListEntries.
This action is deprecated.
Describes your Elastic IP addresses that are being moved from or being restored to the EC2-Classic platform. This request does not return information about any other Elastic IP addresses in your account.
Describes your NAT gateways.
The default is to describe all your NAT gateways. Alternatively, you can specify specific NAT gateway IDs or filter the results to include only the NAT gateways that match specific criteria.
Describes your network ACLs.
The default is to describe all your network ACLs. Alternatively, you can specify specific network ACL IDs or filter the results to include only the network ACLs that match specific criteria.
For more information, see Network ACLs in the Amazon VPC User Guide.
describe_network_insights_access_scope_analyses(client, input, options \\ [])
View SourceDescribes the specified Network Access Scope analyses.
describe_network_insights_access_scopes(client, input, options \\ [])
View SourceDescribes the specified Network Access Scopes.
Describes one or more of your network insights analyses.
Describes one or more of your paths.
describe_network_interface_attribute(client, input, options \\ [])
View SourceDescribes a network interface attribute.
You can specify only one attribute at a time.
describe_network_interface_permissions(client, input, options \\ [])
View SourceDescribes the permissions for your network interfaces.
Describes one or more of your network interfaces.
If you have a large number of network interfaces, the operation fails unless
you use pagination or one of the following filters: group-id,
mac-address, private-dns-name, private-ip-address,
private-dns-name, subnet-id, or vpc-id.
We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.
Describes the specified placement groups or all of your placement groups.
To describe a specific placement group that is shared with
your account, you must specify the ID of the placement group using the
GroupId parameter. Specifying the name of a
shared placement group using the GroupNames
parameter will result in an error.
For more information, see Placement groups in the Amazon EC2 User Guide.
Describes available Amazon Web Services services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.
We recommend that you use DescribeManagedPrefixLists instead.
Describes the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference.
By default, all IAM roles and IAM users default to the same ID settings as the root user, unless they explicitly override the settings. This request is useful for identifying those IAM users and IAM roles that have overridden the default ID settings.
The following resource types support longer IDs: bundle |
conversion-task | customer-gateway | dhcp-options |
elastic-ip-allocation | elastic-ip-association |
export-task | flow-log | image |
import-task | instance | internet-gateway |
network-acl | network-acl-association |
network-interface | network-interface-attachment |
prefix-list | reservation | route-table |
route-table-association | security-group |
snapshot | subnet |
subnet-cidr-block-association | volume | vpc
| vpc-cidr-block-association | vpc-endpoint |
vpc-peering-connection | vpn-connection | vpn-gateway.
Describes the specified IPv4 address pools.
Describes the Regions that are enabled for your account, or all Regions.
For a list of the Regions supported by Amazon EC2, see Amazon EC2 service endpoints.
For information about enabling and disabling Regions for your account, see Specify which Amazon Web Services Regions your account can use in the Amazon Web Services Account Management Reference Guide.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes a root volume replacement task.
For more information, see Replace a root volume in the Amazon EC2 User Guide.
Describes one or more of the Reserved Instances that you purchased.
For more information about Reserved Instances, see Reserved Instances in the Amazon EC2 User Guide.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
describe_reserved_instances_listings(client, input, options \\ [])
View SourceDescribes your account's Reserved Instance listings in the Reserved Instance Marketplace.
The Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.
As a seller, you choose to list some or all of your Reserved Instances, and you specify the upfront price to receive for them. Your Reserved Instances are then listed in the Reserved Instance Marketplace and are available for purchase.
As a buyer, you specify the configuration of the Reserved Instance to purchase, and the Marketplace matches what you're searching for with what's available. The Marketplace first sells the lowest priced Reserved Instances to you, and continues to sell available Reserved Instance listings to you until your demand is met. You are charged based on the total price of all of the listings that you purchase.
For more information, see Sell in the Reserved Instance Marketplace in the Amazon EC2 User Guide.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
describe_reserved_instances_modifications(client, input, options \\ [])
View SourceDescribes the modifications made to your Reserved Instances.
If no parameter is specified, information about all your Reserved Instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned.
For more information, see Modify Reserved Instances in the Amazon EC2 User Guide.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
describe_reserved_instances_offerings(client, input, options \\ [])
View SourceDescribes Reserved Instance offerings that are available for purchase.
With Reserved Instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.
If you have listed your own Reserved Instances for sale in the Reserved Instance Marketplace, they will be excluded from these results. This is to ensure that you do not purchase your own Reserved Instances.
For more information, see Sell in the Reserved Instance Marketplace in the Amazon EC2 User Guide.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes your route tables.
The default is to describe all your route tables. Alternatively, you can specify specific route table IDs or filter the results to include only the route tables that match specific criteria.
Each subnet in your VPC must be associated with a route table. If a subnet is not explicitly associated with any route table, it is implicitly associated with the main route table. This command does not return the subnet ID for implicit associations.
For more information, see Route tables in the Amazon VPC User Guide.
describe_scheduled_instance_availability(client, input, options \\ [])
View SourceFinds available schedules that meet the specified criteria.
You can search for an available schedule no more than 3 months in advance. You must meet the minimum required duration of 1,200 hours per year. For example, the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the minimum monthly schedule is 100 hours.
After you find a schedule that meets your needs, call
PurchaseScheduledInstances
to purchase Scheduled Instances with that schedule.
Describes the specified Scheduled Instances or all your Scheduled Instances.
Describes the VPCs on the other side of a VPC peering or Transit Gateway connection that are referencing the security groups you've specified in this request.
Describes one or more of your security group rules.
describe_security_group_vpc_associations(client, input, options \\ [])
View SourceDescribes security group VPC associations made with AssociateSecurityGroupVpc.
Describes the specified security groups or all of your security groups.
Describes the specified attribute of the specified snapshot.
You can specify only one attribute at a time.
For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon EBS User Guide.
Describes the storage tier status of one or more Amazon EBS snapshots.
Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you.
The snapshots available to you include public snapshots, private snapshots that you own, and private snapshots owned by other Amazon Web Services accounts for which you have explicit create volume permissions.
The create volume permissions fall into the following categories:
*
public: The owner of the snapshot granted create volume
permissions for the snapshot to the all group. All Amazon Web Services
accounts have create
volume permissions for these snapshots.
*
explicit: The owner of the snapshot granted create volume permissions to a specific Amazon Web Services account.
*
implicit: An Amazon Web Services account has implicit create volume permissions for all snapshots it owns.
The list of snapshots returned can be filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services accounts with create volume permissions. If no options are specified, Amazon EC2 returns all snapshots for which you have create volume permissions.
If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not have access, it is not included in the returned results.
If you specify one or more snapshot owners using the OwnerIds option, only
snapshots from the specified owners and for which you have access are returned.
The results
can include the Amazon Web Services account IDs of the specified owners,
amazon for snapshots
owned by Amazon, or self for snapshots that you own.
If you specify a list of restorable users, only snapshots with create snapshot
permissions
for those users are returned. You can specify Amazon Web Services account IDs
(if you own the snapshots),
self for snapshots for which you own or have explicit permissions, or
all for public snapshots.
If you are describing a long list of snapshots, we recommend that you paginate
the output to make the
list more manageable. For more information, see
Pagination. To get the state of fast snapshot restores for a snapshot, use
DescribeFastSnapshotRestores.
For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon EBS User Guide.
We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.
Describes the data feed for Spot Instances.
For more information, see Spot Instance data feed in the Amazon EC2 User Guide.
Describes the running instances for the specified Spot Fleet.
Describes the events for the specified Spot Fleet request during the specified time.
Spot Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. Spot Fleet events are available for 48 hours.
For more information, see Monitor fleet events using Amazon EventBridge in the Amazon EC2 User Guide.
Describes your Spot Fleet requests.
Spot Fleet requests are deleted 48 hours after they are canceled and their instances are terminated.
Describes the specified Spot Instance requests.
You can use DescribeSpotInstanceRequests to find a running Spot Instance by
examining the response. If the status of the Spot Instance is fulfilled, the
instance ID appears in the response and contains the identifier of the instance.
Alternatively, you can use
DescribeInstances
with a filter to look for instances where the instance lifecycle is
spot.
We recommend that you set MaxResults to a value between 5 and 1000 to
limit the number of items returned. This paginates the output, which makes the
list
more manageable and returns the items faster. If the list of items exceeds your
MaxResults value, then that number of items is returned along with a
NextToken value that can be passed to a subsequent
DescribeSpotInstanceRequests request to retrieve the remaining
items.
Spot Instance requests are deleted four hours after they are canceled and their instances are terminated.
Describes the Spot price history.
For more information, see Spot Instance pricing history in the Amazon EC2 User Guide.
When you specify a start and end time, the operation returns the prices of the instance types within that time range. It also returns the last price change before the start time, which is the effective price as of the start time.
Describes the stale security group rules for security groups referenced across a VPC peering connection, transit gateway connection, or with a security group VPC association.
Rules are stale when they reference a deleted security group. Rules can also be stale if they reference a security group in a peer VPC for which the VPC peering connection has been deleted, across a transit gateway where the transit gateway has been deleted (or the transit gateway security group referencing feature has been disabled), or if a security group VPC association has been disassociated.
Describes the progress of the AMI store tasks.
You can describe the store tasks for specified AMIs. If you don't specify the AMIs, you get a paginated list of store tasks from the last 31 days.
For each AMI task, the response indicates if the task is InProgress,
Completed, or Failed. For tasks InProgress, the
response shows the estimated progress as a percentage.
Tasks are listed in reverse chronological order. Currently, only tasks from the past 31 days can be viewed.
To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon EC2 User Guide.
For more information, see Store and restore an AMI using Amazon S3 in the Amazon EC2 User Guide.
Describes your subnets.
The default is to describe all your subnets. Alternatively, you can specify specific subnet IDs or filter the results to include only the subnets that match specific criteria.
For more information, see Subnets in the Amazon VPC User Guide.
Describes the specified tags for your EC2 resources.
For more information about tags, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.
We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
describe_traffic_mirror_filter_rules(client, input, options \\ [])
View SourceDescribe traffic mirror filters that determine the traffic that is mirrored.
Describes one or more Traffic Mirror filters.
Describes one or more Traffic Mirror sessions.
By default, all Traffic Mirror sessions are described. Alternatively, you can filter the results.
Information about one or more Traffic Mirror targets.
describe_transit_gateway_attachments(client, input, options \\ [])
View SourceDescribes one or more attachments between resources and transit gateways.
By default, all attachments are described. Alternatively, you can filter the results by attachment ID, attachment state, resource ID, or resource owner.
describe_transit_gateway_connect_peers(client, input, options \\ [])
View SourceDescribes one or more Connect peers.
Describes one or more Connect attachments.
describe_transit_gateway_multicast_domains(client, input, options \\ [])
View SourceDescribes one or more transit gateway multicast domains.
describe_transit_gateway_peering_attachments(client, input, options \\ [])
View SourceDescribes your transit gateway peering attachments.
describe_transit_gateway_policy_tables(client, input, options \\ [])
View SourceDescribes one or more transit gateway route policy tables.
describe_transit_gateway_route_table_announcements(client, input, options \\ [])
View SourceDescribes one or more transit gateway route table advertisements.
describe_transit_gateway_route_tables(client, input, options \\ [])
View SourceDescribes one or more transit gateway route tables.
By default, all transit gateway route tables are described. Alternatively, you can filter the results.
describe_transit_gateway_vpc_attachments(client, input, options \\ [])
View SourceDescribes one or more VPC attachments.
