- * Use of this credentials provider requires the 'sts' module to be on the classpath. + * Use of this credentials provider requires the 'sts' module to be on the classpath. *
*- * StsWebIdentityTokenFileCredentialsProvider in sts package can be used instead of this class if any one of following is required - *
By default, this is 5 minutes. + */ + Builder prefetchTime(Duration prefetchTime); + + /** + * Configure the amount of time, relative to STS token expiration, that the cached credentials are considered stale and + * must be updated. All threads will block until the value is updated. + * + *
By default, this is 1 minute.
+ */
+ Builder staleTime(Duration staleTime);
+
+ /**
+ * @param sessionDuration
+ * @return
+ */
+ Builder roleSessionDuration(Duration sessionDuration);
+
/**
* Create a {@link WebIdentityTokenFileCredentialsProvider} using the configuration applied to this builder.
*/
@@ -179,6 +223,9 @@ static final class BuilderImpl implements Builder {
private String roleSessionName;
private Path webIdentityTokenFile;
private Boolean asyncCredentialUpdateEnabled;
+ private Duration prefetchTime;
+ private Duration staleTime;
+ private Duration roleSessionDuration;
BuilderImpl() {
}
@@ -188,6 +235,9 @@ private BuilderImpl(WebIdentityTokenFileCredentialsProvider provider) {
this.roleSessionName = provider.roleSessionName;
this.webIdentityTokenFile = provider.webIdentityTokenFile;
this.asyncCredentialUpdateEnabled = provider.asyncCredentialUpdateEnabled;
+ this.prefetchTime = provider.prefetchTime;
+ this.staleTime = provider.staleTime;
+ this.roleSessionDuration = provider.roleSessionDuration;
}
@Override
@@ -230,6 +280,36 @@ public void setAsyncCredentialUpdateEnabled(Boolean asyncCredentialUpdateEnabled
asyncCredentialUpdateEnabled(asyncCredentialUpdateEnabled);
}
+ @Override
+ public Builder prefetchTime(Duration prefetchTime) {
+ this.prefetchTime = prefetchTime;
+ return this;
+ }
+
+ public void setPrefetchTime(Duration prefetchTime) {
+ prefetchTime(prefetchTime);
+ }
+
+ @Override
+ public Builder staleTime(Duration staleTime) {
+ this.staleTime = staleTime;
+ return this;
+ }
+
+ public void setStaleTime(Duration staleTime) {
+ staleTime(staleTime);
+ }
+
+ @Override
+ public Builder roleSessionDuration(Duration sessionDuration) {
+ this.roleSessionDuration = sessionDuration;
+ return this;
+ }
+
+ public void setRoleSessionDuration(Duration roleSessionDuration) {
+ roleSessionDuration(roleSessionDuration);
+ }
+
@Override
public WebIdentityTokenFileCredentialsProvider build() {
return new WebIdentityTokenFileCredentialsProvider(this);
diff --git a/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/WebIdentityTokenCredentialProperties.java b/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/WebIdentityTokenCredentialProperties.java
index 7f692b1ac4ce..91391909b7a8 100644
--- a/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/WebIdentityTokenCredentialProperties.java
+++ b/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/WebIdentityTokenCredentialProperties.java
@@ -16,6 +16,7 @@
package software.amazon.awssdk.auth.credentials.internal;
import java.nio.file.Path;
+import java.time.Duration;
import software.amazon.awssdk.annotations.SdkProtectedApi;
/**
@@ -28,12 +29,18 @@ public class WebIdentityTokenCredentialProperties {
private final String roleSessionName;
private final Path webIdentityTokenFile;
private final Boolean asyncCredentialUpdateEnabled;
+ private final Duration prefetchTime;
+ private final Duration staleTime;
+ private final Duration roleSessionDuration;
private WebIdentityTokenCredentialProperties(Builder builder) {
this.roleArn = builder.roleArn;
this.roleSessionName = builder.roleSessionName;
this.webIdentityTokenFile = builder.webIdentityTokenFile;
this.asyncCredentialUpdateEnabled = builder.asyncCredentialUpdateEnabled;
+ this.prefetchTime = builder.prefetchTime;
+ this.staleTime = builder.staleTime;
+ this.roleSessionDuration = builder.roleSessionDuration;
}
public String roleArn() {
@@ -52,6 +59,18 @@ public Boolean asyncCredentialUpdateEnabled() {
return asyncCredentialUpdateEnabled;
}
+ public Duration prefetchTime() {
+ return prefetchTime;
+ }
+
+ public Duration staleTime() {
+ return staleTime;
+ }
+
+ public Duration roleSessionDuration() {
+ return this.roleSessionDuration;
+ }
+
public static Builder builder() {
return new Builder();
}
@@ -61,6 +80,9 @@ public static final class Builder {
private String roleSessionName;
private Path webIdentityTokenFile;
private Boolean asyncCredentialUpdateEnabled;
+ private Duration prefetchTime;
+ private Duration staleTime;
+ private Duration roleSessionDuration;
public Builder roleArn(String roleArn) {
this.roleArn = roleArn;
@@ -82,6 +104,21 @@ public Builder asyncCredentialUpdateEnabled(Boolean asyncCredentialUpdateEnabled
return this;
}
+ public Builder prefetchTime(Duration prefetchTime) {
+ this.prefetchTime = prefetchTime;
+ return this;
+ }
+
+ public Builder staleTime(Duration staleTime) {
+ this.staleTime = staleTime;
+ return this;
+ }
+
+ public Builder roleSessionDuration(Duration roleSessionDuration) {
+ this.roleSessionDuration = roleSessionDuration;
+ return this;
+ }
+
public WebIdentityTokenCredentialProperties build() {
return new WebIdentityTokenCredentialProperties(this);
}
diff --git a/services/sts/src/main/java/software/amazon/awssdk/services/sts/internal/StsWebIdentityCredentialsProviderFactory.java b/services/sts/src/main/java/software/amazon/awssdk/services/sts/internal/StsWebIdentityCredentialsProviderFactory.java
index b985788581d7..86340d4f857d 100644
--- a/services/sts/src/main/java/software/amazon/awssdk/services/sts/internal/StsWebIdentityCredentialsProviderFactory.java
+++ b/services/sts/src/main/java/software/amazon/awssdk/services/sts/internal/StsWebIdentityCredentialsProviderFactory.java
@@ -33,11 +33,12 @@
import software.amazon.awssdk.services.sts.model.AssumeRoleWithWebIdentityRequest;
import software.amazon.awssdk.services.sts.model.IdpCommunicationErrorException;
import software.amazon.awssdk.utils.IoUtils;
+import software.amazon.awssdk.utils.NumericUtils;
import software.amazon.awssdk.utils.SdkAutoCloseable;
/**
- * An implementation of {@link WebIdentityTokenCredentialsProviderFactory} that allows users to assume a role
- * using a web identity token file specified in either a {@link Profile} or environment variables.
+ * An implementation of {@link WebIdentityTokenCredentialsProviderFactory} that allows users to assume a role using a web identity
+ * token file specified in either a {@link Profile} or environment variables.
*/
@SdkProtectedApi
public final class StsWebIdentityCredentialsProviderFactory implements WebIdentityTokenCredentialsProviderFactory {
@@ -72,23 +73,35 @@ private StsWebIdentityCredentialsProvider(WebIdentityTokenCredentialProperties c
.overrideConfiguration(o -> o.retryPolicy(r -> r.retryCondition(retryCondition)))
.build();
- AssumeRoleWithWebIdentityRequest request = AssumeRoleWithWebIdentityRequest.builder()
- .roleArn(credentialProperties.roleArn())
- .roleSessionName(sessionName)
- .build();
+ AssumeRoleWithWebIdentityRequest.Builder requestBuilder = AssumeRoleWithWebIdentityRequest
+ .builder()
+ .roleArn(credentialProperties.roleArn())
+ .roleSessionName(sessionName);
+
+ if (credentialProperties.roleSessionDuration() != null) {
+ requestBuilder.durationSeconds(NumericUtils.saturatedCast(
+ credentialProperties.roleSessionDuration().getSeconds()));
+ }
AssumeRoleWithWebIdentityRequestSupplier supplier =
AssumeRoleWithWebIdentityRequestSupplier.builder()
- .assumeRoleWithWebIdentityRequest(request)
+ .assumeRoleWithWebIdentityRequest(requestBuilder.build())
.webIdentityTokenFile(credentialProperties.webIdentityTokenFile())
.build();
- this.credentialsProvider =
+ StsAssumeRoleWithWebIdentityCredentialsProvider.Builder builder =
StsAssumeRoleWithWebIdentityCredentialsProvider.builder()
.asyncCredentialUpdateEnabled(asyncCredentialUpdateEnabled)
.stsClient(stsClient)
- .refreshRequest(supplier)
- .build();
+ .refreshRequest(supplier);
+
+ if (credentialProperties.prefetchTime() != null) {
+ builder.prefetchTime(credentialProperties.prefetchTime());
+ }
+ if (credentialProperties.staleTime() != null) {
+ builder.staleTime(credentialProperties.staleTime());
+ }
+ this.credentialsProvider = builder.build();
}
@Override
diff --git a/services/sts/src/test/java/software/amazon/awssdk/services/sts/internal/StsWebIdentityCredentialsProviderFactoryTest.java b/services/sts/src/test/java/software/amazon/awssdk/services/sts/internal/StsWebIdentityCredentialsProviderFactoryTest.java
index 10014fe33807..904a2ff2c0ff 100644
--- a/services/sts/src/test/java/software/amazon/awssdk/services/sts/internal/StsWebIdentityCredentialsProviderFactoryTest.java
+++ b/services/sts/src/test/java/software/amazon/awssdk/services/sts/internal/StsWebIdentityCredentialsProviderFactoryTest.java
@@ -17,17 +17,37 @@
import static org.junit.jupiter.api.Assertions.assertNotNull;
+import java.nio.file.Paths;
+import java.time.Duration;
import org.junit.jupiter.api.Test;
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.WebIdentityTokenCredentialsProviderFactory;
import software.amazon.awssdk.auth.credentials.internal.WebIdentityCredentialsUtils;
+import software.amazon.awssdk.auth.credentials.internal.WebIdentityTokenCredentialProperties;
-public class StsWebIdentityCredentialsProviderFactoryTest {
-
+class StsWebIdentityCredentialsProviderFactoryTest {
@Test
- public void stsWebIdentityCredentialsProviderFactory_with_webIdentityCredentialsUtils() {
+ void stsWebIdentityCredentialsProviderFactory_with_webIdentityCredentialsUtils() {
WebIdentityTokenCredentialsProviderFactory factory = WebIdentityCredentialsUtils.factory();
assertNotNull(factory);
}
+ @Test
+ void stsWebIdentityCredentialsProviderFactory_withWebIdentityTokenCredentialProperties() {
+ WebIdentityTokenCredentialsProviderFactory factory = new StsWebIdentityCredentialsProviderFactory();
+ AwsCredentialsProvider provider = factory.create(
+ WebIdentityTokenCredentialProperties.builder()
+ .asyncCredentialUpdateEnabled(true)
+ .prefetchTime(Duration.ofMinutes(5))
+ .staleTime(Duration.ofMinutes(15))
+ .roleArn("role-arn")
+ .webIdentityTokenFile(Paths.get("/path/to/file"))
+ .roleSessionName("session-name")
+ .roleSessionDuration(Duration.ofMinutes(60))
+ .build());
+ assertNotNull(provider);
+
+ }
+
}
From 73864cc49c1c34d252b3f01a706df147f0cb27d6 Mon Sep 17 00:00:00 2001
From: Matthew Miller Register an SAP application with AWS Systems Manager for SAP. You must meet the following requirements before registering. The SAP application you want to register with AWS Systems Manager for SAP is running on Amazon EC2. AWS Systems Manager Agent must be setup on an Amazon EC2 instance along with the required IAM permissions. Amazon EC2 instance(s) must have access to the secrets created in AWS Secrets Manager to manage SAP applications and components. Refreshes a registered application. Updates the settings of an application registered with AWS Systems Manager for SAP. The status of the application. The latest discovery result for the application. The components of the application. The name of the host. The ID of the Amazon EC2 instance. The version of the operating system. Describes the properties of the associated host. AWS service for your database backup. Configuration parameters for AWS Backint Agent for SAP HANA. You can backup your SAP HANA database with AWS Backup or Amazon S3. The ID of the component. The parent component of a highly available environment. For example, in a highly available SAP on AWS workload, the parent component consists of the entire setup, including the child components. The child components of a highly available environment. For example, in a highly available SAP on AWS workload, the child component consists of the primary and secondar instances. The ID of the application. The status of the component. The hostname of the component. The kernel version of the component. The SAP HANA version of the component. Details of the SAP HANA system replication for the component. The associated host of the component. The SAP HANA databases of the component. The hosts of the component. The hosts of the component. The primary host of the component. The primary host of the component. The time at which the component was last updated. The Amazon Resource Name (ARN) of the component. The SAP component of your application. The tags of the component. The Amazon Resource Name (ARN) of the component summary. The summary of the component. The component of an application registered with AWS Systems Manager for SAP. The tags of a component. The name of the Dedicated Host. The role of the Dedicated Host. The IP address of the Dedicated Host. The ID of Amazon EC2 instance. The instance ID of the instance on the Dedicated Host. The role of the Dedicated Host. The version of the operating system. Describes the properties of the Dedicated Host. The tier of the component. The replication mode of the component. The operation mode of the component. The cluster status of the component. Details of the SAP HANA system replication for the instance. The ID of the application. The ID of the operation. The credentials to be removed. Installation of AWS Backint Agent for SAP HANA. Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value.. If you don't provide this value, then Amazon Web Services generates a random one for you. If you retry the operation with the same Specifies from which source accounts the service principal has access to the resources in this resource share. Specifies the Amazon Resource Names (ARNs) of the RAM permission to associate with the resource share. If you do not specify an ARN for the permission, RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share. Specifies from which source accounts the service principal has access to the resources in this resource share. Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value.. If you don't provide this value, then Amazon Web Services generates a random one for you. If you retry the operation with the same Specifies from which source accounts the service principal no longer has access to the resources in this resource share. Specifies the ID of the principal whose resource shares you want to retrieve. This can be an Amazon Web Services account ID, an organization ID, an organizational unit ID, or the Amazon Resource Name (ARN) of an individual IAM user or role. You cannot specify this parameter if the association type is Specifies the ID of the principal whose resource shares you want to retrieve. This can be an Amazon Web Services account ID, an organization ID, an organizational unit ID, or the Amazon Resource Name (ARN) of an individual IAM role or user. You cannot specify this parameter if the association type is Assigns one or more private IPv4 addresses to a private NAT gateway. For more information, see Work with NAT gateways in the Amazon Virtual Private Cloud User Guide. Assigns one or more private IPv4 addresses to a private NAT gateway. For more information, see Work with NAT gateways in the Amazon VPC User Guide. Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC. After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don't need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operating system on the instance. For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide. Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC. After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don't need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operating system on the instance. For more information, see DHCP options sets in the Amazon VPC User Guide. Associates Elastic IP addresses (EIPs) and private IPv4 addresses with a public NAT gateway. For more information, see Work with NAT gateways in the Amazon Virtual Private Cloud User Guide. By default, you can associate up to 2 Elastic IP addresses per public NAT gateway. You can increase the limit by requesting a quota adjustment. For more information, see Elastic IP address quotas in the Amazon Virtual Private Cloud User Guide. Associates Elastic IP addresses (EIPs) and private IPv4 addresses with a public NAT gateway. For more information, see Work with NAT gateways in the Amazon VPC User Guide. By default, you can associate up to 2 Elastic IP addresses per public NAT gateway. You can increase the limit by requesting a quota adjustment. For more information, see Elastic IP address quotas in the Amazon VPC User Guide. Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC. This association causes traffic from the subnet or gateway to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table later. A route table can be associated with multiple subnets. For more information, see Route tables in the Amazon Virtual Private Cloud User Guide. Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC. This association causes traffic from the subnet or gateway to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table later. A route table can be associated with multiple subnets. For more information, see Route tables in the Amazon VPC User Guide. Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). The IPv6 CIDR block size is fixed at /56. You must specify one of the following in the request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR block. For more information about associating CIDR blocks with your VPC and applicable restrictions, see VPC and subnet sizing in the Amazon Virtual Private Cloud User Guide. Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). The IPv6 CIDR block size is fixed at /56. You must specify one of the following in the request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR block. For more information about associating CIDR blocks with your VPC and applicable restrictions, see IP addressing for your VPCs and subnets in the Amazon VPC User Guide. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that's in the After you've linked an instance, you cannot change the VPC security groups that are associated with it. To change the security groups, you must first unlink the instance, and then link it again. Linking your instance to a VPC is sometimes referred to as attaching your instance. This action is deprecated. Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that's in the After you've linked an instance, you cannot change the VPC security groups that are associated with it. To change the security groups, you must first unlink the instance, and then link it again. Linking your instance to a VPC is sometimes referred to as attaching your instance. Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC. For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide. Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC. For more information, see Internet gateways in the Amazon VPC User Guide. [VPC only] Adds the specified outbound (egress) rules to a security group for use with a VPC. An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified source security groups. When specifying an outbound rule for your security group in a VPC, the You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes. Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur. For information about VPC security group quotas, see Amazon VPC quotas. Adds the specified outbound (egress) rules to a security group for use with a VPC. An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified source security groups. When specifying an outbound rule for your security group in a VPC, the You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes. Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur. For information about VPC security group quotas, see Amazon VPC quotas. Adds the specified inbound (ingress) rules to a security group. An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups. When specifying an inbound rule for your security group in a VPC, the You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes. Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. For more information about VPC security group quotas, see Amazon VPC quotas. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Adds the specified inbound (ingress) rules to a security group. An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups. When specifying an inbound rule for your security group in a VPC, the You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes. Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. For more information about VPC security group quotas, see Amazon VPC quotas. Creates a default subnet with a size Creates a default subnet with a size Creates a default VPC with a size If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region. If your account supports EC2-Classic, you cannot use this action to create a default VPC in a Region that supports EC2-Classic. If you want a default VPC in a Region that supports EC2-Classic, see \"I really want a default VPC for my existing EC2 account. Is that possible?\" in the Default VPCs FAQ. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Creates a default VPC with a size If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region. Creates a set of DHCP options for your VPC. After creating the set, you must associate it with the VPC, causing all existing and new instances that you launch in the VPC to use this set of DHCP options. The following are the individual DHCP options you can specify. For more information about the options, see RFC 2132. Your VPC automatically starts out with a set of DHCP options that includes only a DNS server that we provide (AmazonProvidedDNS). If you create a set of options, and if your VPC has an internet gateway, make sure to set the Creates a set of DHCP options for your VPC. After creating the set, you must associate it with the VPC, causing all existing and new instances that you launch in the VPC to use this set of DHCP options. The following are the individual DHCP options you can specify. For more information about the options, see RFC 2132. Your VPC automatically starts out with a set of DHCP options that includes only a DNS server that we provide (AmazonProvidedDNS). If you create a set of options, and if your VPC has an internet gateway, make sure to set the Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped. By default, when Amazon EC2 creates the new AMI, it reboots the instance so that it can take snapshots of the attached volumes while data is at rest, in order to ensure a consistent state. You can set the If you choose to bypass the shutdown and reboot process by setting the If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes. For more information, see Create an Amazon EBS-backed Linux AMI in the Amazon Elastic Compute Cloud User Guide. Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped. If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes. For more information, see Create an Amazon EBS-backed Linux AMI in the Amazon Elastic Compute Cloud User Guide. Creates an EC2 Instance Connect Endpoint. An EC2 Instance Connect Endpoint allows you to connect to a resource, without requiring the resource to have a public IPv4 address. For more information, see Connect to your resources without requiring a public IPv4 address using EC2 Instance Connect Endpoint in the Amazon EC2 User Guide. Creates an EC2 Instance Connect Endpoint. An EC2 Instance Connect Endpoint allows you to connect to an instance, without requiring the instance to have a public IPv4 address. For more information, see Connect to your instances without requiring a public IPv4 address using EC2 Instance Connect Endpoint in the Amazon EC2 User Guide. Exports a running or stopped instance to an Amazon S3 bucket. For information about the supported operating systems, image formats, and known limitations for the types of instances you can export, see Exporting an instance as a VM Using VM Import/Export in the VM Import/Export User Guide. Exports a running or stopped instance to an Amazon S3 bucket. For information about the prerequisites for your Amazon S3 bucket, supported operating systems, image formats, and known limitations for the types of instances you can export, see Exporting an instance as a VM Using VM Import/Export in the VM Import/Export User Guide. Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway. For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide. Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway. For more information, see Internet gateways in the Amazon VPC User Guide. Creates a NAT gateway in the specified subnet. This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. You can create either a public NAT gateway or a private NAT gateway. With a public NAT gateway, internet-bound traffic from a private subnet can be routed to the NAT gateway, so that instances in a private subnet can connect to the internet. With a private NAT gateway, private communication is routed across VPCs and on-premises networks through a transit gateway or virtual private gateway. Common use cases include running large workloads behind a small pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and communicating between overlapping networks. For more information, see NAT gateways in the Amazon Virtual Private Cloud User Guide. Creates a NAT gateway in the specified subnet. This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. You can create either a public NAT gateway or a private NAT gateway. With a public NAT gateway, internet-bound traffic from a private subnet can be routed to the NAT gateway, so that instances in a private subnet can connect to the internet. With a private NAT gateway, private communication is routed across VPCs and on-premises networks through a transit gateway or virtual private gateway. Common use cases include running large workloads behind a small pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and communicating between overlapping networks. For more information, see NAT gateways in the Amazon VPC User Guide. Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide. Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC. For more information, see Network ACLs in the Amazon VPC User Guide. Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules. We recommend that you leave room between the rule numbers (for example, 100, 110, 120, ...), and not number them one right after the other (for example, 101, 102, 103, ...). This makes it easier to add a rule between existing ones without having to renumber the rules. After you add an entry, you can't modify it; you must either replace it, or create an entry and delete the old one. For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User Guide. Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules. We recommend that you leave room between the rule numbers (for example, 100, 110, 120, ...), and not number them one right after the other (for example, 101, 102, 103, ...). This makes it easier to add a rule between existing ones without having to renumber the rules. After you add an entry, you can't modify it; you must either replace it, or create an entry and delete the old one. For more information about network ACLs, see Network ACLs in the Amazon VPC User Guide. Creates a route in a route table within a VPC. You must specify either a destination CIDR block or a prefix list ID. You must also specify exactly one of the resources from the parameter list. When determining how to route traffic, we use the route with the most specific match. For example, traffic is destined for the IPv4 address Both routes apply to the traffic destined for For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide. Creates a route in a route table within a VPC. You must specify either a destination CIDR block or a prefix list ID. You must also specify exactly one of the resources from the parameter list. When determining how to route traffic, we use the route with the most specific match. For example, traffic is destined for the IPv4 address Both routes apply to the traffic destined for For more information about route tables, see Route tables in the Amazon VPC User Guide. Creates a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet. For more information, see Route tables in the Amazon Virtual Private Cloud User Guide. Creates a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet. For more information, see Route tables in the Amazon VPC User Guide. Creates a security group. A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide. When you create a security group, you specify a friendly name of your choice. You can have a security group for use in EC2-Classic with the same name as a security group for use in a VPC. However, you can't have two security groups for use in EC2-Classic with the same name or two security groups for use in a VPC with the same name. You have a default security group for use in EC2-Classic and a default security group for use in your VPC. If you don't specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other. You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress. For more information about VPC security group limits, see Amazon VPC Limits. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Creates a security group. A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide. When you create a security group, you specify a friendly name of your choice. You can't have two security groups for the same VPC with the same name. You have a default security group for use in your VPC. If you don't specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other. You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress. For more information about VPC security group limits, see Amazon VPC Limits. Creates a subnet in the specified VPC. For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block. A subnet CIDR block must not overlap the CIDR block of an existing subnet in the VPC. After you create a subnet, you can't change its CIDR block. The allowed size for an IPv4 subnet is between a /28 netmask (16 IP addresses) and a /16 netmask (65,536 IP addresses). Amazon Web Services reserves both the first four and the last IPv4 address in each subnet's CIDR block. They're not available for your use. If you've associated an IPv6 CIDR block with your VPC, you can associate an IPv6 CIDR block with a subnet when you create it. The allowed block size for an IPv6 subnet is a /64 netmask. If you add more than one subnet to a VPC, they're set up in a star topology with a logical router in the middle. When you stop an instance in a subnet, it retains its private IPv4 address. It's therefore possible to have a subnet with no running instances (they're all stopped), but no remaining IP addresses available. For more information, see Subnets in the Amazon Virtual Private Cloud User Guide. Creates a subnet in the specified VPC. For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block. A subnet CIDR block must not overlap the CIDR block of an existing subnet in the VPC. After you create a subnet, you can't change its CIDR block. The allowed size for an IPv4 subnet is between a /28 netmask (16 IP addresses) and a /16 netmask (65,536 IP addresses). Amazon Web Services reserves both the first four and the last IPv4 address in each subnet's CIDR block. They're not available for your use. If you've associated an IPv6 CIDR block with your VPC, you can associate an IPv6 CIDR block with a subnet when you create it. The allowed block size for an IPv6 subnet is a /64 netmask. If you add more than one subnet to a VPC, they're set up in a star topology with a logical router in the middle. When you stop an instance in a subnet, it retains its private IPv4 address. It's therefore possible to have a subnet with no running instances (they're all stopped), but no remaining IP addresses available. For more information, see Subnets in the Amazon VPC User Guide. Creates a VPC with the specified CIDR blocks. For more information, see VPC CIDR blocks in the Amazon Virtual Private Cloud User Guide. You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). By default, each instance that you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP option sets in the Amazon Virtual Private Cloud User Guide. You can specify the instance tenancy value for the VPC when you create it. You can't change this value for the VPC after you create it. For more information, see Dedicated Instances in the Amazon Elastic Compute Cloud User Guide. Creates a VPC with the specified CIDR blocks. For more information, see IP addressing for your VPCs and subnets in the Amazon VPC User Guide. You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). By default, each instance that you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP option sets in the Amazon VPC User Guide. You can specify the instance tenancy value for the VPC when you create it. You can't change this value for the VPC after you create it. For more information, see Dedicated Instances in the Amazon EC2 User Guide. Creates a VPC endpoint for a specified service. An endpoint enables you to create a private connection between your VPC and the service. The service may be provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or another Amazon Web Services account. For more information, see the Amazon Web Services PrivateLink Guide. Creates a VPC endpoint. A VPC endpoint provides a private connection between the specified VPC and the specified endpoint service. You can use an endpoint service provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or another Amazon Web Services account. For more information, see the Amazon Web Services PrivateLink User Guide. Deletes a security group. If you attempt to delete a security group that is associated with an instance, or is referenced by another security group, the operation fails with We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Deletes a security group. If you attempt to delete a security group that is associated with an instance or network interface or is referenced by another security group, the operation fails with Describes one or more of your linked EC2-Classic instances. This request only returns information about EC2-Classic instances linked to a VPC through ClassicLink. You cannot use this request to return information about other instances. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. This action is deprecated. Describes one or more of your linked EC2-Classic instances. This request only returns information about EC2-Classic instances linked to a VPC through ClassicLink. You cannot use this request to return information about other instances. Describes one or more of your DHCP options sets. For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide. Describes one or more of your DHCP options sets. For more information, see DHCP options sets in the Amazon VPC User Guide. Describes one or more of your network ACLs. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide. Describes one or more of your network ACLs. For more information, see Network ACLs in the Amazon VPC User Guide. Describes one or more of your route tables. Each subnet in your VPC must be associated with a route table. If a subnet is not explicitly associated with any route table, it is implicitly associated with the main route table. This command does not return the subnet ID for implicit associations. For more information, see Route tables in the Amazon Virtual Private Cloud User Guide. Describes one or more of your route tables. Each subnet in your VPC must be associated with a route table. If a subnet is not explicitly associated with any route table, it is implicitly associated with the main route table. This command does not return the subnet ID for implicit associations. For more information, see Route tables in the Amazon VPC User Guide. [VPC only] Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you've specified in this request. Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you've specified in this request. Describes the specified security groups or all of your security groups. A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Describes the specified security groups or all of your security groups. [VPC only] Describes the stale security group rules for security groups in a specified VPC. Rules are stale when they reference a deleted security group in the same VPC or in a peer VPC, or if they reference a security group in a peer VPC for which the VPC peering connection has been deleted. Describes the stale security group rules for security groups in a specified VPC. Rules are stale when they reference a deleted security group in the same VPC or in a peer VPC, or if they reference a security group in a peer VPC for which the VPC peering connection has been deleted. Describes one or more of your subnets. For more information, see Your VPC and subnets in the Amazon Virtual Private Cloud User Guide. Describes one or more of your subnets. For more information, see Subnets in the Amazon VPC User Guide. Describes the ClassicLink status of one or more VPCs. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. This action is deprecated. Describes the ClassicLink status of the specified VPCs. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Describes the ClassicLink DNS support status of one or more VPCs. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it's linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide. This action is deprecated. Describes the ClassicLink DNS support status of one or more VPCs. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it's linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance has been unlinked, the VPC security groups are no longer associated with it. An instance is automatically unlinked from a VPC when it's stopped. This action is deprecated. Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance has been unlinked, the VPC security groups are no longer associated with it. An instance is automatically unlinked from a VPC when it's stopped. Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that has EC2-Classic instances linked to it. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. This action is deprecated. Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that has EC2-Classic instances linked to it. Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve to public IP addresses when addressed between a linked EC2-Classic instance and instances in the VPC to which it's linked. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide. You must specify a VPC ID in the request. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. This action is deprecated. Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve to public IP addresses when addressed between a linked EC2-Classic instance and instances in the VPC to which it's linked. You must specify a VPC ID in the request. Disassociates secondary Elastic IP addresses (EIPs) from a public NAT gateway. You cannot disassociate your primary EIP. For more information, see Edit secondary IP address associations in the Amazon Virtual Private Cloud User Guide. While disassociating is in progress, you cannot associate/disassociate additional EIPs while the connections are being drained. You are, however, allowed to delete the NAT gateway. An EIP will only be released at the end of MaxDrainDurationSeconds. The EIPs stay associated and support the existing connections but do not support any new connections (new connections are distributed across the remaining associated EIPs). As the existing connections drain out, the EIPs (and the corresponding private IPs mapped to them) get released. Disassociates secondary Elastic IP addresses (EIPs) from a public NAT gateway. You cannot disassociate your primary EIP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide. While disassociating is in progress, you cannot associate/disassociate additional EIPs while the connections are being drained. You are, however, allowed to delete the NAT gateway. An EIP is released only at the end of MaxDrainDurationSeconds. It stays associated and supports the existing connections but does not support any new connections (new connections are distributed across the remaining associated EIPs). As the existing connections drain out, the EIPs (and the corresponding private IP addresses mapped to them) are released. Disassociates a subnet or gateway from a route table. After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the routes in the VPC's main route table. For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide. Disassociates a subnet or gateway from a route table. After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the routes in the VPC's main route table. For more information about route tables, see Route tables in the Amazon VPC User Guide. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your ClassicLink-enabled VPC to allow communication over private IP addresses. You cannot enable your VPC for ClassicLink if any of your VPC route tables have existing routes for address ranges within the This action is deprecated. Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your ClassicLink-enabled VPC to allow communication over private IP addresses. You cannot enable your VPC for ClassicLink if any of your VPC route tables have existing routes for address ranges within the We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it's linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide. You must specify a VPC ID in the request. This action is deprecated. Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it's linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. You must specify a VPC ID in the request. Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena. This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following: Create a table in Athena that maps fields to a custom log format Create a Lambda function that updates the table with new partitions on a daily, weekly, or monthly basis Create a table partitioned between two timestamps in the past Create a set of named queries in Athena that you can use to get started quickly Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena. This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following: Create a table in Athena that maps fields to a custom log format Create a Lambda function that updates the table with new partitions on a daily, weekly, or monthly basis Create a table partitioned between two timestamps in the past Create a set of named queries in Athena that you can use to get started quickly Creates an import instance task using metadata from the specified disk image. This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead. This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing a VM to Amazon EC2 in the Amazon EC2 CLI Reference PDF file. For information about the import manifest referenced by this API action, see VM Import Manifest. We recommend that you use the Creates an import instance task using metadata from the specified disk image. This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing a VM to Amazon EC2 in the Amazon EC2 CLI Reference PDF file. This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead. For information about the import manifest referenced by this API action, see VM Import Manifest. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Modifies the VPC peering connection options on one side of a VPC peering connection. You can do the following: Enable/disable communication over the peering connection between an EC2-Classic instance that's linked to your VPC (using ClassicLink) and instances in the peer VPC. Enable/disable communication over the peering connection between instances in your VPC and an EC2-Classic instance that's linked to the peer VPC. Enable/disable the ability to resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC. If the peered VPCs are in the same Amazon Web Services account, you can enable DNS resolution for queries from the local VPC. This ensures that queries from the local VPC resolve to private IP addresses in the peer VPC. This option is not available if the peered VPCs are in different Amazon Web Services accounts or different Regions. For peered VPCs in different Amazon Web Services accounts, each Amazon Web Services account owner must initiate a separate request to modify the peering connection options. For inter-region peering connections, you must use the Region for the requester VPC to modify the requester VPC peering options and the Region for the accepter VPC to modify the accepter VPC peering options. To verify which VPCs are the accepter and the requester for a VPC peering connection, use the DescribeVpcPeeringConnections command. Modifies the VPC peering connection options on one side of a VPC peering connection. If the peered VPCs are in the same Amazon Web Services account, you can enable DNS resolution for queries from the local VPC. This ensures that queries from the local VPC resolve to private IP addresses in the peer VPC. This option is not available if the peered VPCs are in different Amazon Web Services accounts or different Regions. For peered VPCs in different Amazon Web Services accounts, each Amazon Web Services account owner must initiate a separate request to modify the peering connection options. For inter-region peering connections, you must use the Region for the requester VPC to modify the requester VPC peering options and the Region for the accepter VPC to modify the accepter VPC peering options. To verify which VPCs are the accepter and the requester for a VPC peering connection, use the DescribeVpcPeeringConnections command. Modifies the instance tenancy attribute of the specified VPC. You can change the instance tenancy attribute of a VPC to After you modify the tenancy of the VPC, any new instances that you launch into the VPC have a tenancy of For more information, see Dedicated Instances in the Amazon Elastic Compute Cloud User Guide. Modifies the instance tenancy attribute of the specified VPC. You can change the instance tenancy attribute of a VPC to After you modify the tenancy of the VPC, any new instances that you launch into the VPC have a tenancy of For more information, see Dedicated Instances in the Amazon EC2 User Guide. Release an allocation within an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations. You can only use this action to release manual allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using ModifyIpamResourceCidr. For more information, see Release an allocation in the Amazon VPC IPAM User Guide. All EC2 API actions follow an eventual consistency model. Release an allocation within an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations. You can only use this action to release manual allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using ModifyIpamResourceCidr. For more information, see Release an allocation in the Amazon VPC IPAM User Guide. All EC2 API actions follow an eventual consistency model. Changes which network ACL a subnet is associated with. By default when you create a subnet, it's automatically associated with the default network ACL. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide. This is an idempotent operation. Changes which network ACL a subnet is associated with. By default when you create a subnet, it's automatically associated with the default network ACL. For more information, see Network ACLs in the Amazon VPC User Guide. This is an idempotent operation. Replaces an entry (rule) in a network ACL. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide. Replaces an entry (rule) in a network ACL. For more information, see Network ACLs in the Amazon VPC User Guide. Replaces an existing route within a route table in a VPC. You must specify either a destination CIDR block or a prefix list ID. You must also specify exactly one of the resources from the parameter list, or reset the local route to its default target. For more information, see Route tables in the Amazon Virtual Private Cloud User Guide. Replaces an existing route within a route table in a VPC. You must specify either a destination CIDR block or a prefix list ID. You must also specify exactly one of the resources from the parameter list, or reset the local route to its default target. For more information, see Route tables in the Amazon VPC User Guide. Changes the route table associated with a given subnet, internet gateway, or virtual private gateway in a VPC. After the operation completes, the subnet or gateway uses the routes in the new route table. For more information about route tables, see Route tables in the Amazon Virtual Private Cloud User Guide. You can also use this operation to change which table is the main route table in the VPC. Specify the main route table's association ID and the route table ID of the new main route table. Changes the route table associated with a given subnet, internet gateway, or virtual private gateway in a VPC. After the operation completes, the subnet or gateway uses the routes in the new route table. For more information about route tables, see Route tables in the Amazon VPC User Guide. You can also use this operation to change which table is the main route table in the VPC. Specify the main route table's association ID and the route table ID of the new main route table. [VPC only] Removes the specified outbound (egress) rules from a security group for EC2-VPC. This action does not apply to security groups for use in EC2-Classic. You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule's values exactly. Each rule has a protocol, from and to ports, and destination (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule. [Default VPC] If the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked. Amazon Web Services recommends that you describe the security group to verify that the rules were removed. Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. Removes the specified outbound (egress) rules from the specified security group. You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule's values exactly. Each rule has a protocol, from and to ports, and destination (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule. For a default VPC, if the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked. Amazon Web Services recommends that you describe the security group to verify that the rules were removed. Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. Removes the specified inbound (ingress) rules from a security group. You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule's values exactly. Each rule has a protocol, from and to ports, and source (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule. [EC2-Classic, default VPC] If the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked. Amazon Web Services recommends that you describe the security group to verify that the rules were removed. Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Removes the specified inbound (ingress) rules from a security group. You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule's values exactly. Each rule has a protocol, from and to ports, and source (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule. For a default VPC, if the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked. Amazon Web Services recommends that you describe the security group to verify that the rules were removed. Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. Unassigns secondary private IPv4 addresses from a private NAT gateway. You cannot unassign your primary private IP. For more information, see Edit secondary IP address associations in the Amazon Virtual Private Cloud User Guide. While unassigning is in progress, you cannot assign/unassign additional IP addresses while the connections are being drained. You are, however, allowed to delete the NAT gateway. A private IP address will only be released at the end of MaxDrainDurationSeconds. The private IP addresses stay associated and support the existing connections but do not support any new connections (new connections are distributed across the remaining assigned private IP address). After the existing connections drain out, the private IP addresses get released. Unassigns secondary private IPv4 addresses from a private NAT gateway. You cannot unassign your primary private IP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide. While unassigning is in progress, you cannot assign/unassign additional IP addresses while the connections are being drained. You are, however, allowed to delete the NAT gateway. A private IP address will only be released at the end of MaxDrainDurationSeconds. The private IP addresses stay associated and support the existing connections, but do not support any new connections (new connections are distributed across the remaining assigned private IP address). After the existing connections drain out, the private IP addresses are released. [VPC only] Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request. Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request. The NAT gateway ID. The ID of the NAT gateway. The NAT gateway ID. The ID of the NAT gateway. The NAT gateway ID. The ID of the NAT gateway. The NAT gateway ID. The ID of the NAT gateway. The ID of one or more of the VPC's security groups. You cannot specify security groups from a different VPC. The IDs of the security groups. You cannot specify security groups from a different VPC. The ID of an EC2-Classic instance to link to the ClassicLink-enabled VPC. The ID of the EC2-Classic instance. The ID of a ClassicLink-enabled VPC. The ID of the ClassicLink-enabled VPC. [EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID. [Default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID. The IP protocol name ( [VPC only] Use Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule. The IP protocol name ( Use Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule. [EC2-Classic, default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC. [Default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. The source security group must be in the same VPC. [nondefault VPC] The Amazon Web Services account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. [Nondefault VPC] The Amazon Web Services account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. Describes the ClassicLink DNS support status of a VPC. Deprecated. Describes the ClassicLink DNS support status of a VPC. A list of security groups. The security groups. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Describes a linked EC2-Classic instance. Deprecated. Describes a linked EC2-Classic instance. By default, when Amazon EC2 creates the new AMI, it reboots the instance so that it can take snapshots of the attached volumes while data is at rest, in order to ensure a consistent state. You can set the If you choose to bypass the shutdown and reboot process by setting the Default: Indicates whether or not the instance should be automatically rebooted before creating the image. Specify one of the following values: Default: Secondary EIP allocation IDs. For more information about secondary addresses, see Create a NAT gateway in the Amazon Virtual Private Cloud User Guide. Secondary EIP allocation IDs. For more information, see Create a NAT gateway in the Amazon VPC User Guide. Secondary private IPv4 addresses. For more information about secondary addresses, see Create a NAT gateway in the Amazon Virtual Private Cloud User Guide. Secondary private IPv4 addresses. For more information about secondary addresses, see Create a NAT gateway in the Amazon VPC User Guide. [Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see Create a NAT gateway in the Amazon Virtual Private Cloud User Guide. [Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see Create a NAT gateway in the Amazon VPC User Guide. A description for the security group. Constraints: Up to 255 characters in length Constraints for EC2-Classic: ASCII characters Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* A description for the security group. Constraints: Up to 255 characters in length Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* The name of the security group. Constraints: Up to 255 characters in length. Cannot start with Constraints for EC2-Classic: ASCII characters Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* The name of the security group. Constraints: Up to 255 characters in length. Cannot start with Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* [EC2-VPC] The ID of the VPC. Required for EC2-VPC. The ID of the VPC. Required for a nondefault VPC. The Availability Zone or Local Zone for the subnet. Default: Amazon Web Services selects one for you. If you create more than one subnet in your VPC, we do not necessarily select a different zone for each subnet. To create a subnet in a Local Zone, set this value to the Local Zone ID, for example To create a subnet in an Outpost, set this value to the Availability Zone for the Outpost and specify the Outpost ARN. The Availability Zone or Local Zone for the subnet. Default: Amazon Web Services selects one for you. If you create more than one subnet in your VPC, we do not necessarily select a different zone for each subnet. To create a subnet in a Local Zone, set this value to the Local Zone ID, for example To create a subnet in an Outpost, set this value to the Availability Zone for the Outpost and specify the Outpost ARN. The Availability Zone in which to create the volume. The ID of the Availability Zone in which to create the volume. For example, The ID of the VPC for the endpoint. The ID of the VPC. The service name. The name of the endpoint service. The ID of the security group. Required for a nondefault VPC. The ID of the security group. [EC2-Classic, default VPC] The name of the security group. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, you must specify the security group ID. [Default VPC] The name of the security group. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, you must specify the security group ID. One or more filters. The filters. One or more instance IDs. Must be instances linked to a VPC through ClassicLink. The instance IDs. Must be instances linked to a VPC through ClassicLink. One or more filters. The filters. One or more egress-only internet gateway IDs. The IDs of the egress-only internet gateways. One or more filters. The filters. The filters. The filters. One or more filters. Filter names and values are case-sensitive. One or more filters. Filter names and values are case-sensitive. The instance type. For more information, see Instance types in the Amazon EC2 User Guide. When you change your EBS-backed instance type, instance restart or replacement behavior depends on the instance type compatibility between the old and new types. An instance that's backed by an instance store volume is always replaced. For more information, see Change the instance type in the Amazon EC2 User Guide. The instance type. For more information, see Instance types in the Amazon EC2 User Guide. One or more filters. The filters. One or more internet gateway IDs. Default: Describes all your internet gateways. The IDs of the internet gateways. Default: Describes all your internet gateways. One or more filters. The filters. One or more NAT gateway IDs. The IDs of the NAT gateways. One or more filters. The filters. One or more network ACL IDs. Default: Describes all your network ACLs. The IDs of the network ACLs. Default: Describes all your network ACLs. One or more filters. The filters. One or more route table IDs. Default: Describes all your route tables. The IDs of the route tables. Default: Describes all your route tables. [EC2-Classic and default VPC only] The names of the security groups. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, use the Default: Describes all of your security groups. [Default VPC] The names of the security groups. You can specify either the security group name or the security group ID. Default: Describes all of your security groups. One or more filters. The filters. One or more subnet IDs. Default: Describes all your subnets. The IDs of the subnets. Default: Describes all your subnets. One or more VPC IDs. The IDs of the VPCs. One or more filters. The filters. One or more VPCs for which you want to describe the ClassicLink status. The VPCs for which you want to describe the ClassicLink status. The ClassicLink status of one or more VPCs. The ClassicLink status of the VPCs. One or more filters. The filters. One or more VPC peering connection IDs. Default: Describes all your VPC peering connections. The IDs of the VPC peering connections. Default: Describes all your VPC peering connections. One or more filters. The filters. One or more VPC IDs. Default: Describes all your VPCs. The IDs of the VPCs. Default: Describes all your VPCs. One or more values for the DHCP option. The values for the DHCP option. One or more DHCP options in the set. The DHCP options in the set. Describes a set of DHCP options. The set of DHCP options. The NAT gateway ID. The ID of the NAT gateway. The NAT gateway ID. The ID of the NAT gateway. An identifier for the symmetric KMS key to use when creating the encrypted AMI. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a The KMS key identifier may be provided in any of the following formats: Key ID Key alias. The alias ARN contains the ARN using key ID. The ID ARN contains the ARN using key alias. The alias ARN contains the Amazon Web Services parses The specified KMS key must exist in the Region that the AMI is being copied to. Amazon EBS does not support asymmetric KMS keys. An identifier for the symmetric KMS key to use when creating the encrypted AMI. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a The KMS key identifier may be provided in any of the following formats: Key ID Key alias ARN using key ID. The ID ARN contains the ARN using key alias. The alias ARN contains the Amazon Web Services parses The specified KMS key must exist in the Region that the AMI is being copied to. Amazon EBS does not support asymmetric KMS keys. The operating system of the virtual machine. Valid values: The operating system of the virtual machine. If you import a VM that is compatible with Unified Extensible Firmware Interface (UEFI) using an EBS snapshot, you must specify a value for the platform. Valid values: An identifier for the symmetric KMS key to use when creating the encrypted snapshot. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a The KMS key identifier may be provided in any of the following formats: Key ID Key alias. The alias ARN contains the ARN using key ID. The ID ARN contains the ARN using key alias. The alias ARN contains the Amazon Web Services parses The specified KMS key must exist in the Region that the snapshot is being copied to. Amazon EBS does not support asymmetric KMS keys. An identifier for the symmetric KMS key to use when creating the encrypted snapshot. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a The KMS key identifier may be provided in any of the following formats: Key ID Key alias ARN using key ID. The ID ARN contains the ARN using key alias. The alias ARN contains the Amazon Web Services parses The specified KMS key must exist in the Region that the snapshot is being copied to. Amazon EBS does not support asymmetric KMS keys. The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes. When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values. To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request: You must specify For more information, see Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide. The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes. You must specify When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values. To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request: If you specify Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the launch instance wizard or with the RunInstances API, you can't specify For more information, see Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide. The minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). Default: No minimum or maximum limits The minimum and maximum amount of baseline network bandwidth, in gigabits per second (Gbps). For more information, see Amazon EC2 instance network bandwidth in the Amazon EC2 User Guide. Default: No minimum or maximum limits The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes. When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values. To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request: You must specify For more information, see Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide. The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes. You must specify When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values. To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request: If you specify Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the launch instance wizard, or with the RunInstances API or AWS::EC2::Instance Amazon Web Services CloudFormation resource, you can't specify For more information, see Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide. Indicates whether the instance type is a burstable performance instance type. Indicates whether the instance type is a burstable performance T instance type. For more information, see Burstable performance instances. The IP protocol name ( [VPC only] Use The IP protocol name ( Use [VPC only] The IPv6 ranges. The IPv6 ranges. [VPC only] The prefix list IDs. The prefix list IDs. [EC2-VPC only] Describes an IPv6 range. Describes an IPv6 range. Indicates whether the instance is enabled for AMD SEV-SNP. Indicates whether the instance is enabled for AMD SEV-SNP. For more information, see AMD SEV-SNP. Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see AMD SEV-SNP. The CPU options for the instance. Both the core count and threads per core must be specified in the request. Enables or disables the IPv6 endpoint for the instance metadata service. This setting applies only if you have enabled the HTTP metadata endpoint. Enables or disables the IPv6 endpoint for the instance metadata service. Applies only if you enabled the HTTP metadata endpoint. One or more entries (rules) in the network ACL. The entries (rules) in the network ACL. If true, enables outbound communication from an EC2-Classic instance that's linked to a local VPC using ClassicLink to instances in a peer VPC. Deprecated. If true, enables outbound communication from instances in a local VPC to an EC2-Classic instance that's linked to a peer VPC using ClassicLink. Deprecated. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Describes the VPC peering connection options. Describes the VPC peering connection options. If true, enables outbound communication from an EC2-Classic instance that's linked to a local VPC using ClassicLink to instances in a peer VPC. Deprecated. If true, enables outbound communication from instances in a local VPC to an EC2-Classic instance that's linked to a peer VPC using ClassicLink. Deprecated. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. The VPC peering connection options. The VPC peering connection options. The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes. If you specify The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes. You must specify When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values. To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request: If you specify Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the launch instance wizard, or with the RunInstances API or AWS::EC2::Instance Amazon Web Services CloudFormation resource, you can't specify For more information, see Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide. The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID. The ID of the security group. [EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID. [Default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID. [EC2-Classic, default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. For EC2-VPC, the source security group must be in the same VPC. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead. [Default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. The source security group must be in the same VPC. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead. [EC2-Classic] The Amazon Web Services account ID of the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead. Not supported. The instance type. For more information, see Instance types in the Amazon EC2 User Guide. When you change your EBS-backed instance type, instance restart or replacement behavior depends on the instance type compatibility between the old and new types. An instance that's backed by an instance store volume is always replaced. For more information, see Change the instance type in the Amazon EC2 User Guide. Default: The instance type. For more information, see Instance types in the Amazon EC2 User Guide. The options for the instance hostname. The default values are inherited from the subnet. The options for the instance hostname. The default values are inherited from the subnet. Applies only if creating a network interface, not attaching an existing one. [VPC only] The outbound rules associated with the security group. The outbound rules associated with the security group. [VPC only] The ID of the VPC for the security group. The ID of the VPC for the security group. The NAT gateway ID. The ID of the NAT gateway. The NAT gateway ID. The ID of the NAT gateway. [Default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request. [Default VPC] The name of the security group. You must specify either the security group ID or the security group name. [EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID. [Default VPC] The name of the security group. You must specify either the security group ID or the security group name. For security groups in a nondefault VPC, you must specify the security group ID. [VPC only] The description for the ingress security group rules. You must specify either a description or IP permissions. The description for the ingress security group rules. You must specify either a description or IP permissions. The name of the security group. In a request, use this parameter for a security group in EC2-Classic or a default VPC only. For a security group in a nondefault VPC, use the security group ID. For a referenced security group in another VPC, this value is not returned if the referenced security group is deleted. [Default VPC] The name of the security group. For a security group in a nondefault VPC, use the security group ID. For a referenced security group in another VPC, this value is not returned if the referenced security group is deleted. The ID of an Amazon Web Services account. For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned. [EC2-Classic] Required when adding or removing rules that reference a security group in another Amazon Web Services account. The ID of an Amazon Web Services account. For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned. Describes a security group and Amazon Web Services account ID pair. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Describes a security group and Amazon Web Services account ID pair. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Describes whether a VPC is enabled for ClassicLink. Deprecated. Describes whether a VPC is enabled for ClassicLink. Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection. Deprecated. Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection. Deprecated. We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide. Describes the VPC peering connection options. Describes the VPC peering connection options. Copy an image set. Create a data store. Delete a data store. Before a data store can be deleted, you must first delete all image sets within it. Delete an image set. Get the import job properties to learn more about the job or job progress. Get data store properties. Get an image frame (pixel data) for an image set. Get image set properties. Get metadata attributes for an image set. List import jobs created by this AWS account for a specific data store. List data stores created by this AWS account. List image set versions. Lists all tags associated with a medical imaging resource. Search image sets based on defined input attributes. Start importing bulk data into an Adds a user-specifed key and value tag to a medical imaging resource. Removes tags from a medical imaging resource. Update image set metadata attributes. The user does not have sufficient access to perform this action. Updating or deleting a resource can cause an inconsistent state. The image set identifier for the destination image set. The latest version identifier for the destination image set. Copy the destination image set. The image set identifier of the copied image set properties. The latest version identifier for the destination image set properties. The image set state of the destination image set properties. The image set workflow status of the destination image set properties. The timestamp when the destination image set properties were created. The timestamp when the destination image set properties were last updated. The Amazon Resource Name (ARN) assigned to the destination image set. Copy the image set properties of the destination image set. The source image set. The destination image set. Copy image set information. The data store identifier. The source image set identifier. Copy image set information. The data store identifier. The properties of the source image set. The properties of the destination image set. The latest version identifier for the source image set. Copy source image set information. The image set identifier for the copied source image set. The latest version identifier for the copied source image set. The image set state of the copied source image set. The workflow status of the copied source image set. The timestamp when the source image set properties were created. The timestamp when the source image set properties were updated. The Amazon Resource Name (ARN) assigned to the source image set. Copy source image set properties. The data store name. A unique identifier for API idempotency. The tags provided when creating a data store. The Amazon Resource Name (ARN) assigned to the AWS Key Management Service (AWS KMS) key for accessing encrypted data. The data store identifier. The data store status. The import job identifier. The import job name. The filters for listing import jobs based on status. The data store identifier. The Amazon Resource Name (ARN) that grants permissions to access medical imaging resources. The timestamp for when the import job was ended. The timestamp for when the import job was submitted. The input prefix path for the S3 bucket that contains the DICOM P10 files to be imported. The output prefix of the S3 bucket to upload the results of the DICOM import job. The error message thrown if an import job fails. Properties of the import job. The import job identifier. The import job name. The filters for listing import jobs based on status. The data store identifier. The Amazon Resource Name (ARN) that grants permissions to access medical imaging resources. The timestamp when an import job ended. The timestamp when an import job was submitted. The error message thrown if an import job fails. Summary of import job. The DICOM study date provided in The DICOM study time provided in The aggregated structure to store DICOM study date and study time for search capabilities. The unique identifier for a patient in a DICOM Study. The patient name. The patient birth date. The patient sex. The DICOM provided identifier for studyInstanceUid.