By default, all VPC attachments are described. Alternatively, you can filter the results.
Describes one or more transit gateways.
By default, all transit gateways are described. Alternatively, you can filter the results.
describe_trunk_interface_associations(client, input, options \\ [])
View SourceDescribes one or more network interface trunk associations.
Describes the specified Amazon Web Services Verified Access endpoints.
Describes the specified Verified Access groups.
describe_verified_access_instance_logging_configurations(client, input, options \\ [])
View SourceDescribes the specified Amazon Web Services Verified Access instances.
Describes the specified Amazon Web Services Verified Access instances.
describe_verified_access_trust_providers(client, input, options \\ [])
View SourceDescribes the specified Amazon Web Services Verified Access trust providers.
Describes the specified attribute of the specified volume.
You can specify only one attribute at a time.
For more information about EBS volumes, see Amazon EBS volumes in the Amazon EBS User Guide.
Describes the status of the specified volumes.
Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume's underlying host. If the volume's underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to be taken in response to the event.
The DescribeVolumeStatus operation provides the following information about
the specified volumes:
Status: Reflects the current status of the volume. The possible
values are ok, impaired , warning, or
insufficient-data. If all checks pass, the overall status of the volume is
ok. If the check fails, the overall status is impaired. If the
status is insufficient-data, then the checks might still be taking place on
your
volume at the time. We recommend that you retry the request. For more
information about volume
status, see Monitor the status of your volumes
in the Amazon EBS User Guide.
Events: Reflect the cause of a volume status and might require you to
take action. For example, if your volume returns an impaired status, then the
volume event might be potential-data-inconsistency. This means that your
volume
has been affected by an issue with the underlying host, has all I/O operations
disabled, and
might have inconsistent data.
Actions: Reflect the actions you might have to take in response to an
event. For example, if the status of the volume is impaired and the volume
event
shows potential-data-inconsistency, then the action shows
enable-volume-io. This means that you may want to enable the I/O operations
for
the volume by calling the EnableVolumeIO action and then check the volume
for data consistency.
Volume status is based on the volume status checks, and does not reflect the
volume state.
Therefore, volume status does not indicate volumes in the error state (for
example, when a volume is incapable of accepting I/O.)
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the specified EBS volumes or all of your EBS volumes.
If you are describing a long list of volumes, we recommend that you paginate the output to make the list more manageable. For more information, see Pagination. For more information about EBS volumes, see Amazon EBS volumes in the Amazon EBS User Guide.
We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the most recent volume modification request for the specified EBS volumes.
For more information, see Monitor the progress of volume modifications in the Amazon EBS User Guide.
Describes the specified attribute of the specified VPC.
You can specify only one attribute at a time.
describe_vpc_block_public_access_exclusions(client, input, options \\ [])
View SourceDescribe VPC Block Public Access (BPA) exclusions.
A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
describe_vpc_block_public_access_options(client, input, options \\ [])
View SourceDescribe VPC Block Public Access (BPA) options.
VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
This action is deprecated.
Describes the ClassicLink status of the specified VPCs.
describe_vpc_classic_link_dns_support(client, input, options \\ [])
View SourceThis action is deprecated.
Describes the ClassicLink DNS support status of one or more VPCs. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it's linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance.
Describes the VPC resources, VPC endpoint services, Amazon Lattice services, or service networks associated with the VPC endpoint.
describe_vpc_endpoint_connection_notifications(client, input, options \\ [])
View SourceDescribes the connection notifications for VPC endpoints and VPC endpoint services.
Describes the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance.
describe_vpc_endpoint_service_configurations(client, input, options \\ [])
View SourceDescribes the VPC endpoint service configurations in your account (your services).
describe_vpc_endpoint_service_permissions(client, input, options \\ [])
View SourceDescribes the principals (service consumers) that are permitted to discover your VPC endpoint service.
Describes available services to which you can create a VPC endpoint.
When the service provider and the consumer have different accounts in multiple
Availability Zones, and the consumer views the VPC endpoint service information,
the
response only includes the common Availability Zones. For example, when the
service
provider account uses us-east-1a and us-east-1c and the
consumer uses us-east-1a and us-east-1b, the response includes
the VPC endpoint services in the common Availability Zone,
us-east-1a.
Describes your VPC endpoints.
The default is to describe all your VPC endpoints. Alternatively, you can specify specific VPC endpoint IDs or filter the results to include only the VPC endpoints that match specific criteria.
Describes your VPC peering connections.
The default is to describe all your VPC peering connections. Alternatively, you can specify specific VPC peering connection IDs or filter the results to include only the VPC peering connections that match specific criteria.
Describes your VPCs.
The default is to describe all your VPCs. Alternatively, you can specify specific VPC IDs or filter the results to include only the VPCs that match specific criteria.
Describes one or more of your VPN connections.
For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.
Describes one or more of your virtual private gateways.
For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.
This action is deprecated.
Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance has been unlinked, the VPC security groups are no longer associated with it. An instance is automatically unlinked from a VPC when it's stopped.
Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC.
The VPC must not contain any running instances with Elastic IP addresses or public IPv4 addresses.
Detaches a network interface from an instance.
detach_verified_access_trust_provider(client, input, options \\ [])
View SourceDetaches the specified Amazon Web Services Verified Access trust provider from the specified Amazon Web Services Verified Access instance.
Detaches an EBS volume from an instance.
Make sure to unmount any file systems on the
device within your operating system before detaching the volume. Failure to do
so can result
in the volume becoming stuck in the busy state while detaching. If this
happens,
detachment can be delayed indefinitely until you unmount the volume, force
detachment, reboot
the instance, or all three. If an EBS volume is the root device of an instance,
it can't be
detached while the instance is running. To detach the root volume, stop the
instance
first.
When a volume with an Amazon Web Services Marketplace product code is detached from an instance, the product code is no longer associated with the instance.
You can't detach or force detach volumes that are attached to Amazon ECS or
Fargate tasks. Attempting to do this results in the
UnsupportedOperationException
exception with the Unable to detach volume attached to ECS tasks error
message.
For more information, see Detach an Amazon EBS volume in the Amazon EBS User Guide.
Detaches a virtual private gateway from a VPC.
You do this if you're planning to turn off the VPC and not use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by describing the virtual private gateway (any attachments to the virtual private gateway are also described).
You must wait for the attachment's state to switch to detached before you
can delete the VPC or attach a different VPC to the virtual private gateway.
Disables Elastic IP address transfer.
For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.
Disables Allowed AMIs for your account in the specified Amazon Web Services Region.
When set to
disabled, the image criteria in your Allowed AMIs settings do not apply, and
no
restrictions are placed on AMI discoverability or usage. Users in your account
can launch
instances using any public AMI or AMI shared with your account.
The Allowed AMIs feature does not restrict the AMIs owned by your account. Regardless of the criteria you set, the AMIs created by your account will always be discoverable and usable by users in your account.
For more information, see Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs in Amazon EC2 User Guide.
disable_aws_network_performance_metric_subscription(client, input, options \\ [])
View SourceDisables Infrastructure Performance metric subscriptions.
Disables EBS encryption by default for your account in the current Region.
After you disable encryption by default, you can still create encrypted volumes by enabling encryption when you create each volume.
Disabling encryption by default does not change the encryption status of your existing volumes.
For more information, see Amazon EBS encryption in the Amazon EBS User Guide.
Discontinue Windows fast launch for a Windows AMI, and clean up existing pre-provisioned snapshots.
After you disable Windows fast launch, the AMI uses the standard launch process for each new instance. Amazon EC2 must remove all pre-provisioned snapshots before you can enable Windows fast launch again.
You can only change these settings for Windows AMIs that you own or that have been shared with you.
Disables fast snapshot restores for the specified snapshots in the specified Availability Zones.
Sets the AMI state to disabled and removes all launch permissions from the
AMI.
A disabled AMI can't be used for instance launches.
A disabled AMI can't be shared. If an AMI was public or previously shared, it is made private. If an AMI was shared with an Amazon Web Services account, organization, or Organizational Unit, they lose access to the disabled AMI.
A disabled AMI does not appear in DescribeImages API calls by default.
Only the AMI owner can disable an AMI.
You can re-enable a disabled AMI using EnableImage.
For more information, see Disable an AMI in the Amazon EC2 User Guide.
Disables block public access for AMIs at the account level in the specified Amazon Web Services Region.
This removes the block public access restriction from your account. With the restriction removed, you can publicly share your AMIs in the specified Amazon Web Services Region.
The API can take up to 10 minutes to configure this setting. During this time,
if you run
GetImageBlockPublicAccessState, the response will be
block-new-sharing. When the API has completed the configuration, the response
will be unblocked.
For more information, see Block public access to your AMIs in the Amazon EC2 User Guide.
Cancels the deprecation of the specified AMI.
For more information, see Deprecate an AMI in the Amazon EC2 User Guide.
disable_image_deregistration_protection(client, input, options \\ [])
View SourceDisables deregistration protection for an AMI.
When deregistration protection is disabled, the AMI can be deregistered.
If you chose to include a 24-hour cooldown period when you enabled deregistration protection for the AMI, then, when you disable deregistration protection, you won’t immediately be able to deregister the AMI.
For more information, see Protect an AMI from deregistration in the Amazon EC2 User Guide.
disable_ipam_organization_admin_account(client, input, options \\ [])
View SourceDisable the IPAM account.
For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide.
Disables access to the EC2 serial console of all instances for your account.
By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
disable_snapshot_block_public_access(client, input, options \\ [])
View SourceDisables the block public access for snapshots setting at the account level for the specified Amazon Web Services Region.
After you disable block public access for snapshots in a Region, users can publicly share snapshots in that Region.
Enabling block public access for snapshots in block-all-sharing mode does not change the permissions for snapshots that are already publicly shared. Instead, it prevents these snapshots from be publicly visible and publicly accessible. Therefore, the attributes for these snapshots still indicate that they are publicly shared, even though they are not publicly available.
If you disable block public access , these snapshots will become publicly available again.
For more information, see Block public access for snapshots in the Amazon EBS User Guide .
disable_transit_gateway_route_table_propagation(client, input, options \\ [])
View SourceDisables the specified resource attachment from propagating routes to the specified propagation route table.
Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC.
This action is deprecated.
Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that has EC2-Classic instances linked to it.
disable_vpc_classic_link_dns_support(client, input, options \\ [])
View SourceThis action is deprecated.
Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve to public IP addresses when addressed between a linked EC2-Classic instance and instances in the VPC to which it's linked.
You must specify a VPC ID in the request.
Disassociates an Elastic IP address from the instance or network interface it's associated with.
This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn't return an error.
disassociate_capacity_reservation_billing_owner(client, input, options \\ [])
View SourceCancels a pending request to assign billing of the unused capacity of a Capacity Reservation to a consumer account, or revokes a request that has already been accepted.
For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
disassociate_client_vpn_target_network(client, input, options \\ [])
View SourceDisassociates a target network from the specified Client VPN endpoint.
When you disassociate the last target network from a Client VPN, the following happens:
* The route that was automatically added for the VPC is deleted
* All active client connections are terminated
* New client connections are disallowed
*
The Client VPN endpoint's status changes to pending-associate
disassociate_enclave_certificate_iam_role(client, input, options \\ [])
View SourceDisassociates an IAM role from an Certificate Manager (ACM) certificate.
Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role's permission to use the KMS key used to encrypt the private key. This effectively revokes the role's permission to use the certificate.
Disassociates an IAM instance profile from a running or stopped instance.
Use DescribeIamInstanceProfileAssociations to get the association
ID.
Disassociates one or more targets from an event window.
For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.
Remove the association between your Autonomous System Number (ASN) and your BYOIP CIDR.
You may want to use this action to disassociate an ASN from a CIDR or if you want to swap ASNs. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
disassociate_ipam_resource_discovery(client, input, options \\ [])
View SourceDisassociates a resource discovery from an Amazon VPC IPAM.
A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Disassociates secondary Elastic IP addresses (EIPs) from a public NAT gateway.
You cannot disassociate your primary EIP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide.
While disassociating is in progress, you cannot associate/disassociate additional EIPs while the connections are being drained. You are, however, allowed to delete the NAT gateway.
An EIP is released only at the end of MaxDrainDurationSeconds. It stays associated and supports the existing connections but does not support any new connections (new connections are distributed across the remaining associated EIPs). As the existing connections drain out, the EIPs (and the corresponding private IP addresses mapped to them) are released.
Disassociates a subnet or gateway from a route table.
After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the routes in the VPC's main route table. For more information about route tables, see Route tables in the Amazon VPC User Guide.
Disassociates a security group from a VPC.
You cannot disassociate the security group if any Elastic network interfaces in the associated VPC are still associated with the security group.
Note that the disassociation is asynchronous and you can check the status of the request with DescribeSecurityGroupVpcAssociations.
Disassociates a CIDR block from a subnet.
Currently, you can disassociate an IPv6 CIDR block only. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.
disassociate_transit_gateway_multicast_domain(client, input, options \\ [])
View SourceDisassociates the specified subnets from the transit gateway multicast domain.
disassociate_transit_gateway_policy_table(client, input, options \\ [])
View SourceRemoves the association between an an attachment and a policy table.
disassociate_transit_gateway_route_table(client, input, options \\ [])
View SourceDisassociates a resource attachment from a transit gateway route table.
Removes an association between a branch network interface with a trunk network interface.
Disassociates a CIDR block from a VPC.
To disassociate the CIDR block, you must
specify its association ID. You can get the association ID by using
DescribeVpcs. You must detach or delete all gateways and resources that
are associated with the CIDR block before you can disassociate it.
You cannot disassociate the CIDR block with which you originally created the VPC (the primary CIDR block).
Enables Elastic IP address transfer.
For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.
Enables Allowed AMIs for your account in the specified Amazon Web Services Region.
Two values are accepted:
*
enabled: The image criteria in your Allowed AMIs settings are applied. As
a result, only AMIs matching these criteria are discoverable and can be used by
your
account to launch instances.
*
audit-mode: The image criteria in your Allowed AMIs settings are not
applied. No restrictions are placed on AMI discoverability or usage. Users in
your account
can launch instances using any public AMI or AMI shared with your account.
The purpose of audit-mode is to indicate which AMIs will be affected when
Allowed AMIs is enabled. In audit-mode, each AMI displays either
"ImageAllowed": true or "ImageAllowed": false to indicate
whether the AMI will be discoverable and available to users in the account when
Allowed
AMIs is enabled.
The Allowed AMIs feature does not restrict the AMIs owned by your account. Regardless of the criteria you set, the AMIs created by your account will always be discoverable and usable by users in your account.
For more information, see Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs in Amazon EC2 User Guide.
enable_aws_network_performance_metric_subscription(client, input, options \\ [])
View SourceEnables Infrastructure Performance subscriptions.
Enables EBS encryption by default for your account in the current Region.
After you enable encryption by default, the EBS volumes that you create are always encrypted, either using the default KMS key or the KMS key that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.
You can specify the default KMS key for encryption by default using
ModifyEbsDefaultKmsKeyId
or ResetEbsDefaultKmsKeyId.
Enabling encryption by default has no effect on the encryption status of your existing volumes.
After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.
When you enable Windows fast launch for a Windows AMI, images are pre-provisioned, using snapshots to launch instances up to 65% faster.
To create the optimized Windows image, Amazon EC2 launches an instance and runs through Sysprep steps, rebooting as required. Then it creates a set of reserved snapshots that are used for subsequent launches. The reserved snapshots are automatically replenished as they are used, depending on your settings for launch frequency.
You can only change these settings for Windows AMIs that you own or that have been shared with you.
Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.
You get the full benefit of fast snapshot restores after they enter the
enabled state.
To get the current state of fast snapshot restores, use
DescribeFastSnapshotRestores.
To disable fast snapshot restores, use DisableFastSnapshotRestores.
For more information, see Amazon EBS fast snapshot restore in the Amazon EBS User Guide.
Re-enables a disabled AMI.
The re-enabled AMI is marked as available and can
be used for instance launches, appears in describe operations, and can be
shared. Amazon Web Services
accounts, organizations, and Organizational Units that lost access to the AMI
when it was
disabled do not regain access automatically. Once the AMI is available, it can
be shared with
them again.
Only the AMI owner can re-enable a disabled AMI.
For more information, see Disable an AMI in the Amazon EC2 User Guide.
Enables block public access for AMIs at the account level in the specified Amazon Web Services Region.
This prevents the public sharing of your AMIs. However, if you already have public AMIs, they will remain publicly available.
The API can take up to 10 minutes to configure this setting. During this time,
if you run
GetImageBlockPublicAccessState, the response will be unblocked. When
the API has completed the configuration, the response will be
block-new-sharing.
For more information, see Block public access to your AMIs in the Amazon EC2 User Guide.
Enables deprecation of the specified AMI at the specified date and time.
For more information, see Deprecate an AMI in the Amazon EC2 User Guide.
enable_image_deregistration_protection(client, input, options \\ [])
View SourceEnables deregistration protection for an AMI.
When deregistration protection is enabled, the AMI can't be deregistered.
To allow the AMI to be deregistered, you must first disable deregistration
protection
using DisableImageDeregistrationProtection.
For more information, see Protect an AMI from deregistration in the Amazon EC2 User Guide.
enable_ipam_organization_admin_account(client, input, options \\ [])
View SourceEnable an Organizations member account as the IPAM admin account.
You cannot select the Organizations management account as the IPAM admin account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide.
enable_reachability_analyzer_organization_sharing(client, input, options \\ [])
View SourceEstablishes a trust relationship between Reachability Analyzer and Organizations.
This operation must be performed by the management account for the organization.
After you establish a trust relationship, a user in the management account or a delegated administrator account can run a cross-account analysis using resources from the member accounts.
Enables access to the EC2 serial console of all instances for your account.
By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
Enables or modifies the block public access for snapshots setting at the account level for the specified Amazon Web Services Region.
After you enable block public access for snapshots in a Region, users can no longer request public sharing for snapshots in that Region. Snapshots that are already publicly shared are either treated as private or they remain publicly shared, depending on the State that you specify.
Enabling block public access for snapshots in block all sharing mode does not change the permissions for snapshots that are already publicly shared. Instead, it prevents these snapshots from be publicly visible and publicly accessible. Therefore, the attributes for these snapshots still indicate that they are publicly shared, even though they are not publicly available.
If you later disable block public access or change the mode to block new sharing, these snapshots will become publicly available again.
For more information, see Block public access for snapshots in the Amazon EBS User Guide.
enable_transit_gateway_route_table_propagation(client, input, options \\ [])
View SourceEnables the specified attachment to propagate routes to the specified propagation route table.
Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC.
Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent.
This action is deprecated.
Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your
ClassicLink-enabled VPC to allow communication over private IP addresses. You
cannot
enable your VPC for ClassicLink if any of your VPC route tables have existing
routes for
address ranges within the 10.0.0.0/8 IP address range, excluding local
routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address
ranges.
This action is deprecated.
Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it's linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance.
You must specify a VPC ID in the request.
export_client_vpn_client_certificate_revocation_list(client, input, options \\ [])
View SourceDownloads the client certificate revocation list for the specified Client VPN endpoint.
export_client_vpn_client_configuration(client, input, options \\ [])
View SourceDownloads the contents of the Client VPN endpoint configuration file for the specified Client VPN endpoint.
The Client VPN endpoint configuration file includes the Client VPN endpoint and certificate information clients need to establish a connection with the Client VPN endpoint.
Exports an Amazon Machine Image (AMI) to a VM file.
For more information, see Exporting a VM directly from an Amazon Machine Image (AMI) in the VM Import/Export User Guide.
Exports routes from the specified transit gateway route table to the specified S3 bucket.
By default, all routes are exported. Alternatively, you can filter by CIDR range.
The routes are saved to the specified bucket in a JSON file. For more information, see Export route tables to Amazon S3 in the Amazon Web Services Transit Gateways Guide.
export_verified_access_instance_client_configuration(client, input, options \\ [])
View SourceExports the client configuration for a Verified Access instance.
Gets the current state of the Allowed AMIs setting and the list of Allowed AMIs criteria at the account level in the specified Region.
The Allowed AMIs feature does not restrict the AMIs owned by your account. Regardless of the criteria you set, the AMIs created by your account will always be discoverable and usable by users in your account.
For more information, see Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs in Amazon EC2 User Guide.
get_associated_enclave_certificate_iam_roles(client, input, options \\ [])
View SourceReturns the IAM roles that are associated with the specified ACM (ACM) certificate.
It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the KMS key that's used to encrypt the private key.
Gets information about the IPv6 CIDR block associations for a specified IPv6 address pool.
Gets network performance data.
Gets usage information about a Capacity Reservation.
If the Capacity Reservation is shared, it shows usage information for the Capacity Reservation owner and each Amazon Web Services account that is currently using the shared capacity. If the Capacity Reservation is not shared, it shows only the Capacity Reservation owner's usage.
Describes the allocations from the specified customer-owned address pool.
Gets the console output for the specified instance.
For Linux instances, the instance console output displays the exact console output that would normally be displayed on a physical monitor attached to a computer. For Windows instances, the instance console output includes the last three system event log errors.
For more information, see Instance console output in the Amazon EC2 User Guide.
Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.
The returned content is Base64-encoded.
For more information, see Instance console output in the Amazon EC2 User Guide.
get_declarative_policies_report_summary(client, input, options \\ [])
View SourceRetrieves a summary of the account status report.
To view the full report, download it from the Amazon S3 bucket where it was
saved.
Reports are accessible only when they have the complete status. Reports
with other statuses (running, cancelled, or
error) are not available in the S3 bucket. For more information about
downloading objects from an S3 bucket, see Downloading objects
in
the Amazon Simple Storage Service User Guide.
For more information, see Generating the account status report for declarative policies in the Amazon Web Services Organizations User Guide.
Describes the default credit option for CPU usage of a burstable performance instance family.
For more information, see Burstable performance instances in the Amazon EC2 User Guide.
Describes the default KMS key for EBS encryption by default for your account in this Region.
You can change the default KMS key for encryption by default using
ModifyEbsDefaultKmsKeyId or
ResetEbsDefaultKmsKeyId.
For more information, see Amazon EBS encryption in the Amazon EBS User Guide.
Describes whether EBS encryption by default is enabled for your account in the current Region.
For more information, see Amazon EBS encryption in the Amazon EBS User Guide.
Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena.
This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following:
* Create a table in Athena that maps fields to a custom log format
* Create a Lambda function that updates the table with new partitions on a daily, weekly, or monthly basis
* Create a table partitioned between two timestamps in the past
* Create a set of named queries in Athena that you can use to get started quickly
GetFlowLogsIntegrationTemplate does not support integration between
Amazon Web Services Transit Gateway Flow Logs and Amazon Athena.