> The DICOM provided studyId. The description of the study. The total number of series in the DICOM study. The total number of instances in the DICOM study. The accession number for the DICOM study. The study date. The study time. The DICOM attributes returned as a part of a response. Each image set has these properties as part of a search result. The DICOM tags to be removed from The DICOM tags that need to be updated in The object containing The data store identifier. The data store name. The data store status. The Amazon Resource Name (ARN) assigned to the AWS Key Management Service (AWS KMS) key for accessing encrypted data. The Amazon Resource Name (ARN) for the data store. The timestamp when the data store was created. The timestamp when the data store was last updated. The properties associated with the data store. The data store identifier. The data store name. The data store status. The Amazon Resource Name (ARN) for the data store. The timestamp when the data store was created. The timestamp when the data store was last updated. List of summaries of data stores. The data store identifier. The data store identifier. The data store status. The data store identifier. The image set identifier. The data store identifier. The image set identifier. The image set state. The image set workflow status. The data store identifier. The import job identifier. The properties of the import job. The data store identifier. The data store properties. The data store identifier. The image set identifier. Information about the image frame (pixel data) identifier. The blob containing the aggregated image frame information. The format in which the image frame information is returned to the customer. Default is The data store identifier. The image set identifier. The image set version identifier. The blob containing the aggregated metadata information for the image set. The format in which the study metadata is returned to the customer. Default is The compression format in which image set metadata attributes are returned. The data store identifier. The image set identifier. The image set version identifier. The data store identifier. The image set identifier. The image set version identifier. The image set state. The image set workflow status. The timestamp when image set properties were created. The timestamp when image set properties were updated. The timestamp when the image set properties were deleted. The error message thrown if an image set action fails. The Amazon Resource Name (ARN) assigned to the image set. The image frame (pixel data) identifier. Information about the image frame (pixel data) identifier. The image set identifier. The image set version identifier. The image set state. The image set workflow status. The timestamp when the image set properties were created. The timestamp when the image set properties were updated. The timestamp when the image set properties were deleted. The error message thrown if an image set action fails. The image set properties. The image set identifier. The image set version. The time an image set is created in AWS HealthImaging. Sample creation date is provided in The time when an image was last updated in AWS HealthImaging. The DICOM tags associated with the image set. Summary of the image set metadata. An unexpected error occurred during processing of the request. ARN referencing a KMS key or KMS key alias. The data store identifier. The filters for listing import jobs based on status. The pagination token used to request the list of import jobs on the next page. The max results count. The upper bound is determined by load testing. A list of job summaries. The pagination token used to retrieve the list of import jobs on the next page. The data store status. The pagination token used to request the list of data stores on the next page. Valid Range: Minimum value of 1. Maximum value of 50. The list of summaries of data stores. The pagination token used to retrieve the list of data stores on the next page. The data store identifier. The image set identifier. The pagination token used to request the list of image set versions on the next page. The max results count. Lists all properties associated with an image set. The pagination token used to retrieve the list of image set versions on the next page. The Amazon Resource Name (ARN) of the medical imaging resource to list tags for. A list of all tags associated with a medical imaging resource. The object containing Contains DICOMUpdates. The request references a resource which does not exist. The patient ID input for search. The DICOM accession number for search. The DICOM study ID for search. The DICOM study instance UID for search. The created at time of the image set provided for search. The aggregated structure containing DICOM study date and study time for search. The search input attribute value. The filters for the search criteria. The search criteria. The search filter values. The search filter operator for The search filter. The identifier of the data store where the image sets reside. The search criteria that filters by applying a maximum of 1 item to The maximum number of results that can be returned in a search. The token used for pagination of results returned in the response. Use the token returned from the previous request to continue results where the previous request ended. The model containing the image set results. The token for pagination results. The request caused a service quota to be exceeded. The import job name. The Amazon Resource Name (ARN) of the IAM role that grants permission to access medical imaging resources. A unique identifier for API idempotency. The data store identifier. The input prefix path for the S3 bucket that contains the DICOM files to be imported. The output prefix of the S3 bucket to upload the results of the DICOM import job. The data store identifier. The import job identifier. The import job status. The timestamp when the import job was submitted. The Amazon Resource Name (ARN) of the medical imaging resource that tags are being added to. The user-specified key and value tag pairs added to a medical imaging resource. The request was denied due to throttling. The Amazon Resource Name (ARN) of the medical imaging resource that tags are being removed from. The keys for the tags to be removed from the medical imaging resource. The data store identifier. The image set identifier. The latest image set version identifier. Update image set metadata updates. The data store identifier. The image set identifier. The latest image set version identifier. The image set state. The image set workflow status. The timestamp when image set metadata was created. The timestamp when image set metadata was updated. The error message thrown if an update image set metadata action fails. The input fails to satisfy the constraints specified by an AWS service. This is the AWS HealthImaging API Reference. AWS HealthImaging is an AWS service for storing, accessing, and analyzing medical images. For an introduction to the service, see the AWS HealthImaging Developer Guide . We recommend using one of the AWS Software Development Kits (SDKs) for your programming language, as they take care of request authentication, serialization, and connection management. For more information, see Tools to build on AWS. For information about using AWS HealthImaging API actions in one of the language-specific AWS SDKs, refer to the See Also link at the end of each section that describes an API action or data type. The following sections list AWS HealthImaging API actions categorized according to functionality. Links are provided to actions within this Reference, along with links back to corresponding sections in the AWS HealthImaging Developer Guide so you can view console procedures and CLI/SDK code examples. Data store actions CreateDatastore – See Creating a data store. ListDatastores – See Listing data stores. DeleteDatastore – See Deleting a data store. Import job actions ListDICOMImportJobs – See Listing import jobs. Image set access actions SearchImageSets – See Searching image sets. GetImageSet – See Getting image set properties. Image set modification actions CopyImageSet – See Copying an image set. DeleteImageSet – See Deleting an image set. Tagging actions TagResource – See Tagging a data store and Tagging an image set. ListTagsForResource – See Tagging a data store and Tagging an image set. UntagResource – See Tagging a data store and Tagging an image set. The Lists available versions of Grafana. These are available when calling Specifies the version of Grafana to support in the new workspace. Supported values are Specifies the version of Grafana to support in the new workspace. To get a list of supported version, use the The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to. The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to. Connecting to a private VPC is not yet available in the Asia Pacific (Seoul) Region (ap-northeast-2). The configuration string for the workspace that you requested. For more information about the format and configuration options available, see Working in your Grafana workspace. The supported Grafana version for the workspace. The maximum number of results to include in the response. The token to use when requesting the next set of results. You receive this token from a previous The ID of the workspace to list the available upgrade versions. If not included, lists all versions of Grafana that are supported for The Grafana versions available to create. If a workspace ID is included in the request, the Grafana versions to which this workspace can be upgraded. The token to use in a subsequent An array of prefix list IDs. A prefix list is a list of CIDR ranges of IP addresses. The IP addresses specified are allowed to access your workspace. If the list is not included in the configuration then no IP addresses will be allowed to access the workspace. You create a prefix list using the Amazon VPC console. Prefix list IDs have the format For more information about prefix lists, see Group CIDR blocks using managed prefix listsin the Amazon Virtual Private Cloud User Guide. An array of prefix list IDs. A prefix list is a list of CIDR ranges of IP addresses. The IP addresses specified are allowed to access your workspace. If the list is not included in the configuration (passed an empty array) then no IP addresses are allowed to access the workspace. You create a prefix list using the Amazon VPC console. Prefix list IDs have the format For more information about prefix lists, see Group CIDR blocks using managed prefix listsin the Amazon Virtual Private Cloud User Guide. An array of Amazon VPC endpoint IDs for the workspace. You can create VPC endpoints to your Amazon Managed Grafana workspace for access from within a VPC. If a VPC endpoint IDs have the format For more information about creating an interface VPC endpoint, see Interface VPC endpoints in the Amazon Managed Grafana User Guide. The only VPC endpoints that can be specified here are interface VPC endpoints for Grafana workspaces (using the An array of Amazon VPC endpoint IDs for the workspace. You can create VPC endpoints to your Amazon Managed Grafana workspace for access from within a VPC. If a VPC endpoint IDs have the format For more information about creating an interface VPC endpoint, see Interface VPC endpoints in the Amazon Managed Grafana User Guide. The only VPC endpoints that can be specified here are interface VPC endpoints for Grafana workspaces (using the The configuration settings for in-bound network access to your workspace. When this is configured, only listed IP addresses and VPC endpoints will be able to access your workspace. Standard Grafana authentication and authorization will still be required. If this is not configured, or is removed, then all IP addresses and VPC endpoints will be allowed. Standard Grafana authentication and authorization will still be required. The configuration settings for in-bound network access to your workspace. When this is configured, only listed IP addresses and VPC endpoints will be able to access your workspace. Standard Grafana authentication and authorization are still required. Access is granted to a caller that is in either the IP address list or the VPC endpoint list - they do not need to be in both. If this is not configured, or is removed, then all IP addresses and VPC endpoints are allowed. Standard Grafana authentication and authorization are still required. While both If both are passed as empty arrays, no traffic is allowed to the workspace, because only explicitly allowed connections are accepted. The new configuration string for the workspace. For more information about the format and configuration options available, see Working in your Grafana workspace. Specifies the version of Grafana to support in the new workspace. Can only be used to upgrade (for example, from 8.4 to 9.4), not downgrade (for example, from 9.4 to 8.4). To know what versions are available to upgrade to for a specific workspace, see the The ID of the workspace to update. The list of Amazon EC2 subnet IDs created in the Amazon VPC for your Grafana workspace to connect. Duplicates not allowed. The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to. Provided The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to. Provided Connecting to a private VPC is not yet available in the Asia Pacific (Seoul) Region (ap-northeast-2). [Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. By default, If you are signed in to the management account, specify If you are signed in to a delegated administrator account, specify Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide. Specifies options for the The input for the GetTemplateSummary action. A list of resource identifier summaries that describe the target resources of an import operation and the properties you can provide during the import to identify the target resources. For example, An object containing any warnings returned. The output for the GetTemplateSummary action. If set to Options for the A list of all of the unrecognized resource types. This is only returned if the Contains any warnings returned by the CloudFormation allows you to create and manage Amazon Web Services infrastructure deployments predictably and repeatedly. You can use CloudFormation to leverage Amazon Web Services products, such as Amazon Elastic Compute Cloud, Amazon Elastic Block Store, Amazon Simple Notification Service, Elastic Load Balancing, and Auto Scaling to build highly reliable, highly scalable, cost-effective applications without creating or configuring the underlying Amazon Web Services infrastructure. With CloudFormation, you declare all your resources and dependencies in a template file. The template defines a collection of resources as a single unit called a stack. CloudFormation creates and deletes all member resources of the stack together and manages all dependencies between the resources for you. For more information about CloudFormation, see the CloudFormation product page. CloudFormation makes use of other Amazon Web Services products. If you need additional technical information about a specific Amazon Web Services product, you can find the product's technical documentation at docs.aws.amazon.com. Inspect only the cookies whose keys don't match any of the strings specified here. The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either Example JSON: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either Example JSON: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either Example JSON: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either Example JSON: Inspect only the headers whose keys don't match any of the strings specified here. The filter to use to identify the subset of headers to inspect in a web request. You must specify exactly one setting: either Example JSON: The filter to use to identify the subset of headers to inspect in a web request. You must specify exactly one setting: either Example JSON: The filter to use to identify the subset of headers to inspect in a web request. You must specify exactly one setting: either Example JSON: The filter to use to identify the subset of headers to inspect in a web request. You must specify exactly one setting: either Example JSON: Use the specified label namespace as an aggregate key. Each distinct fully qualified label name that has the specified label namespace contributes to the aggregation instance. If you use just one label namespace as your custom key, then each label name fully defines an aggregation instance. This uses only labels that have been added to the request by rules that are evaluated before this rate-based rule in the web ACL. For information about label namespaces and names, see Label syntax and naming requirements in the WAF Developer Guide. Use the request's URI path as an aggregate key. Each distinct URI path contributes to the aggregation instance. If you use just the URI path as your custom key, then each URI path fully defines an aggregation instance. Specifies a single custom aggregate key for a rate-base rule. Web requests that are missing any of the components specified in the aggregation keys are omitted from the rate-based rule evaluation and handling. Specifies the request's query string as an aggregate key for a rate-based rule. Each distinct string contributes to the aggregation instance. If you use just the query string as your custom key, then each string fully defines an aggregation instance. Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the Specifies the request's URI path as an aggregate key for a rate-based rule. Each distinct URI path contributes to the aggregation instance. If you use just the URI path as your custom key, then each URI path fully defines an aggregation instance. ClientToken
, but with different parameters, the retry fails with an IdempotentParameterMismatch
error.ClientToken
, but with different parameters, the retry fails with an IdempotentParameterMismatch
error.RESOURCE
.RESOURCE
.running
state. An instance is automatically unlinked from a VPC when it's stopped - you can link it to the VPC again when you restart it.running
state. An instance is automatically unlinked from a VPC when it's stopped - you can link it to the VPC again when you restart it.IpPermissions
must include a destination for the traffic.IpPermissions
must include a destination for the traffic.IpPermissions
must include a source for the traffic.IpPermissions
must include a source for the traffic./20
IPv4 CIDR block in the specified Availability Zone in your default VPC. You can have only one default subnet per Availability Zone. For more information, see Creating a default subnet in the Amazon Virtual Private Cloud User Guide./20
IPv4 CIDR block in the specified Availability Zone in your default VPC. You can have only one default subnet per Availability Zone. For more information, see Create a default subnet in the Amazon VPC User Guide./16
IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPC and default subnets in the Amazon Virtual Private Cloud User Guide. You cannot specify the components of the default VPC yourself./16
IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPCs in the Amazon VPC User Guide. You cannot specify the components of the default VPC yourself.