Lists the resource groups to which a Capacity Reservation has been added.
get_host_reservation_purchase_preview(client, input, options \\ [])
View SourcePreview a reservation purchase with configurations that match those of your Dedicated Host.
You must have active Dedicated Hosts in your account before you purchase a reservation.
This is a preview of the PurchaseHostReservation action and does not
result in the offering being purchased.
Gets the current state of block public access for AMIs at the account level in the specified Amazon Web Services Region.
For more information, see Block public access to your AMIs in the Amazon EC2 User Guide.
Gets the default instance metadata service (IMDS) settings that are set at the account level in the specified Amazon Web Services Region.
For more information, see Order of precedence for instance metadata options in the Amazon EC2 User Guide.
Gets the public endorsement key associated with the Nitro Trusted Platform Module (NitroTPM) for the specified instance.
get_instance_types_from_instance_requirements(client, input, options \\ [])
View SourceReturns a list of instance types with the specified instance attributes.
You can use the response to preview the instance types without launching instances. Note that the response does not consider capacity.
When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.
For more information, see Preview instance types with specified attributes, Specify attributes for instance type selection for EC2 Fleet or Spot Fleet, and Spot placement score in the Amazon EC2 User Guide, and Creating mixed instance groups using attribute-based instance type selection in the Amazon EC2 Auto Scaling User Guide.
A binary representation of the UEFI variable store.
Only non-volatile variables are stored. This is a base64 encoded and zlib compressed binary value that must be properly encoded.
When you use
register-image to create
an AMI, you can create an exact copy of your variable store by passing the UEFI
data in
the UefiData parameter. You can modify the UEFI data by using the
python-uefivars tool on
GitHub. You can use the tool to convert the UEFI data into a human-readable
format
(JSON), which you can inspect and modify, and then convert back into the binary
format
to use with register-image.
For more information, see UEFI Secure Boot in the Amazon EC2 User Guide.
Retrieve historical information about a CIDR within an IPAM scope.
For more information, see View the history of IP addresses in the Amazon VPC IPAM User Guide.
Gets IPAM discovered accounts.
A discovered account is an Amazon Web Services account that is monitored under a resource discovery. If you have integrated IPAM with Amazon Web Services Organizations, all accounts in the organization are discovered accounts. Only the IPAM account can get all discovered accounts in the organization.
get_ipam_discovered_public_addresses(client, input, options \\ [])
View SourceGets the public IP addresses that have been discovered by IPAM.
Returns the resource CIDRs that are monitored as part of a resource discovery.
A discovered resource is a resource CIDR monitored under a resource discovery. The following resources can be discovered: VPCs, Public IPv4 pools, VPC subnets, and Elastic IP addresses.
Get a list of all the CIDR allocations in an IPAM pool.
The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations.
If you use this action after AllocateIpamPoolCidr or ReleaseIpamPoolAllocation, note that all EC2 API actions follow an eventual consistency model.
Get the CIDRs provisioned to an IPAM pool.
Returns resource CIDRs managed by IPAM in a given scope.
If an IPAM is associated with more than one resource discovery, the resource CIDRs across all of the resource discoveries is returned. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Retrieves the configuration data of the specified instance.
You can use this data to create a launch template.
This action calls on other describe actions to get instance information.
Depending on
your instance configuration, you may need to allow the following actions in your
IAM
policy: DescribeSpotInstanceRequests, DescribeInstanceCreditSpecifications,
DescribeVolumes, and DescribeInstanceAttribute. Or,
you can allow describe* depending on your instance requirements.
get_managed_prefix_list_associations(client, input, options \\ [])
View SourceGets information about the resources that are associated with the specified managed prefix list.
Gets information about the entries for a specified managed prefix list.
get_network_insights_access_scope_analysis_findings(client, input, options \\ [])
View SourceGets the findings for the specified Network Access Scope analysis.
get_network_insights_access_scope_content(client, input, options \\ [])
View SourceGets the content for the specified Network Access Scope.
Retrieves the encrypted administrator password for a running Windows instance.
The Windows password is generated at boot by the EC2Config service or
EC2Launch scripts (Windows Server 2016 and later). This usually only
happens the first time an instance is launched. For more information, see
EC2Config and
EC2Launch
in the
Amazon EC2 User Guide.
For the EC2Config service, the password is not generated for rebundled
AMIs unless Ec2SetPassword is enabled before bundling.
The password is encrypted using the key pair that you specified when you launched the instance. You must provide the corresponding key pair file.
When you launch an instance, password generation and encryption may take a few minutes. If you try to retrieve the password before it's available, the output returns an empty string. We recommend that you wait up to 15 minutes after launching an instance before trying to retrieve the generated password.
get_reserved_instances_exchange_quote(client, input, options \\ [])
View SourceReturns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance.
If the exchange
cannot be performed, the reason is returned in the response. Use
AcceptReservedInstancesExchangeQuote to perform the exchange.
Gets security groups that can be associated by the Amazon Web Services account making the request with network interfaces in the specified VPC.
Retrieves the access status of your account to the EC2 serial console of all instances.
By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
get_snapshot_block_public_access_state(client, input, options \\ [])
View SourceGets the current state of block public access for snapshots setting for the account and Region.
For more information, see Block public access for snapshots in the Amazon EBS User Guide.
Calculates the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements.
You can specify your compute requirements either by using
InstanceRequirementsWithMetadata and letting Amazon EC2 choose the optimal
instance types to fulfill your Spot request, or you can specify the instance
types by using
InstanceTypes.
For more information, see Spot placement score in the Amazon EC2 User Guide.
Gets information about the subnet CIDR reservations.
get_transit_gateway_attachment_propagations(client, input, options \\ [])
View SourceLists the route tables to which the specified resource attachment propagates routes.
get_transit_gateway_multicast_domain_associations(client, input, options \\ [])
View SourceGets information about the associations for the transit gateway multicast domain.
get_transit_gateway_policy_table_associations(client, input, options \\ [])
View SourceGets a list of the transit gateway policy table associations.
get_transit_gateway_policy_table_entries(client, input, options \\ [])
View SourceReturns a list of transit gateway policy table entries.
get_transit_gateway_prefix_list_references(client, input, options \\ [])
View SourceGets information about the prefix list references in a specified transit gateway route table.
get_transit_gateway_route_table_associations(client, input, options \\ [])
View SourceGets information about the associations for the specified transit gateway route table.
get_transit_gateway_route_table_propagations(client, input, options \\ [])
View SourceGets information about the route table propagations for the specified transit gateway route table.
Get the Verified Access policy associated with the endpoint.
get_verified_access_endpoint_targets(client, input, options \\ [])
View SourceGets the targets for the specified network CIDR endpoint for Verified Access.
Shows the contents of the Verified Access policy associated with the group.
get_vpn_connection_device_sample_configuration(client, input, options \\ [])
View SourceDownload an Amazon Web Services-provided sample configuration file to be used with the customer gateway device specified for your Site-to-Site VPN connection.
Obtain a list of customer gateway devices for which sample configuration files can be provided.
The request has no additional parameters. You can also see the list of device types with sample configuration files available under Your customer gateway device in the Amazon Web Services Site-to-Site VPN User Guide.
Get details of available tunnel endpoint maintenance.
import_client_vpn_client_certificate_revocation_list(client, input, options \\ [])
View SourceUploads a client certificate revocation list to the specified Client VPN endpoint.
Uploading a client certificate revocation list overwrites the existing client certificate revocation list.
Uploading a client certificate revocation list resets existing client connections.
To import your virtual machines (VMs) with a console-based experience, you can use the Import virtual machine images to Amazon Web Services template in the Migration Hub Orchestrator console.
For more information, see the Migration Hub Orchestrator User Guide .
Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI).
Amazon Web Services VM Import/Export strongly recommends specifying a value for
either the
--license-type or --usage-operation parameter when you create a new
VM Import task. This ensures your operating system is licensed appropriately and
your billing is
optimized.
For more information, see Importing a VM as an image using VM Import/Export in the VM Import/Export User Guide.
We recommend that you use the
ImportImage
API instead.
For more information, see Importing a VM as an image using VM Import/Export in the VM Import/Export User Guide.
Creates an import instance task using metadata from the specified disk image.
This API action supports only single-volume VMs. To import multi-volume VMs, use
ImportImage
instead.
For information about the import manifest referenced by this API action, see VM Import Manifest.
This API action is not supported by the Command Line Interface (CLI).
Imports the public key from an RSA or ED25519 key pair that you created using a third-party tool.
You give Amazon Web Services only the public key. The private key is never transferred between you and Amazon Web Services.
For more information about the requirements for importing a key pair, see Create a key pair and import the public key to Amazon EC2 in the Amazon EC2 User Guide.
Imports a disk into an EBS snapshot.
For more information, see Importing a disk as a snapshot using VM Import/Export in the VM Import/Export User Guide.
This API action supports only single-volume VMs.
To import multi-volume VMs, use
ImportImage instead. To import a disk to a snapshot, use
ImportSnapshot instead.
Creates an import volume task using metadata from the specified disk image.
For information about the import manifest referenced by this API action, see VM Import Manifest.
This API action is not supported by the Command Line Interface (CLI).
Lists one or more AMIs that are currently in the Recycle Bin.
For more information, see Recycle Bin in the Amazon EC2 User Guide.
Lists one or more snapshots that are currently in the Recycle Bin.
Locks an Amazon EBS snapshot in either governance or compliance mode to protect it against accidental or malicious deletions for a specific duration.
A locked snapshot can't be deleted.
You can also use this action to modify the lock settings for a snapshot that is already locked. The allowed modifications depend on the lock mode and lock state:
* If the snapshot is locked in governance mode, you can modify the lock mode and the lock duration or lock expiration date.
* If the snapshot is locked in compliance mode and it is in the cooling-off period, you can modify the lock mode and the lock duration or lock expiration date.
* If the snapshot is locked in compliance mode and the cooling-off period has lapsed, you can only increase the lock duration or extend the lock expiration date.
Modifies an attribute of the specified Elastic IP address.
For requirements, see Using reverse DNS for email applications.
Changes the opt-in status of the specified zone group for your account.
Modifies a Capacity Reservation's capacity, instance eligibility, and the conditions under which it is to be released.
You can't modify a Capacity Reservation's instance type, EBS optimization, platform, instance store settings, Availability Zone, or tenancy. If you need to modify any of these attributes, we recommend that you cancel the Capacity Reservation, and then create a new one with the required attributes. For more information, see Modify an active Capacity Reservation.
The allowed modifications depend on the state of the Capacity Reservation:
*
assessing or scheduled state - You can modify the tags only.
*
pending state - You can't modify the Capacity Reservation in any way.
*
active state but still within the commitment duration - You can't decrease the
instance
count or set an end date that is within the commitment duration. All other
modifications are allowed.
*
active state with no commitment duration or elapsed commitment duration - All
modifications
are allowed.
*
expired, cancelled, unsupported, or failed state -
You can't modify the Capacity Reservation in any way.
Modifies a Capacity Reservation Fleet.
When you modify the total target capacity of a Capacity Reservation Fleet, the Fleet automatically creates new Capacity Reservations, or modifies or cancels existing Capacity Reservations in the Fleet to meet the new total target capacity. When you modify the end date for the Fleet, the end dates for all of the individual Capacity Reservations in the Fleet are updated accordingly.
Modifies the specified Client VPN endpoint.
Modifying the DNS server resets existing client connections.
Modifies the default credit option for CPU usage of burstable performance instances.
The default credit option is set at the account level per Amazon Web Services Region, and is specified per instance family. All new burstable performance instances in the account launch using the default credit option.
ModifyDefaultCreditSpecification is an asynchronous operation, which
works at an Amazon Web Services Region level and modifies the credit option for
each
Availability Zone. All zones in a Region are updated within five minutes. But if
instances are launched during this operation, they might not get the new credit
option
until the zone is updated. To verify whether the update has occurred, you can
call
GetDefaultCreditSpecification and check
DefaultCreditSpecification for updates.
For more information, see Burstable performance instances in the Amazon EC2 User Guide.
Changes the default KMS key for EBS encryption by default for your account in this Region.
Amazon Web Services creates a unique Amazon Web Services managed KMS key in each
Region for use with encryption by default. If
you change the default KMS key to a symmetric customer managed KMS key, it is
used instead of the Amazon Web Services
managed KMS key. To reset the default KMS key to the Amazon Web Services managed
KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon EBS does not support
asymmetric KMS keys.
If you delete or disable the customer managed KMS key that you specified for use with encryption by default, your instances will fail to launch.
For more information, see Amazon EBS encryption in the Amazon EBS User Guide.
Modifies the specified EC2 Fleet.
You can only modify an EC2 Fleet request of type maintain.
While the EC2 Fleet is being modified, it is in the modifying state.
To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet launches
the additional
Spot Instances according to the allocation strategy for the EC2 Fleet request.
If the allocation
strategy is lowest-price, the EC2 Fleet launches instances using the Spot
Instance
pool with the lowest price. If the allocation strategy is diversified, the
EC2 Fleet distributes the instances across the Spot Instance pools. If the
allocation strategy
is capacity-optimized, EC2 Fleet launches instances from Spot Instance pools
with optimal
capacity for the number of instances that are launching.
To scale down your EC2 Fleet, decrease its target capacity. First, the EC2 Fleet
cancels any open
requests that exceed the new target capacity. You can request that the EC2 Fleet
terminate Spot
Instances until the size of the fleet no longer exceeds the new target capacity.
If the
allocation strategy is lowest-price, the EC2 Fleet terminates the instances
with
the highest price per unit. If the allocation strategy is capacity-optimized,
the EC2 Fleet terminates the instances in the Spot Instance pools that have the
least available
Spot Instance capacity. If the allocation strategy is diversified, the EC2
Fleet terminates
instances across the Spot Instance pools. Alternatively, you can request that
the EC2 Fleet keep
the fleet at its current size, but not replace any Spot Instances that are
interrupted or
that you terminate manually.
If you are finished with your EC2 Fleet for now, but will use it again later, you can set the target capacity to 0.
Modifies the specified attribute of the specified Amazon FPGA Image (AFI).
Modify the auto-placement setting of a Dedicated Host.
When auto-placement is enabled,
any instances that you launch with a tenancy of host but without a specific
host ID are placed onto any available Dedicated Host in your account that has
auto-placement enabled. When auto-placement is disabled, you need to provide a
host ID
to have the instance launch onto a specific host. If no host ID is provided, the
instance is launched onto a suitable host with auto-placement enabled.
You can also use this API action to modify a Dedicated Host to support either multiple instance types in an instance family, or to support a specific instance type only.
Modifies the ID format for the specified resource on a per-Region basis.
You can specify that resources should receive longer IDs (17-character IDs) when they are created.
This request can only be used to modify longer ID settings for resource types
that
are within the opt-in period. Resources currently in their opt-in period
include:
bundle | conversion-task | customer-gateway | dhcp-options |
elastic-ip-allocation | elastic-ip-association |
export-task | flow-log | image |
import-task | internet-gateway | network-acl
| network-acl-association | network-interface |
network-interface-attachment | prefix-list |
route-table | route-table-association |
security-group | subnet |
subnet-cidr-block-association | vpc |
vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection |
vpn-connection | vpn-gateway.
This setting applies to the IAM user who makes the request; it does not apply to the entire Amazon Web Services account. By default, an IAM user defaults to the same settings as the root user. If you're using this action as the root user, then these settings apply to the entire account, unless an IAM user explicitly overrides these settings for themselves. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.
Resources created with longer IDs are visible to all IAM roles and users,
regardless
of these settings and provided that they have permission to use the relevant
Describe command for the resource type.
Modifies the ID format of a resource for a specified IAM user, IAM role, or the root user for an account; or all IAM users, IAM roles, and the root user for an account.
You can specify that resources should receive longer IDs (17-character IDs) when they are created.
This request can only be used to modify longer ID settings for resource types
that are
within the opt-in period. Resources currently in their opt-in period include:
bundle | conversion-task | customer-gateway | dhcp-options |
elastic-ip-allocation | elastic-ip-association |
export-task | flow-log | image |
import-task | internet-gateway | network-acl
| network-acl-association | network-interface |
network-interface-attachment | prefix-list |
route-table | route-table-association |
security-group | subnet |
subnet-cidr-block-association | vpc |
vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection |
vpn-connection | vpn-gateway.
For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.
This setting applies to the principal specified in the request; it does not apply to the principal that makes the request.
Resources created with longer IDs are visible to all IAM roles and users,
regardless of these
settings and provided that they have permission to use the relevant Describe
command for the resource type.
Modifies the specified attribute of the specified AMI.
You can specify only one attribute at a time.
To specify the attribute, you can use the Attribute parameter, or one of the
following parameters: Description, ImdsSupport, or
LaunchPermission.
Images with an Amazon Web Services Marketplace product code cannot be made public.
To enable the SriovNetSupport enhanced networking attribute of an image, enable SriovNetSupport on an instance and create an AMI from the instance.
Modifies the specified attribute of the specified instance.
You can specify only one attribute at a time.
Note: Using this action to change the security groups
associated with an elastic network interface (ENI) attached to an instance can
result in an error if the instance has more than one ENI. To change the security
groups
associated with an ENI attached to an instance that has multiple ENIs, we
recommend that
you use the ModifyNetworkInterfaceAttribute action.
To modify some attributes, the instance must be stopped. For more information, see Modify a stopped instance in the Amazon EC2 User Guide.
modify_instance_capacity_reservation_attributes(client, input, options \\ [])
View SourceModifies the Capacity Reservation settings for a stopped instance.
Use this action to
configure an instance to target a specific Capacity Reservation, run in any
open Capacity Reservation with matching attributes, run in On-Demand
Instance capacity, or only run in a Capacity Reservation.
By default, all vCPUs for the instance type are active when you launch an instance.
When you configure the number of active vCPUs for the instance, it can help you save on licensing costs and optimize performance. The base cost of the instance remains unchanged.
The number of active vCPUs equals the number of threads per CPU core multiplied
by the number
of cores. The instance must be in a Stopped state before you make changes.
Some instance type options do not support this capability. For more information, see Supported CPU options in the Amazon EC2 User Guide.
modify_instance_credit_specification(client, input, options \\ [])
View SourceModifies the credit option for CPU usage on a running or stopped burstable performance instance.
The credit options are standard and
unlimited.
For more information, see Burstable performance instances in the Amazon EC2 User Guide.
Modifies the start time for a scheduled Amazon EC2 instance event.
Modifies the specified event window.
You can define either a set of time ranges or a cron expression when modifying the event window, but not both.
To modify the targets associated with the event window, use the
AssociateInstanceEventWindow and DisassociateInstanceEventWindow API.
If Amazon Web Services has already scheduled an event, modifying an event window won't change the time of the scheduled event.
For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.
Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default.
The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see Simplified automatic recovery.
Modifies the default instance metadata service (IMDS) settings at the account level in the specified Amazon Web Services Region.
To remove a parameter's account-level default setting, specify
no-preference. If an account-level setting is cleared with
no-preference, then the instance launch considers the other
instance metadata settings. For more information, see Order of precedence for instance metadata
options
in the
Amazon EC2 User Guide.
Modify the instance metadata parameters on a running or stopped instance.
When you modify the parameters on a stopped instance, they are applied when the instance is started. When you modify the parameters on a running instance, the API responds with a state of “pending”. After the parameter modifications are successfully applied to the instance, the state of the modifications changes from “pending” to “applied” in subsequent describe-instances API calls. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.
Modifies the placement attributes for a specified instance.
You can do the following:
*
Modify the affinity between an instance and a Dedicated Host.
When affinity is set to host and the instance is
not associated with a specific Dedicated Host, the next time the instance is
started, it is automatically associated with the host on which it lands. If the
instance is restarted or rebooted, this relationship persists.
* Change the Dedicated Host with which an instance is associated.
* Change the instance tenancy of an instance.
* Move an instance to or from a placement group.
At least one attribute for affinity, host ID, tenancy, or placement group name must be specified in the request. Affinity and tenancy can be modified in the same request.
To modify the host ID, tenancy, placement group, or partition for an instance,
the
instance must be in the stopped state.
Modify the configurations of an IPAM.
Modify the configurations of an IPAM pool.
For more information, see Modify a pool in the Amazon VPC IPAM User Guide.
Modify a resource CIDR.
You can use this action to transfer resource CIDRs between scopes and ignore resource CIDRs that you do not want to manage. If set to false, the resource will not be tracked for overlap, it cannot be auto-imported into a pool, and it will be removed from any pool it has an allocation in.
For more information, see Move resource CIDRs between scopes and Change the monitoring state of resource CIDRs in the Amazon VPC IPAM User Guide.
Modifies a resource discovery.
A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Modify an IPAM scope.
Modifies a launch template.
You can specify which version of the launch template to set as the default version. When launching an instance, the default version applies when a launch template version is not specified.
Modifies the specified local gateway route.
Modifies the specified managed prefix list.
Adding or removing entries in a prefix list creates a new version of the prefix list. Changing the name of the prefix list does not affect the version.
If you specify a current version number that does not match the true current version number, the request fails.
Modifies the specified network interface attribute.
You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance.
Modifies the options for instance hostnames for the specified instance.
Modifies the configuration of your Reserved Instances, such as the Availability Zone, instance count, or instance type.
The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.
For more information, see Modify Reserved Instances in the Amazon EC2 User Guide.
Modifies the rules of a security group.
Adds or removes permission settings for the specified snapshot.
You may add or remove specified Amazon Web Services account IDs from a snapshot's list of create volume permissions, but you cannot do both in a single operation. If you need to both add and remove account IDs for a snapshot, you must use multiple operations. You can make up to 500 modifications to a snapshot in a single operation.
Encrypted snapshots and snapshots with Amazon Web Services Marketplace product codes cannot be made public. Snapshots encrypted with your default KMS key cannot be shared with other accounts.
For more information about modifying snapshot permissions, see Share a snapshot in the Amazon EBS User Guide.
Archives an Amazon EBS snapshot.
When you archive a snapshot, it is converted to a full snapshot that includes all of the blocks of data that were written to the volume at the time the snapshot was created, and moved from the standard tier to the archive tier. For more information, see Archive Amazon EBS snapshots in the Amazon EBS User Guide.
Modifies the specified Spot Fleet request.
You can only modify a Spot Fleet request of type maintain.
While the Spot Fleet request is being modified, it is in the modifying
state.
To scale up your Spot Fleet, increase its target capacity. The Spot Fleet
launches the
additional Spot Instances according to the allocation strategy for the Spot
Fleet
request. If the allocation strategy is lowestPrice, the Spot Fleet launches
instances using the Spot Instance pool with the lowest price. If the allocation
strategy
is diversified, the Spot Fleet distributes the instances across the Spot
Instance pools. If the allocation strategy is capacityOptimized, Spot Fleet
launches instances from Spot Instance pools with optimal capacity for the number
of instances
that are launching.