domain-name-servers
- The IP addresses of up to four domain name servers, or AmazonProvidedDNS. The default DHCP option set specifies AmazonProvidedDNS. If specifying more than one domain name server, specify the IP addresses in a single parameter, separated by commas. To have your instance receive a custom DNS hostname as specified in domain-name
, you must set domain-name-servers
to a custom DNS server.domain-name
- If you're using AmazonProvidedDNS in us-east-1
, specify ec2.internal
. If you're using AmazonProvidedDNS in another Region, specify region.compute.internal
(for example, ap-northeast-1.compute.internal
). Otherwise, specify a domain name (for example, ExampleCompany.com
). This value is used to complete unqualified DNS hostnames. Important: Some Linux operating systems accept multiple domain names separated by spaces. However, Windows and other Linux operating systems treat the value as a single domain, which results in unexpected behavior. If your DHCP options set is associated with a VPC that has instances with multiple operating systems, specify only one domain name.ntp-servers
- The IP addresses of up to four Network Time Protocol (NTP) servers.netbios-name-servers
- The IP addresses of up to four NetBIOS name servers.netbios-node-type
- The NetBIOS node type (1, 2, 4, or 8). We recommend that you specify 2 (broadcast and multicast are not currently supported). For more information about these node types, see RFC 2132.domain-name-servers
option either to AmazonProvidedDNS
or to a domain name server of your choice. For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.
domain-name-servers
- The IP addresses of up to four domain name servers, or AmazonProvidedDNS. The default DHCP option set specifies AmazonProvidedDNS. If specifying more than one domain name server, specify the IP addresses in a single parameter, separated by commas. To have your instance receive a custom DNS hostname as specified in domain-name
, you must set domain-name-servers
to a custom DNS server.domain-name
- If you're using AmazonProvidedDNS in us-east-1
, specify ec2.internal
. If you're using AmazonProvidedDNS in another Region, specify region.compute.internal
(for example, ap-northeast-1.compute.internal
). Otherwise, specify a domain name (for example, ExampleCompany.com
). This value is used to complete unqualified DNS hostnames. Important: Some Linux operating systems accept multiple domain names separated by spaces. However, Windows and other Linux operating systems treat the value as a single domain, which results in unexpected behavior. If your DHCP options set is associated with a VPC that has instances with multiple operating systems, specify only one domain name.ntp-servers
- The IP addresses of up to four Network Time Protocol (NTP) servers.netbios-name-servers
- The IP addresses of up to four NetBIOS name servers.netbios-node-type
- The NetBIOS node type (1, 2, 4, or 8). We recommend that you specify 2 (broadcast and multicast are not currently supported). For more information about these node types, see RFC 2132.domain-name-servers
option either to AmazonProvidedDNS
or to a domain name server of your choice. For more information, see DHCP options sets in the Amazon VPC User Guide.NoReboot
parameter to true
in the API request, or use the --no-reboot
option in the CLI to prevent Amazon EC2 from shutting down and rebooting the instance.NoReboot
parameter to true
in the API request, or by using the --no-reboot
option in the CLI, we can't guarantee the file system integrity of the created image.192.0.2.3
, and the route table includes the following two IPv4 routes:
192.0.2.0/24
(goes to some target A)192.0.2.0/28
(goes to some target B)192.0.2.3
. However, the second route in the list covers a smaller number of IP addresses and is therefore more specific, so we use that route to determine where to target the traffic.192.0.2.3
, and the route table includes the following two IPv4 routes:
192.0.2.0/24
(goes to some target A)192.0.2.0/28
(goes to some target B)192.0.2.3
. However, the second route in the list covers a smaller number of IP addresses and is therefore more specific, so we use that route to determine where to target the traffic.InvalidGroup.InUse
in EC2-Classic or DependencyViolation
in EC2-VPC.DependencyViolation
.10.0.0.0/8
IP address range, excluding local routes for VPCs in the 10.0.0.0/16
and 10.1.0.0/16
IP address ranges. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.10.0.0.0/8
IP address range, excluding local routes for VPCs in the 10.0.0.0/16
and 10.1.0.0/16
IP address ranges.
"
+ "documentation":"
GetFlowLogsIntegrationTemplate
does not support integration between Amazon Web Services Transit Gateway Flow Logs and Amazon Athena.ImportImage
API. For more information, see Importing a VM as an image using VM Import/Export in the VM Import/Export User Guide.
default
only. You cannot change the instance tenancy attribute to dedicated
.default
, unless you specify otherwise during launch. The tenancy of any existing instances in the VPC is not affected.default
only. You cannot change the instance tenancy attribute to dedicated
.default
, unless you specify otherwise during launch. The tenancy of any existing instances in the VPC is not affected.tcp
, udp
, icmp
) or number (see Protocol Numbers). To specify icmpv6
, use a set of IP permissions.-1
to specify all protocols. If you specify -1
or a protocol other than tcp
, udp
, or icmp
, traffic on all ports is allowed, regardless of any ports you specify.tcp
, udp
, icmp
) or number (see Protocol Numbers). To specify icmpv6
, use a set of IP permissions.-1
to specify all protocols. If you specify -1
or a protocol other than tcp
, udp
, or icmp
, traffic on all ports is allowed, regardless of any ports you specify.NoReboot
parameter to true
in the API request, or use the --no-reboot
option in the CLI to prevent Amazon EC2 from shutting down and rebooting the instance.NoReboot
parameter to true
in the API request, or by using the --no-reboot
option in the CLI, we can't guarantee the file system integrity of the created image.false
(follow standard reboot process)
true
- The instance is not rebooted before creating the image. This creates crash-consistent snapshots that include only the data that has been written to the volumes at the time the snapshots are created. Buffered data and data in memory that has not yet been written to the volumes is not included in the snapshots.false
- The instance is rebooted before creating the image. This ensures that all buffered data and data in memory is written to the volumes before the snapshots are created.false
sg-
.sg-
.us-west-2-lax-1a
. For information about the Regions that support Local Zones, see Available Regions in the Amazon Elastic Compute Cloud User Guide.us-west-2-lax-1a
. For information about the Regions that support Local Zones, see Local Zones locations.us-east-1a
.
",
+ "documentation":"group-id
- The ID of a VPC security group that's associated with the instance.instance-id
- The ID of the instance.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-id
- The ID of the VPC to which the instance is linked.vpc-id
- The ID of the VPC that the instance is linked to.
",
"locationName":"Filter"
},
"DryRun":{
@@ -18492,7 +18492,7 @@
},
"InstanceIds":{
"shape":"InstanceIdStringList",
- "documentation":"group-id
- The ID of a VPC security group that's associated with the instance.instance-id
- The ID of the instance.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-id
- The ID of the VPC to which the instance is linked.
",
+ "documentation":"dhcp-options-id
- The ID of a DHCP options set.key
- The key for one of the options (for example, domain-name
).value
- The value for one of the options.owner-id
- The ID of the Amazon Web Services account that owns the DHCP options set.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
",
"locationName":"Filter"
},
"DryRun":{
@@ -18929,7 +18929,7 @@
},
"EgressOnlyInternetGatewayIds":{
"shape":"EgressOnlyInternetGatewayIdList",
- "documentation":"dhcp-options-id
- The ID of a DHCP options set.key
- The key for one of the options (for example, domain-name
).value
- The value for one of the options.owner-id
- The ID of the Amazon Web Services account that owns the DHCP options set.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
",
+ "documentation":"tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
",
"locationName":"Filter"
}
}
@@ -19894,7 +19894,7 @@
},
"Filters":{
"shape":"FilterList",
- "documentation":"tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
",
+ "documentation":"architecture
- The image architecture (i386
| x86_64
| arm64
).block-device-mapping.delete-on-termination
- A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.block-device-mapping.device-name
- The device name specified in the block device mapping (for example, /dev/sdh
or xvdh
).block-device-mapping.snapshot-id
- The ID of the snapshot used for the Amazon EBS volume.block-device-mapping.volume-size
- The volume size of the Amazon EBS volume, in GiB.block-device-mapping.volume-type
- The volume type of the Amazon EBS volume (io1
| io2
| gp2
| gp3
| sc1
| st1
| standard
).block-device-mapping.encrypted
- A Boolean that indicates whether the Amazon EBS volume is encrypted.creation-date
- The time when the image was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z
. You can use a wildcard (*
), for example, 2021-09-29T*
, which matches an entire day.description
- The description of the image (provided during image creation).ena-support
- A Boolean that indicates whether enhanced networking with ENA is enabled.hypervisor
- The hypervisor type (ovm
| xen
).image-id
- The ID of the image.image-type
- The image type (machine
| kernel
| ramdisk
).is-public
- A Boolean that indicates whether the image is public.kernel-id
- The kernel ID.manifest-location
- The location of the image manifest.name
- The name of the AMI (provided during image creation).owner-alias
- The owner alias (amazon
| aws-marketplace
). The valid aliases are defined in an Amazon-maintained list. This is not the Amazon Web Services account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.owner-id
- The Amazon Web Services account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.platform
- The platform. The only supported value is windows
.product-code
- The product code.product-code.type
- The type of the product code (marketplace
).ramdisk-id
- The RAM disk ID.root-device-name
- The device name of the root device volume (for example, /dev/sda1
).root-device-type
- The type of the root device volume (ebs
| instance-store
).state
- The state of the image (available
| pending
| failed
).state-reason-code
- The reason code for the state change.state-reason-message
- The message for the state change.sriov-net-support
- A value of simple
indicates that enhanced networking with the Intel 82599 VF interface is enabled.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.virtualization-type
- The virtualization type (paravirtual
| hvm
).
",
"locationName":"Filter"
},
"ImageIds":{
@@ -20301,7 +20301,7 @@
},
"Filters":{
"shape":"FilterList",
- "documentation":"architecture
- The image architecture (i386
| x86_64
| arm64
| x86_64_mac
| arm64_mac
).block-device-mapping.delete-on-termination
- A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.block-device-mapping.device-name
- The device name specified in the block device mapping (for example, /dev/sdh
or xvdh
).block-device-mapping.snapshot-id
- The ID of the snapshot used for the Amazon EBS volume.block-device-mapping.volume-size
- The volume size of the Amazon EBS volume, in GiB.block-device-mapping.volume-type
- The volume type of the Amazon EBS volume (io1
| io2
| gp2
| gp3
| sc1
| st1
| standard
).block-device-mapping.encrypted
- A Boolean that indicates whether the Amazon EBS volume is encrypted.creation-date
- The time when the image was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z
. You can use a wildcard (*
), for example, 2021-09-29T*
, which matches an entire day.description
- The description of the image (provided during image creation).ena-support
- A Boolean that indicates whether enhanced networking with ENA is enabled.hypervisor
- The hypervisor type (ovm
| xen
).image-id
- The ID of the image.image-type
- The image type (machine
| kernel
| ramdisk
).is-public
- A Boolean that indicates whether the image is public.kernel-id
- The kernel ID.manifest-location
- The location of the image manifest.name
- The name of the AMI (provided during image creation).owner-alias
- The owner alias (amazon
| aws-marketplace
). The valid aliases are defined in an Amazon-maintained list. This is not the Amazon Web Services account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.owner-id
- The Amazon Web Services account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.platform
- The platform. The only supported value is windows
.product-code
- The product code.product-code.type
- The type of the product code (marketplace
).ramdisk-id
- The RAM disk ID.root-device-name
- The device name of the root device volume (for example, /dev/sda1
).root-device-type
- The type of the root device volume (ebs
| instance-store
).state
- The state of the image (available
| pending
| failed
).state-reason-code
- The reason code for the state change.state-reason-message
- The message for the state change.sriov-net-support
- A value of simple
indicates that enhanced networking with the Intel 82599 VF interface is enabled.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.virtualization-type
- The virtualization type (paravirtual
| hvm
).