To scale down your Spot Fleet, decrease its target capacity. First, the Spot
Fleet
cancels any open requests that exceed the new target capacity. You can request
that the
Spot Fleet terminate Spot Instances until the size of the fleet no longer
exceeds the
new target capacity. If the allocation strategy is lowestPrice, the Spot
Fleet terminates the instances with the highest price per unit. If the
allocation
strategy is capacityOptimized, the Spot Fleet terminates the instances in
the Spot Instance pools that have the least available Spot Instance capacity. If
the allocation
strategy is diversified, the Spot Fleet terminates instances across the
Spot Instance pools. Alternatively, you can request that the Spot Fleet keep the
fleet
at its current size, but not replace any Spot Instances that are interrupted or
that you
terminate manually.
If you are finished with your Spot Fleet for now, but will use it again later, you can set the target capacity to 0.
Modifies a subnet attribute.
You can only modify one attribute at a time.
Use this action to modify subnets on Amazon Web Services Outposts.
*
To modify a subnet on an Outpost rack, set both
MapCustomerOwnedIpOnLaunch and
CustomerOwnedIpv4Pool. These two parameters act as a single
attribute.
*
To modify a subnet on an Outpost server, set either
EnableLniAtDeviceIndex or
DisableLniAtDeviceIndex.
For more information about Amazon Web Services Outposts, see the following:
*
*
modify_traffic_mirror_filter_network_services(client, input, options \\ [])
View SourceAllows or restricts mirroring network services.
By default, Amazon DNS network services are not eligible for Traffic Mirror. Use
AddNetworkServices to add network services to a Traffic Mirror filter. When a
network service is added to the Traffic Mirror filter, all traffic related to
that network service will be mirrored.
When you no longer want to mirror network services, use RemoveNetworkServices
to remove the network services from the Traffic Mirror filter.
Modifies the specified Traffic Mirror rule.
DestinationCidrBlock and SourceCidrBlock must both be an IPv4
range or an IPv6 range.
Modifies a Traffic Mirror session.
Modifies the specified transit gateway.
When you modify a transit gateway, the modified options are applied to new transit gateway attachments only. Your existing transit gateway attachments are not modified.
modify_transit_gateway_prefix_list_reference(client, input, options \\ [])
View SourceModifies a reference (route) to a prefix list in a specified transit gateway route table.
modify_transit_gateway_vpc_attachment(client, input, options \\ [])
View SourceModifies the specified VPC attachment.
Modifies the configuration of the specified Amazon Web Services Verified Access endpoint.
modify_verified_access_endpoint_policy(client, input, options \\ [])
View SourceModifies the specified Amazon Web Services Verified Access endpoint policy.
Modifies the specified Amazon Web Services Verified Access group configuration.
Modifies the specified Amazon Web Services Verified Access group policy.
Modifies the configuration of the specified Amazon Web Services Verified Access instance.
modify_verified_access_instance_logging_configuration(client, input, options \\ [])
View SourceModifies the logging configuration for the specified Amazon Web Services Verified Access instance.
modify_verified_access_trust_provider(client, input, options \\ [])
View SourceModifies the configuration of the specified Amazon Web Services Verified Access trust provider.
You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity.
If your EBS volume is attached to a current-generation EC2 instance type, you might be able to apply these changes without stopping the instance or detaching the volume from it. For more information about modifying EBS volumes, see Amazon EBS Elastic Volumes in the Amazon EBS User Guide.
When you complete a resize operation on your volume, you need to extend the volume's file-system size to take advantage of the new storage capacity. For more information, see Extend the file system.
For more information, see Monitor the progress of volume modifications in the Amazon EBS User Guide.
With previous-generation instance types, resizing an EBS volume might require detaching and reattaching the volume or stopping and restarting the instance.
After modifying a volume, you must wait at least six hours and ensure that the
volume
is in the in-use or available state before you can modify the same
volume. This is sometimes referred to as a cooldown period.
Modifies a volume attribute.
By default, all I/O operations for the volume are suspended when the data on the volume is determined to be potentially inconsistent, to prevent undetectable, latent data corruption. The I/O access to the volume can be resumed by first enabling I/O access and then checking the data consistency on your volume.
You can change the default behavior to resume I/O operations. We recommend that you change this only for boot volumes or for volumes that are stateless or disposable.
Modifies the specified attribute of the specified VPC.
modify_vpc_block_public_access_exclusion(client, input, options \\ [])
View SourceModify VPC Block Public Access (BPA) exclusions.
A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on.
modify_vpc_block_public_access_options(client, input, options \\ [])
View SourceModify VPC Block Public Access (BPA) options.
VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
Modifies attributes of a specified VPC endpoint.
The attributes that you can modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load Balancer). For more information, see the Amazon Web Services PrivateLink Guide.
modify_vpc_endpoint_connection_notification(client, input, options \\ [])
View SourceModifies a connection notification for VPC endpoint or VPC endpoint service.
You can change the SNS topic for the notification, or the events for which to be notified.
modify_vpc_endpoint_service_configuration(client, input, options \\ [])
View SourceModifies the attributes of the specified VPC endpoint service configuration.
If you set or modify the private DNS name, you must prove that you own the private DNS domain name.
modify_vpc_endpoint_service_payer_responsibility(client, input, options \\ [])
View SourceModifies the payer responsibility for your VPC endpoint service.
modify_vpc_endpoint_service_permissions(client, input, options \\ [])
View SourceModifies the permissions for your VPC endpoint service.
You can add or remove permissions for service consumers (Amazon Web Services accounts, users, and IAM roles) to connect to your endpoint service.
If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.
modify_vpc_peering_connection_options(client, input, options \\ [])
View SourceModifies the VPC peering connection options on one side of a VPC peering connection.
If the peered VPCs are in the same Amazon Web Services account, you can enable
DNS
resolution for queries from the local VPC. This ensures that queries from the
local VPC
resolve to private IP addresses in the peer VPC. This option is not available if
the
peered VPCs are in different Amazon Web Services accounts or different Regions.
For
peered VPCs in different Amazon Web Services accounts, each Amazon Web Services
account
owner must initiate a separate request to modify the peering connection options.
For
inter-region peering connections, you must use the Region for the requester VPC
to
modify the requester VPC peering options and the Region for the accepter VPC to
modify
the accepter VPC peering options. To verify which VPCs are the accepter and the
requester for a VPC peering connection, use the DescribeVpcPeeringConnections
command.
Modifies the instance tenancy attribute of the specified VPC.
You can change the
instance tenancy attribute of a VPC to default only. You cannot change the
instance tenancy attribute to dedicated.
After you modify the tenancy of the VPC, any new instances that you launch into
the
VPC have a tenancy of default, unless you specify otherwise during launch.
The tenancy of any existing instances in the VPC is not affected.
For more information, see Dedicated Instances in the Amazon EC2 User Guide.
Modifies the customer gateway or the target gateway of an Amazon Web Services Site-to-Site VPN connection.
To modify the target gateway, the following migration options are available:
* An existing virtual private gateway to a new virtual private gateway
* An existing virtual private gateway to a transit gateway
* An existing transit gateway to a new transit gateway
* An existing transit gateway to a virtual private gateway
Before you perform the migration to the new gateway, you must configure the new
gateway. Use CreateVpnGateway to create a virtual private gateway, or
CreateTransitGateway to create a transit gateway.
This step is required when you migrate from a virtual private gateway with static routes to a transit gateway.
You must delete the static routes before you migrate to the new gateway.
Keep a copy of the static route before you delete it. You will need to add back these routes to the transit gateway after the VPN connection migration is complete.
After you migrate to the new gateway, you might need to modify your VPC route
table.
Use CreateRoute and DeleteRoute to make the changes
described in Update VPC route tables
in the Amazon Web Services Site-to-Site VPN User Guide.
When the new gateway is a transit gateway, modify the transit gateway route
table to
allow traffic between the VPC and the Amazon Web Services Site-to-Site VPN
connection.
Use CreateTransitGatewayRoute to add the routes.
If you deleted VPN static routes, you must add the static routes to the transit gateway route table.
After you perform this operation, the VPN endpoint's IP addresses on the Amazon Web Services side and the tunnel options remain intact. Your Amazon Web Services Site-to-Site VPN connection will be temporarily unavailable for a brief period while we provision the new endpoints.
Modifies the connection options for your Site-to-Site VPN connection.
When you modify the VPN connection options, the VPN endpoint IP addresses on the Amazon Web Services side do not change, and the tunnel options do not change. Your VPN connection will be temporarily unavailable for a brief period while the VPN connection is updated.
Modifies the VPN tunnel endpoint certificate.
Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN connection.
You can modify multiple options for a tunnel in a single request, but you can only modify one tunnel at a time. For more information, see Site-to-Site VPN tunnel options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.
Enables detailed monitoring for a running instance.
Otherwise, basic monitoring is enabled. For more information, see Monitor your instances using CloudWatch in the Amazon EC2 User Guide.
To disable detailed monitoring, see UnmonitorInstances.
This action is deprecated.
Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC
platform. The
Elastic IP address must be allocated to your account for more than 24 hours, and
it must not
be associated with an instance. After the Elastic IP address is moved, it is no
longer
available for use in the EC2-Classic platform, unless you move it back using the
RestoreAddressToClassic request. You cannot move an Elastic IP address that
was
originally allocated for use in the EC2-VPC platform to the EC2-Classic
platform.
Move a BYOIPv4 CIDR to IPAM from a public IPv4 pool.
If you already have a BYOIPv4 CIDR with Amazon Web Services, you can move the CIDR to IPAM from a public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If you are bringing a new IP address to Amazon Web Services for the first time, complete the steps in Tutorial: BYOIP address CIDRs to IPAM.
Move available capacity from a source Capacity Reservation to a destination Capacity Reservation.
The source Capacity Reservation and the destination Capacity Reservation
must be active, owned by your Amazon Web Services account, and share the
following:
* Instance type
* Platform
* Availability Zone
* Tenancy
* Placement group
*
Capacity Reservation end time - At specific time or
Manually.
Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool.
After the address range is
provisioned, it is ready to be advertised using AdvertiseByoipCidr.
Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring your own IP addresses (BYOIP) in the Amazon EC2 User Guide.
Provisioning an address range is an asynchronous operation, so the call returns
immediately,
but the address range is not ready to use until its status changes from
pending-provision
to provisioned. To monitor the status of an address range, use
DescribeByoipCidrs.
To allocate an Elastic IP address from your IPv4 address pool, use
AllocateAddress
with either the specific address from the address pool or the ID of the address
pool.
Provisions your Autonomous System Number (ASN) for use in your Amazon Web Services account.
This action requires authorization context for Amazon to bring the ASN to an Amazon Web Services account. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
Provision a CIDR to an IPAM pool.
You can use this action to provision new CIDRs to a top-level pool or to transfer a CIDR from a top-level pool to a pool within it.
For more information, see Provision CIDRs to pools in the Amazon VPC IPAM User Guide.
Provision a CIDR to a public IPv4 pool.
For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.
Purchase the Capacity Block for use with your account.
With Capacity Blocks you ensure GPU capacity is available for machine learning (ML) workloads. You must specify the ID of the Capacity Block offering you are purchasing.
Purchase the Capacity Block extension for use with your account.
You must specify the ID of the Capacity Block extension offering you are purchasing.
Purchase a reservation with configurations that match those of your Dedicated Host.
You must have active Dedicated Hosts in your account before you purchase a reservation. This action results in the specified reservation being purchased and charged to your account.
purchase_reserved_instances_offering(client, input, options \\ [])
View SourcePurchases a Reserved Instance for use with your account.
With Reserved Instances, you pay a lower hourly rate compared to On-Demand instance pricing.
Use DescribeReservedInstancesOfferings to get a list of Reserved Instance
offerings
that match your specifications. After you've purchased a Reserved Instance, you
can check for your
new Reserved Instance with DescribeReservedInstances.
To queue a purchase for a future date and time, specify a purchase time. If you do not specify a purchase time, the default is the current time.
For more information, see Reserved Instances and Sell in the Reserved Instance Marketplace in the Amazon EC2 User Guide.
You can no longer purchase Scheduled Instances.
Purchases the Scheduled Instances with the specified schedule.
Scheduled Instances enable you to purchase Amazon EC2 compute capacity by the
hour for a one-year term.
Before you can purchase a Scheduled Instance, you must call
DescribeScheduledInstanceAvailability
to check for available schedules and obtain a purchase token. After you purchase
a Scheduled Instance,
you must call RunScheduledInstances during each scheduled time period.
After you purchase a Scheduled Instance, you can't cancel, modify, or resell your purchase.
Requests a reboot of the specified instances.
This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.
If an instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard reboot.
For more information about troubleshooting, see Troubleshoot an unreachable instance in the Amazon EC2 User Guide.
Registers an AMI.
When you're creating an instance-store backed AMI, registering the AMI is the final step in the creation process. For more information about creating AMIs, see Create an AMI from a snapshot and Create an instance-store backed AMI in the Amazon EC2 User Guide.
For Amazon EBS-backed instances, CreateImage creates and registers the AMI
in a single request, so you don't have to register the AMI yourself. We
recommend that you
always use CreateImage unless you have a specific reason to use
RegisterImage.
If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. If you make changes to an image, deregister the previous image and register the new image.
register-a-snapshot-of-a-root-device-volume
Register a snapshot of a root device volume
You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a
snapshot
of a root device volume. You specify the snapshot using a block device mapping.
You can't set
the encryption state of the volume using the block device mapping. If the
snapshot is
encrypted, or encryption by default is enabled, the root volume of an instance
launched from
the AMI is encrypted.
For more information, see Create an AMI from a snapshot and Use encryption with Amazon EBS-backed AMIs in the Amazon EC2 User Guide.
amazon-web-services-marketplace-product-codes
Amazon Web Services Marketplace product codes
If any snapshots have Amazon Web Services Marketplace product codes, they are copied to the new AMI.
In most cases, AMIs for Windows, RedHat, SUSE, and SQL Server require correct
licensing
information to be present on the AMI. For more information, see Understand AMI billing
information
in the Amazon EC2 User Guide. When creating an AMI from
a snapshot, the RegisterImage operation derives the correct billing
information
from the snapshot's metadata, but this requires the appropriate metadata to be
present. To
verify if the correct billing information was applied, check the
PlatformDetails
field on the new AMI. If the field is empty or doesn't match the expected
operating system
code (for example, Windows, RedHat, SUSE, or SQL), the AMI creation was
unsuccessful, and you
should discard the AMI and instead create the AMI from an instance using
CreateImage. For more information, see Create an AMI from an instance
in the Amazon EC2 User Guide.
If you purchase a Reserved Instance to apply to an On-Demand Instance that was launched from an AMI with a billing product code, make sure that the Reserved Instance has the matching billing product code. If you purchase a Reserved Instance without the matching billing product code, the Reserved Instance will not be applied to the On-Demand Instance. For information about how to obtain the platform details and billing information of an AMI, see Understand AMI billing information in the Amazon EC2 User Guide.
register_instance_event_notification_attributes(client, input, options \\ [])
View SourceRegisters a set of tag keys to include in scheduled event notifications for your resources.
To remove tags, use DeregisterInstanceEventNotificationAttributes.
register_transit_gateway_multicast_group_members(client, input, options \\ [])
View SourceRegisters members (network interfaces) with the transit gateway multicast group.
A member is a network interface associated with a supported EC2 instance that receives multicast traffic. For more information, see Multicast on transit gateways in the Amazon Web Services Transit Gateways Guide.
After you add the members, use SearchTransitGatewayMulticastGroups to verify that the members were added to the transit gateway multicast group.
register_transit_gateway_multicast_group_sources(client, input, options \\ [])
View SourceRegisters sources (network interfaces) with the specified transit gateway multicast group.
A multicast source is a network interface attached to a supported instance that sends multicast traffic. For more information about supported instances, see Multicast on transit gateways in the Amazon Web Services Transit Gateways Guide.
After you add the source, use SearchTransitGatewayMulticastGroups to verify that the source was added to the multicast group.
reject_capacity_reservation_billing_ownership(client, input, options \\ [])
View SourceRejects a request to assign billing of the available capacity of a shared Capacity Reservation to your account.
For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
reject_transit_gateway_multicast_domain_associations(client, input, options \\ [])
View SourceRejects a request to associate cross-account subnets with a transit gateway multicast domain.
reject_transit_gateway_peering_attachment(client, input, options \\ [])
View SourceRejects a transit gateway peering attachment request.
reject_transit_gateway_vpc_attachment(client, input, options \\ [])
View SourceRejects a request to attach a VPC to a transit gateway.
The VPC attachment must be in the pendingAcceptance state.
Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment
requests.
Use AcceptTransitGatewayVpcAttachment to accept a VPC attachment request.
Rejects VPC endpoint connection requests to your VPC endpoint service.
Rejects a VPC peering connection request.
The VPC peering connection must be in the
pending-acceptance state. Use the DescribeVpcPeeringConnections request
to view your outstanding VPC peering connection requests. To delete an active
VPC peering
connection, or to delete a VPC peering connection request that you initiated,
use DeleteVpcPeeringConnection.
Releases the specified Elastic IP address.
[Default VPC] Releasing an Elastic IP address automatically disassociates it from any instance that it's associated with. To disassociate an Elastic IP
address without
releasing it, use DisassociateAddress.
[Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic
IP address
before you can release it. Otherwise, Amazon EC2 returns an error
(InvalidIPAddress.InUse).
After releasing an Elastic IP address, it is released to the IP address pool.
Be sure to update your DNS records and any servers or devices that communicate
with the address.
If you attempt to release an Elastic IP address that you already released,
you'll get an
AuthFailure error if the address is already allocated to another Amazon Web
Services account.
After you release an Elastic IP address, you might be able to recover it.
For more information, see AllocateAddress.
When you no longer want to use an On-Demand Dedicated Host it can be released.
On-Demand billing is stopped and the host goes into released state. The
host ID of Dedicated Hosts that have been released can no longer be specified in
another
request, for example, to modify the host. You must stop or terminate all
instances on a
host before it can be released.
When Dedicated Hosts are released, it may take some time for them to stop counting toward your limit and you may receive capacity errors when trying to allocate new Dedicated Hosts. Wait a few minutes and then try again.
Released hosts still appear in a DescribeHosts response.
Release an allocation within an IPAM pool.
The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations. You can only use this action to release manual allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using ModifyIpamResourceCidr. For more information, see Release an allocation in the Amazon VPC IPAM User Guide.
All EC2 API actions follow an eventual consistency model.
replace_iam_instance_profile_association(client, input, options \\ [])
View SourceReplaces an IAM instance profile for the specified running instance.
You can use this action to change the IAM instance profile that's associated with an instance without having to disassociate the existing IAM instance profile first.
Use DescribeIamInstanceProfileAssociations to get the association
ID.
replace_image_criteria_in_allowed_images_settings(client, input, options \\ [])
View SourceSets or replaces the criteria for Allowed AMIs.
The Allowed AMIs feature does not restrict the AMIs owned by your account. Regardless of the criteria you set, the AMIs created by your account will always be discoverable and usable by users in your account.
For more information, see Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs in Amazon EC2 User Guide.
Changes which network ACL a subnet is associated with.
By default when you create a subnet, it's automatically associated with the default network ACL. For more information, see Network ACLs in the Amazon VPC User Guide.
This is an idempotent operation.
Replaces an entry (rule) in a network ACL.
For more information, see Network ACLs in the Amazon VPC User Guide.
Replaces an existing route within a route table in a VPC.
You must specify either a destination CIDR block or a prefix list ID. You must also specify exactly one of the resources from the parameter list, or reset the local route to its default target.
For more information, see Route tables in the Amazon VPC User Guide.
Changes the route table associated with a given subnet, internet gateway, or virtual private gateway in a VPC.
After the operation completes, the subnet or gateway uses the routes in the new route table. For more information about route tables, see Route tables in the Amazon VPC User Guide.
You can also use this operation to change which table is the main route table in the VPC. Specify the main route table's association ID and the route table ID of the new main route table.
Replaces the specified route in the specified transit gateway route table.
Trigger replacement of specified VPN tunnel.
Submits feedback about the status of an instance.
The instance must be in the
running state. If your experience with the instance differs from the
instance status returned by DescribeInstanceStatus, use ReportInstanceStatus
to report your experience with the instance. Amazon
EC2 collects this information to improve the accuracy of status checks.
Use of this action does not change the value returned by
DescribeInstanceStatus.
Creates a Spot Fleet request.
The Spot Fleet request specifies the total target capacity and the On-Demand target capacity. Amazon EC2 calculates the difference between the total capacity and On-Demand capacity, and launches the difference as Spot capacity.
You can submit a single request that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.
By default, the Spot Fleet requests Spot Instances in the Spot Instance pool where the price per unit is the lowest. Each launch specification can include its own instance weighting that reflects the value of the instance type to your application workload.
Alternatively, you can specify that the Spot Fleet distribute the target capacity across the Spot pools included in its launch specifications. By ensuring that the Spot Instances in your Spot Fleet are in different Spot pools, you can improve the availability of your fleet.
You can specify tags for the Spot Fleet request and instances launched by the
fleet.
You cannot tag other resource types in a Spot Fleet request because only the
spot-fleet-request and instance resource types are
supported.
For more information, see Spot Fleet requests in the Amazon EC2 User Guide.
We strongly discourage using the RequestSpotFleet API because it is a legacy API with no planned investment. For options for requesting Spot Instances, see Which is the best Spot request method to use? in the Amazon EC2 User Guide.
Creates a Spot Instance request.
For more information, see Work with Spot Instance in the Amazon EC2 User Guide.
We strongly discourage using the RequestSpotInstances API because it is a legacy API with no planned investment. For options for requesting Spot Instances, see Which is the best Spot request method to use? in the Amazon EC2 User Guide.
Resets the attribute of the specified IP address.
For requirements, see Using reverse DNS for email applications.
Resets the default KMS key for EBS encryption for your account in this Region to the Amazon Web Services managed KMS key for EBS.
After resetting the default KMS key to the Amazon Web Services managed KMS key, you can continue to encrypt by a customer managed KMS key by specifying it when you create the volume. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.
Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its default value.
You can only reset the load permission attribute.
Resets an attribute of an AMI to its default value.
Resets an attribute of an instance to its default value.
To reset the
kernel or ramdisk, the instance must be in a stopped
state. To reset the sourceDestCheck, the instance can be either running or
stopped.
The sourceDestCheck attribute controls whether source/destination
checking is enabled. The default value is true, which means checking is
enabled. This value must be false for a NAT instance to perform NAT. For
more information, see NAT instances
in the
Amazon VPC User Guide.
Resets a network interface attribute.
You can specify only one attribute at a time.
Resets permission settings for the specified snapshot.