",
+ "documentation":"auto-recovery-supported
- Indicates whether Amazon CloudWatch action based recovery is supported (true
| false
).bare-metal
- Indicates whether it is a bare metal instance type (true
| false
).burstable-performance-supported
- Indicates whether it is a burstable performance instance type (true
| false
).current-generation
- Indicates whether this instance type is the latest generation instance type of an instance family (true
| false
).ebs-info.ebs-optimized-info.baseline-bandwidth-in-mbps
- The baseline bandwidth performance for an EBS-optimized instance type, in Mbps.ebs-info.ebs-optimized-info.baseline-iops
- The baseline input/output storage operations per second for an EBS-optimized instance type.ebs-info.ebs-optimized-info.baseline-throughput-in-mbps
- The baseline throughput performance for an EBS-optimized instance type, in MB/s.ebs-info.ebs-optimized-info.maximum-bandwidth-in-mbps
- The maximum bandwidth performance for an EBS-optimized instance type, in Mbps.ebs-info.ebs-optimized-info.maximum-iops
- The maximum input/output storage operations per second for an EBS-optimized instance type.ebs-info.ebs-optimized-info.maximum-throughput-in-mbps
- The maximum throughput performance for an EBS-optimized instance type, in MB/s.ebs-info.ebs-optimized-support
- Indicates whether the instance type is EBS-optimized (supported
| unsupported
| default
).ebs-info.encryption-support
- Indicates whether EBS encryption is supported (supported
| unsupported
).ebs-info.nvme-support
- Indicates whether non-volatile memory express (NVMe) is supported for EBS volumes (required
| supported
| unsupported
).free-tier-eligible
- Indicates whether the instance type is eligible to use in the free tier (true
| false
).hibernation-supported
- Indicates whether On-Demand hibernation is supported (true
| false
).hypervisor
- The hypervisor (nitro
| xen
).instance-storage-info.disk.count
- The number of local disks.instance-storage-info.disk.size-in-gb
- The storage size of each instance storage disk, in GB.instance-storage-info.disk.type
- The storage technology for the local instance storage disks (hdd
| ssd
).instance-storage-info.encryption-support
- Indicates whether data is encrypted at rest (required
| supported
| unsupported
).instance-storage-info.nvme-support
- Indicates whether non-volatile memory express (NVMe) is supported for instance store (required
| supported
| unsupported
).instance-storage-info.total-size-in-gb
- The total amount of storage available from all local instance storage, in GB.instance-storage-supported
- Indicates whether the instance type has local instance storage (true
| false
).instance-type
- The instance type (for example c5.2xlarge
or c5*).memory-info.size-in-mib
- The memory size.network-info.efa-info.maximum-efa-interfaces
- The maximum number of Elastic Fabric Adapters (EFAs) per instance.network-info.efa-supported
- Indicates whether the instance type supports Elastic Fabric Adapter (EFA) (true
| false
).network-info.ena-support
- Indicates whether Elastic Network Adapter (ENA) is supported or required (required
| supported
| unsupported
).network-info.encryption-in-transit-supported
- Indicates whether the instance type automatically encrypts in-transit traffic between instances (true
| false
).network-info.ipv4-addresses-per-interface
- The maximum number of private IPv4 addresses per network interface.network-info.ipv6-addresses-per-interface
- The maximum number of private IPv6 addresses per network interface.network-info.ipv6-supported
- Indicates whether the instance type supports IPv6 (true
| false
).network-info.maximum-network-cards
- The maximum number of network cards per instance.network-info.maximum-network-interfaces
- The maximum number of network interfaces per instance.network-info.network-performance
- The network performance (for example, \"25 Gigabit\").processor-info.supported-architecture
- The CPU architecture (arm64
| i386
| x86_64
).processor-info.sustained-clock-speed-in-ghz
- The CPU clock speed, in GHz.processor-info.supported-features
- The supported CPU features (amd-sev-snp
).supported-boot-mode
- The boot mode (legacy-bios
| uefi
).supported-root-device-type
- The root device type (ebs
| instance-store
).supported-usage-class
- The usage class (on-demand
| spot
).supported-virtualization-type
- The virtualization type (hvm
| paravirtual
).vcpu-info.default-cores
- The default number of cores for the instance type.vcpu-info.default-threads-per-core
- The default number of threads per core for the instance type.vcpu-info.default-vcpus
- The default number of vCPUs for the instance type.vcpu-info.valid-cores
- The number of cores that can be configured for the instance type.vcpu-info.valid-threads-per-core
- The number of threads per core that can be configured for the instance type. For example, \"1\" or \"1,2\".
",
"locationName":"Filter"
},
"MaxResults":{
@@ -20319,7 +20319,7 @@
"members":{
"InstanceTypes":{
"shape":"InstanceTypeInfoList",
- "documentation":"auto-recovery-supported
- Indicates whether Amazon CloudWatch action based recovery is supported (true
| false
).bare-metal
- Indicates whether it is a bare metal instance type (true
| false
).burstable-performance-supported
- Indicates whether the instance type is a burstable performance T instance type (true
| false
).current-generation
- Indicates whether this instance type is the latest generation instance type of an instance family (true
| false
).ebs-info.ebs-optimized-info.baseline-bandwidth-in-mbps
- The baseline bandwidth performance for an EBS-optimized instance type, in Mbps.ebs-info.ebs-optimized-info.baseline-iops
- The baseline input/output storage operations per second for an EBS-optimized instance type.ebs-info.ebs-optimized-info.baseline-throughput-in-mbps
- The baseline throughput performance for an EBS-optimized instance type, in MB/s.ebs-info.ebs-optimized-info.maximum-bandwidth-in-mbps
- The maximum bandwidth performance for an EBS-optimized instance type, in Mbps.ebs-info.ebs-optimized-info.maximum-iops
- The maximum input/output storage operations per second for an EBS-optimized instance type.ebs-info.ebs-optimized-info.maximum-throughput-in-mbps
- The maximum throughput performance for an EBS-optimized instance type, in MB/s.ebs-info.ebs-optimized-support
- Indicates whether the instance type is EBS-optimized (supported
| unsupported
| default
).ebs-info.encryption-support
- Indicates whether EBS encryption is supported (supported
| unsupported
).ebs-info.nvme-support
- Indicates whether non-volatile memory express (NVMe) is supported for EBS volumes (required
| supported
| unsupported
).free-tier-eligible
- Indicates whether the instance type is eligible to use in the free tier (true
| false
).hibernation-supported
- Indicates whether On-Demand hibernation is supported (true
| false
).hypervisor
- The hypervisor (nitro
| xen
).instance-storage-info.disk.count
- The number of local disks.instance-storage-info.disk.size-in-gb
- The storage size of each instance storage disk, in GB.instance-storage-info.disk.type
- The storage technology for the local instance storage disks (hdd
| ssd
).instance-storage-info.encryption-support
- Indicates whether data is encrypted at rest (required
| supported
| unsupported
).instance-storage-info.nvme-support
- Indicates whether non-volatile memory express (NVMe) is supported for instance store (required
| supported
| unsupported
).instance-storage-info.total-size-in-gb
- The total amount of storage available from all local instance storage, in GB.instance-storage-supported
- Indicates whether the instance type has local instance storage (true
| false
).instance-type
- The instance type (for example c5.2xlarge
or c5*).memory-info.size-in-mib
- The memory size.network-info.efa-info.maximum-efa-interfaces
- The maximum number of Elastic Fabric Adapters (EFAs) per instance.network-info.efa-supported
- Indicates whether the instance type supports Elastic Fabric Adapter (EFA) (true
| false
).network-info.ena-support
- Indicates whether Elastic Network Adapter (ENA) is supported or required (required
| supported
| unsupported
).network-info.encryption-in-transit-supported
- Indicates whether the instance type automatically encrypts in-transit traffic between instances (true
| false
).network-info.ipv4-addresses-per-interface
- The maximum number of private IPv4 addresses per network interface.network-info.ipv6-addresses-per-interface
- The maximum number of private IPv6 addresses per network interface.network-info.ipv6-supported
- Indicates whether the instance type supports IPv6 (true
| false
).network-info.maximum-network-cards
- The maximum number of network cards per instance.network-info.maximum-network-interfaces
- The maximum number of network interfaces per instance.network-info.network-performance
- The network performance (for example, \"25 Gigabit\").nitro-enclaves-support
- Indicates whether Nitro Enclaves is supported (supported
| unsupported
).nitro-tpm-support
- Indicates whether NitroTPM is supported (supported
| unsupported
).nitro-tpm-info.supported-versions
- The supported NitroTPM version (2.0
).processor-info.supported-architecture
- The CPU architecture (arm64
| i386
| x86_64
).processor-info.sustained-clock-speed-in-ghz
- The CPU clock speed, in GHz.processor-info.supported-features
- The supported CPU features (amd-sev-snp
).supported-boot-mode
- The boot mode (legacy-bios
| uefi
).supported-root-device-type
- The root device type (ebs
| instance-store
).supported-usage-class
- The usage class (on-demand
| spot
).supported-virtualization-type
- The virtualization type (hvm
| paravirtual
).vcpu-info.default-cores
- The default number of cores for the instance type.vcpu-info.default-threads-per-core
- The default number of threads per core for the instance type.vcpu-info.default-vcpus
- The default number of vCPUs for the instance type.vcpu-info.valid-cores
- The number of cores that can be configured for the instance type.vcpu-info.valid-threads-per-core
- The number of threads per core that can be configured for the instance type. For example, \"1\" or \"1,2\".
",
+ "documentation":"attachment.state
- The current state of the attachment between the gateway and the VPC (available
). Present only if a VPC is attached.attachment.vpc-id
- The ID of an attached VPC.internet-gateway-id
- The ID of the Internet gateway.owner-id
- The ID of the Amazon Web Services account that owns the internet gateway.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
",
"locationName":"Filter"
},
"DryRun":{
@@ -20394,7 +20394,7 @@
},
"InternetGatewayIds":{
"shape":"InternetGatewayIdList",
- "documentation":"attachment.state
- The current state of the attachment between the gateway and the VPC (available
). Present only if a VPC is attached.attachment.vpc-id
- The ID of an attached VPC.internet-gateway-id
- The ID of the Internet gateway.owner-id
- The ID of the Amazon Web Services account that owns the internet gateway.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
"
+ "documentation":"nat-gateway-id
- The ID of the NAT gateway.state
- The state of the NAT gateway (pending
| failed
| available
| deleting
| deleted
).subnet-id
- The ID of the subnet in which the NAT gateway resides.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-id
- The ID of the VPC in which the NAT gateway resides.
"
},
"MaxResults":{
"shape":"DescribeNatGatewaysMaxResults",
@@ -21193,7 +21193,7 @@
},
"NatGatewayIds":{
"shape":"NatGatewayIdStringList",
- "documentation":"nat-gateway-id
- The ID of the NAT gateway.state
- The state of the NAT gateway (pending
| failed
| available
| deleting
| deleted
).subnet-id
- The ID of the subnet in which the NAT gateway resides.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-id
- The ID of the VPC in which the NAT gateway resides.
",
+ "documentation":"association.association-id
- The ID of an association ID for the ACL.association.network-acl-id
- The ID of the network ACL involved in the association.association.subnet-id
- The ID of the subnet involved in the association.default
- Indicates whether the ACL is the default network ACL for the VPC.entry.cidr
- The IPv4 CIDR range specified in the entry.entry.icmp.code
- The ICMP code specified in the entry, if any.entry.icmp.type
- The ICMP type specified in the entry, if any.entry.ipv6-cidr
- The IPv6 CIDR range specified in the entry.entry.port-range.from
- The start of the port range specified in the entry. entry.port-range.to
- The end of the port range specified in the entry. entry.protocol
- The protocol specified in the entry (tcp
| udp
| icmp
or a protocol number).entry.rule-action
- Allows or denies the matching traffic (allow
| deny
).entry.egress
- A Boolean that indicates the type of rule. Specify true
for egress rules, or false
for ingress rules.entry.rule-number
- The number of an entry (in other words, rule) in the set of ACL entries.network-acl-id
- The ID of the network ACL.owner-id
- The ID of the Amazon Web Services account that owns the network ACL.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-id
- The ID of the VPC for the network ACL.