For more information about modifying snapshot permissions, see Share a snapshot in the Amazon EBS User Guide.
This action is deprecated.
Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform. You cannot move an Elastic IP address that was originally allocated for use in EC2-VPC. The Elastic IP address must not be associated with an instance or network interface.
Restores an AMI from the Recycle Bin.
For more information, see Recycle Bin in the Amazon EC2 User Guide.
Restores the entries from a previous version of a managed prefix list to a new version of the prefix list.
Restores a snapshot from the Recycle Bin.
For more information, see Restore snapshots from the Recycle Bin in the Amazon EBS User Guide.
Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore period or restore type for a snapshot that was previously temporarily restored.
For more information see Restore an archived snapshot and modify the restore period or restore type for a temporarily restored snapshot in the Amazon EBS User Guide.
Removes an ingress authorization rule from a Client VPN endpoint.
Removes the specified outbound (egress) rules from the specified security group.
You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule's values exactly. Each rule has a protocol, from and to ports, and destination (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.
For a default VPC, if the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked.
Amazon Web Services recommends that you describe the security group to verify that the rules were removed.
Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.
Removes the specified inbound (ingress) rules from a security group.
You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule's values exactly. Each rule has a protocol, from and to ports, and source (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.
For a default VPC, if the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked.
For a non-default VPC, if the values you specify do not match the existing
rule's
values, an InvalidPermission.NotFound client error is returned, and no
rules are revoked.
Amazon Web Services recommends that you describe the security group to verify that the rules were removed.
Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.
Launches the specified number of instances using an AMI for which you have permissions.
You can specify a number of options, or leave the default options. The following rules apply:
* If you don't specify a subnet ID, we choose a default subnet from your default VPC for you. If you don't have a default VPC, you must specify a subnet ID in the request.
* All instances have a network interface with a primary private IPv4 address. If you don't specify this address, we choose one from the IPv4 range of your subnet.
* Not all instance types support IPv6 addresses. For more information, see Instance types.
* If you don't specify a security group ID, we use the default security group for the VPC. For more information, see Security groups.
* If any of the AMIs have a product code attached for which the user has not subscribed, the request fails.
You can create a launch template,
which is a resource that contains the parameters to launch an instance. When you
launch
an instance using RunInstances, you can specify the launch template
instead of specifying the launch parameters.
To ensure faster instance launches, break up large requests into smaller batches. For example, create five separate launch requests for 100 instances each instead of one launch request for 500 instances.
RunInstances is subject to both request rate limiting and resource rate
limiting. For more information, see Request throttling.
An instance is ready for you to use when it's in the running state. You
can check the state of your instance using DescribeInstances. You can
tag instances and EBS volumes during launch, after launch, or both. For more
information, see CreateTags and Tagging your Amazon EC2 resources.
Linux instances have access to the public key of the key pair at boot. You can use this key to provide secure access to the instance. Amazon EC2 public images use this feature to provide secure access without passwords. For more information, see Key pairs.
For troubleshooting, see What to do if an instance immediately terminates, and Troubleshooting connecting to your instance.
Launches the specified Scheduled Instances.
Before you can launch a Scheduled Instance, you must purchase it and obtain an
identifier using PurchaseScheduledInstances.
You must launch a Scheduled Instance during its scheduled time period. You can't stop or reboot a Scheduled Instance, but you can terminate it as needed. If you terminate a Scheduled Instance before the current scheduled time period ends, you can launch it again after a few minutes.
Searches for routes in the specified local gateway route table.
search_transit_gateway_multicast_groups(client, input, options \\ [])
View SourceSearches one or more transit gateway multicast groups and returns the group membership information.
Searches for routes in the specified transit gateway route table.
Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a kernel panic (on Linux instances), or a blue screen/stop error (on Windows instances).
For instances based on Intel and AMD processors, the interrupt is received as a non-maskable interrupt (NMI).
In general, the operating system crashes and reboots when a kernel panic or stop error is triggered. The operating system can also be configured to perform diagnostic tasks, such as generating a memory dump file, loading a secondary kernel, or obtaining a call trace.
Before sending a diagnostic interrupt to your instance, ensure that its operating system is configured to perform the required diagnostic tasks.
For more information about configuring your operating system to generate a crash dump when a kernel panic or stop error occurs, see Send a diagnostic interrupt (for advanced users) in the Amazon EC2 User Guide.
Generates an account status report.
The report is generated asynchronously, and can take several hours to complete.
The report provides the current status of all attributes supported by
declarative
policies for the accounts within the specified scope. The scope is determined by
the
specified TargetId, which can represent an individual account, or all the
accounts that fall under the specified organizational unit (OU) or root (the
entire
Amazon Web Services Organization).
The report is saved to your specified S3 bucket, using the following path structure (with the italicized placeholders representing your specific values):
s3://*amzn-s3-demo-bucket*/*your-optional-s3-prefix*/ec2_*targetId*_*reportId*_*yyyyMMdd*T*hhmm*Z.csv
prerequisites-for-generating-a-report
Prerequisites for generating a report
*
The StartDeclarativePoliciesReport API can only be called by the
management account or delegated administrators for the organization.
An S3 bucket must be available before generating the report (you can create a new one or use an existing one), and it must have an appropriate bucket policy. For a sample S3 policy, see Sample Amazon S3 policy* under .
Trusted access must be enabled for the service for which the declarative
policy will enforce a baseline configuration. If you use the Amazon Web Services
Organizations
console, this is done automatically when you enable declarative policies. The
API uses the following service principal to identify the EC2 service:
ec2.amazonaws.com. For more information on how to enable
trusted access with the Amazon Web Services CLI and Amazon Web Services SDKs,
see Using Organizations with other Amazon Web Services
services
in the
Amazon Web Services Organizations User Guide*.
* Only one report per organization can be generated at a time. Attempting to generate a report while another is in progress will result in an error.
For more information, including the required IAM permissions to run this API, see Generating the account status report for declarative policies in the Amazon Web Services Organizations User Guide.
Starts an Amazon EBS-backed instance that you've previously stopped.
Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for instance usage. However, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.
Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM.
Performing this operation on an instance that uses an instance store as its root device returns an error.
If you attempt to start a T3 instance with host tenancy and the
unlimited CPU credit option, the request fails. The
unlimited CPU credit option is not supported on Dedicated Hosts. Before
you start the instance, either change its CPU credit option to standard, or
change its tenancy to default or dedicated.
For more information, see Stop and start Amazon EC2 instances in the Amazon EC2 User Guide.
start_network_insights_access_scope_analysis(client, input, options \\ [])
View SourceStarts analyzing the specified Network Access Scope.
Starts analyzing the specified path.
If the path is reachable, the operation returns the shortest feasible path.
start_vpc_endpoint_service_private_dns_verification(client, input, options \\ [])
View SourceInitiates the verification process to prove that the service provider owns the private DNS name domain for the endpoint service.
The service provider must successfully perform the verification before the consumer can use the name to access the service.
Before the service provider runs this command, they must add a record to the DNS server.
Stops an Amazon EBS-backed instance.
For more information, see Stop and start Amazon EC2 instances in the Amazon EC2 User Guide.
You can use the Stop action to hibernate an instance if the instance is enabled for hibernation and it meets the hibernation prerequisites. For more information, see Hibernate your Amazon EC2 instance in the Amazon EC2 User Guide.
We don't charge usage for a stopped instance, or data transfer fees; however, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.
You can't stop or hibernate instance store-backed instances. You can't use the Stop action to hibernate Spot Instances, but you can specify that Amazon EC2 should hibernate Spot Instances when they are interrupted. For more information, see Hibernating interrupted Spot Instances in the Amazon EC2 User Guide.
When you stop or hibernate an instance, we shut it down. You can restart your instance at any time. Before stopping or hibernating an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM, but hibernating an instance does preserve data stored in RAM. If an instance cannot hibernate successfully, a normal shutdown occurs.
Stopping and hibernating an instance is different to rebooting or terminating it. For example, when you stop or hibernate an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, the root device and any other devices attached during the instance launch are automatically deleted. For more information about the differences between rebooting, stopping, hibernating, and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.
When you stop an instance, we attempt to shut it down forcibly after a short while. If your instance appears stuck in the stopping state after a period of time, there may be an issue with the underlying host computer. For more information, see Troubleshoot stopping your instance in the Amazon EC2 User Guide.
Terminates active Client VPN endpoint connections.
This action can be used to terminate a specific client connection, or up to five connections established by a specific user.
Shuts down the specified instances.
This operation is idempotent; if you terminate an instance more than once, each call succeeds.
If you specify multiple instances and the request fails (for example, because of a single incorrect instance ID), none of the instances are terminated.
If you terminate multiple instances across multiple Availability Zones, and one or more of the specified instances are enabled for termination protection, the request fails with the following results:
* The specified instances that are in the same Availability Zone as the protected instance are not terminated.
* The specified instances that are in different Availability Zones, where no other specified instances are protected, are successfully terminated.
For example, say you have the following instances:
*
Instance A: us-east-1a; Not protected
*
Instance B: us-east-1a; Not protected
*
Instance C: us-east-1b; Protected
*
Instance D: us-east-1b; not protected
If you attempt to terminate all of these instances in the same request, the request reports failure with the following results:
*
Instance A and Instance B are successfully terminated because none of the
specified instances in us-east-1a are enabled for termination
protection.
*
Instance C and Instance D fail to terminate because at least one of the
specified instances in us-east-1b (Instance C) is enabled for
termination protection.
Terminated instances remain visible after termination (for approximately one hour).
By default, Amazon EC2 deletes all EBS volumes that were attached when the instance launched. Volumes attached after instance launch continue running.
You can stop, start, and terminate EBS-backed instances. You can only terminate
instance store-backed instances. What happens to an instance differs if you stop
it or
terminate it. For example, when you stop an instance, the root device and any
other
devices attached to the instance persist. When you terminate an instance, any
attached
EBS volumes with the DeleteOnTermination block device mapping parameter set
to true are automatically deleted. For more information about the
differences between stopping and terminating instances, see Instance lifecycle
in the Amazon EC2 User Guide.
For more information about troubleshooting, see Troubleshooting terminating your instance in the Amazon EC2 User Guide.
Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a network interface.
Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation prefixes from a network interface.
unassign_private_nat_gateway_address(client, input, options \\ [])
View SourceUnassigns secondary private IPv4 addresses from a private NAT gateway.
You cannot unassign your primary private IP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide.
While unassigning is in progress, you cannot assign/unassign additional IP addresses while the connections are being drained. You are, however, allowed to delete the NAT gateway.
A private IP address will only be released at the end of MaxDrainDurationSeconds. The private IP addresses stay associated and support the existing connections, but do not support any new connections (new connections are distributed across the remaining assigned private IP address). After the existing connections drain out, the private IP addresses are released.
Unlocks a snapshot that is locked in governance mode or that is locked in compliance mode but still in the cooling-off period.
You can't unlock a snapshot that is locked in compliance mode after the cooling-off period has expired.
Disables detailed monitoring for a running instance.
For more information, see Monitoring your instances and volumes in the Amazon EC2 User Guide.
update_security_group_rule_descriptions_egress(client, input, options \\ [])
View SourceUpdates the description of an egress (outbound) security group rule.
You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.
update_security_group_rule_descriptions_ingress(client, input, options \\ [])
View SourceUpdates the description of an ingress (inbound) security group rule.
You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.
Stops advertising an address range that is provisioned as an address pool.
You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.
It can take a few minutes before traffic to the specified addresses stops routing to Amazon Web Services because of BGP propagation delays.