",
"locationName":"Filter"
},
"DryRun":{
@@ -21237,7 +21237,7 @@
},
"NetworkAclIds":{
"shape":"NetworkAclIdStringList",
- "documentation":"association.association-id
- The ID of an association ID for the ACL.association.network-acl-id
- The ID of the network ACL involved in the association.association.subnet-id
- The ID of the subnet involved in the association.default
- Indicates whether the ACL is the default network ACL for the VPC.entry.cidr
- The IPv4 CIDR range specified in the entry.entry.icmp.code
- The ICMP code specified in the entry, if any.entry.icmp.type
- The ICMP type specified in the entry, if any.entry.ipv6-cidr
- The IPv6 CIDR range specified in the entry.entry.port-range.from
- The start of the port range specified in the entry. entry.port-range.to
- The end of the port range specified in the entry. entry.protocol
- The protocol specified in the entry (tcp
| udp
| icmp
or a protocol number).entry.rule-action
- Allows or denies the matching traffic (allow
| deny
).entry.egress
- A Boolean that indicates the type of rule. Specify true
for egress rules, or false
for ingress rules.entry.rule-number
- The number of an entry (in other words, rule) in the set of ACL entries.network-acl-id
- The ID of the network ACL.owner-id
- The ID of the Amazon Web Services account that owns the network ACL.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-id
- The ID of the VPC for the network ACL.
",
+ "documentation":"association.route-table-association-id
- The ID of an association ID for the route table.association.route-table-id
- The ID of the route table involved in the association.association.subnet-id
- The ID of the subnet involved in the association.association.main
- Indicates whether the route table is the main route table for the VPC (true
| false
). Route tables that do not have an association ID are not returned in the response.owner-id
- The ID of the Amazon Web Services account that owns the route table.route-table-id
- The ID of the route table.route.destination-cidr-block
- The IPv4 CIDR range specified in a route in the table.route.destination-ipv6-cidr-block
- The IPv6 CIDR range specified in a route in the route table.route.destination-prefix-list-id
- The ID (prefix) of the Amazon Web Service specified in a route in the table.route.egress-only-internet-gateway-id
- The ID of an egress-only Internet gateway specified in a route in the route table.route.gateway-id
- The ID of a gateway specified in a route in the table.route.instance-id
- The ID of an instance specified in a route in the table.route.nat-gateway-id
- The ID of a NAT gateway.route.transit-gateway-id
- The ID of a transit gateway.route.origin
- Describes how the route was created. CreateRouteTable
indicates that the route was automatically created when the route table was created; CreateRoute
indicates that the route was manually added to the route table; EnableVgwRoutePropagation
indicates that the route was propagated by route propagation.route.state
- The state of a route in the route table (active
| blackhole
). The blackhole state indicates that the route's target isn't available (for example, the specified gateway isn't attached to the VPC, the specified NAT instance has been terminated, and so on).route.vpc-peering-connection-id
- The ID of a VPC peering connection specified in a route in the table.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-id
- The ID of the VPC for the route table.
",
"locationName":"Filter"
},
"DryRun":{
@@ -22061,7 +22061,7 @@
},
"RouteTableIds":{
"shape":"RouteTableIdStringList",
- "documentation":"association.route-table-association-id
- The ID of an association ID for the route table.association.route-table-id
- The ID of the route table involved in the association.association.subnet-id
- The ID of the subnet involved in the association.association.main
- Indicates whether the route table is the main route table for the VPC (true
| false
). Route tables that do not have an association ID are not returned in the response.owner-id
- The ID of the Amazon Web Services account that owns the route table.route-table-id
- The ID of the route table.route.destination-cidr-block
- The IPv4 CIDR range specified in a route in the table.route.destination-ipv6-cidr-block
- The IPv6 CIDR range specified in a route in the route table.route.destination-prefix-list-id
- The ID (prefix) of the Amazon Web Service specified in a route in the table.route.egress-only-internet-gateway-id
- The ID of an egress-only Internet gateway specified in a route in the route table.route.gateway-id
- The ID of a gateway specified in a route in the table.route.instance-id
- The ID of an instance specified in a route in the table.route.nat-gateway-id
- The ID of a NAT gateway.route.transit-gateway-id
- The ID of a transit gateway.route.origin
- Describes how the route was created. CreateRouteTable
indicates that the route was automatically created when the route table was created; CreateRoute
indicates that the route was manually added to the route table; EnableVgwRoutePropagation
indicates that the route was propagated by route propagation.route.state
- The state of a route in the route table (active
| blackhole
). The blackhole state indicates that the route's target isn't available (for example, the specified gateway isn't attached to the VPC, the specified NAT instance has been terminated, and so on).route.vpc-peering-connection-id
- The ID of a VPC peering connection specified in a route in the table.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-id
- The ID of the VPC for the route table.group-name
filter to describe security groups by name.
",
+ "documentation":"availability-zone
- The Availability Zone for the subnet. You can also use availabilityZone
as the filter name.availability-zone-id
- The ID of the Availability Zone for the subnet. You can also use availabilityZoneId
as the filter name.available-ip-address-count
- The number of IPv4 addresses in the subnet that are available.cidr-block
- The IPv4 CIDR block of the subnet. The CIDR block you specify must exactly match the subnet's CIDR block for information to be returned for the subnet. You can also use cidr
or cidrBlock
as the filter names.customer-owned-ipv4-pool
- The customer-owned IPv4 address pool associated with the subnet.default-for-az
- Indicates whether this is the default subnet for the Availability Zone (true
| false
). You can also use defaultForAz
as the filter name.enable-dns64
- Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations.enable-lni-at-device-index
- Indicates the device position for local network interfaces in this subnet. For example, 1
indicates local network interfaces in this subnet are the secondary network interface (eth1). ipv6-cidr-block-association.ipv6-cidr-block
- An IPv6 CIDR block associated with the subnet.ipv6-cidr-block-association.association-id
- An association ID for an IPv6 CIDR block associated with the subnet.ipv6-cidr-block-association.state
- The state of an IPv6 CIDR block associated with the subnet.ipv6-native
- Indicates whether this is an IPv6 only subnet (true
| false
).map-customer-owned-ip-on-launch
- Indicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives a customer-owned IPv4 address.map-public-ip-on-launch
- Indicates whether instances launched in this subnet receive a public IPv4 address.outpost-arn
- The Amazon Resource Name (ARN) of the Outpost.owner-id
- The ID of the Amazon Web Services account that owns the subnet.private-dns-name-options-on-launch.hostname-type
- The type of hostname to assign to instances in the subnet at launch. For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an instance DNS name can be based on the instance IPv4 address (ip-name) or the instance ID (resource-name). For IPv6 only subnets, an instance DNS name must be based on the instance ID (resource-name).private-dns-name-options-on-launch.enable-resource-name-dns-a-record
- Indicates whether to respond to DNS queries for instance hostnames with DNS A records.private-dns-name-options-on-launch.enable-resource-name-dns-aaaa-record
- Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.state
- The state of the subnet (pending
| available
).subnet-arn
- The Amazon Resource Name (ARN) of the subnet.subnet-id
- The ID of the subnet.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-id
- The ID of the VPC for the subnet.
",
"locationName":"Filter"
},
"SubnetIds":{
"shape":"SubnetIdStringList",
- "documentation":"availability-zone
- The Availability Zone for the subnet. You can also use availabilityZone
as the filter name.availability-zone-id
- The ID of the Availability Zone for the subnet. You can also use availabilityZoneId
as the filter name.available-ip-address-count
- The number of IPv4 addresses in the subnet that are available.cidr-block
- The IPv4 CIDR block of the subnet. The CIDR block you specify must exactly match the subnet's CIDR block for information to be returned for the subnet. You can also use cidr
or cidrBlock
as the filter names.customer-owned-ipv4-pool
- The customer-owned IPv4 address pool associated with the subnet.default-for-az
- Indicates whether this is the default subnet for the Availability Zone (true
| false
). You can also use defaultForAz
as the filter name.enable-dns64
- Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations.enable-lni-at-device-index
- Indicates the device position for local network interfaces in this subnet. For example, 1
indicates local network interfaces in this subnet are the secondary network interface (eth1). ipv6-cidr-block-association.ipv6-cidr-block
- An IPv6 CIDR block associated with the subnet.ipv6-cidr-block-association.association-id
- An association ID for an IPv6 CIDR block associated with the subnet.ipv6-cidr-block-association.state
- The state of an IPv6 CIDR block associated with the subnet.ipv6-native
- Indicates whether this is an IPv6 only subnet (true
| false
).map-customer-owned-ip-on-launch
- Indicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives a customer-owned IPv4 address.map-public-ip-on-launch
- Indicates whether instances launched in this subnet receive a public IPv4 address.outpost-arn
- The Amazon Resource Name (ARN) of the Outpost.owner-id
- The ID of the Amazon Web Services account that owns the subnet.private-dns-name-options-on-launch.hostname-type
- The type of hostname to assign to instances in the subnet at launch. For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an instance DNS name can be based on the instance IPv4 address (ip-name) or the instance ID (resource-name). For IPv6 only subnets, an instance DNS name must be based on the instance ID (resource-name).private-dns-name-options-on-launch.enable-resource-name-dns-a-record
- Indicates whether to respond to DNS queries for instance hostnames with DNS A records.private-dns-name-options-on-launch.enable-resource-name-dns-aaaa-record
- Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.state
- The state of the subnet (pending
| available
).subnet-arn
- The Amazon Resource Name (ARN) of the subnet.subnet-id
- The ID of the subnet.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-id
- The ID of the VPC for the subnet.
",
+ "documentation":"is-classic-link-enabled
- Whether the VPC is enabled for ClassicLink (true
| false
).tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
",
"locationName":"Filter"
},
"DryRun":{
@@ -24054,7 +24054,7 @@
},
"VpcIds":{
"shape":"VpcClassicLinkIdList",
- "documentation":"is-classic-link-enabled
- Whether the VPC is enabled for ClassicLink (true
| false
).tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
",
+ "documentation":"accepter-vpc-info.cidr-block
- The IPv4 CIDR block of the accepter VPC.accepter-vpc-info.owner-id
- The ID of the Amazon Web Services account that owns the accepter VPC.accepter-vpc-info.vpc-id
- The ID of the accepter VPC.expiration-time
- The expiration date and time for the VPC peering connection.requester-vpc-info.cidr-block
- The IPv4 CIDR block of the requester's VPC.requester-vpc-info.owner-id
- The ID of the Amazon Web Services account that owns the requester VPC.requester-vpc-info.vpc-id
- The ID of the requester VPC.status-code
- The status of the VPC peering connection (pending-acceptance
| failed
| expired
| provisioning
| active
| deleting
| deleted
| rejected
).status-message
- A message that provides more information about the status of the VPC peering connection, if applicable.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-peering-connection-id
- The ID of the VPC peering connection.
",
"locationName":"Filter"
},
"DryRun":{
@@ -24340,7 +24340,7 @@
},
"VpcPeeringConnectionIds":{
"shape":"VpcPeeringConnectionIdList",
- "documentation":"accepter-vpc-info.cidr-block
- The IPv4 CIDR block of the accepter VPC.accepter-vpc-info.owner-id
- The ID of the Amazon Web Services account that owns the accepter VPC.accepter-vpc-info.vpc-id
- The ID of the accepter VPC.expiration-time
- The expiration date and time for the VPC peering connection.requester-vpc-info.cidr-block
- The IPv4 CIDR block of the requester's VPC.requester-vpc-info.owner-id
- The ID of the Amazon Web Services account that owns the requester VPC.requester-vpc-info.vpc-id
- The ID of the requester VPC.status-code
- The status of the VPC peering connection (pending-acceptance
| failed
| expired
| provisioning
| active
| deleting
| deleted
| rejected
).status-message
- A message that provides more information about the status of the VPC peering connection, if applicable.tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-peering-connection-id
- The ID of the VPC peering connection.
",
+ "documentation":"cidr
- The primary IPv4 CIDR block of the VPC. The CIDR block you specify must exactly match the VPC's CIDR block for information to be returned for the VPC. Must contain the slash followed by one or two digits (for example, /28
).cidr-block-association.cidr-block
- An IPv4 CIDR block associated with the VPC.cidr-block-association.association-id
- The association ID for an IPv4 CIDR block associated with the VPC.cidr-block-association.state
- The state of an IPv4 CIDR block associated with the VPC.dhcp-options-id
- The ID of a set of DHCP options.ipv6-cidr-block-association.ipv6-cidr-block
- An IPv6 CIDR block associated with the VPC.ipv6-cidr-block-association.ipv6-pool
- The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.ipv6-cidr-block-association.association-id
- The association ID for an IPv6 CIDR block associated with the VPC.ipv6-cidr-block-association.state
- The state of an IPv6 CIDR block associated with the VPC.is-default
- Indicates whether the VPC is the default VPC.owner-id
- The ID of the Amazon Web Services account that owns the VPC.state
- The state of the VPC (pending
| available
).tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-id
- The ID of the VPC.
",
"locationName":"Filter"
},
"VpcIds":{
"shape":"VpcIdStringList",
- "documentation":"cidr
- The primary IPv4 CIDR block of the VPC. The CIDR block you specify must exactly match the VPC's CIDR block for information to be returned for the VPC. Must contain the slash followed by one or two digits (for example, /28
).cidr-block-association.cidr-block
- An IPv4 CIDR block associated with the VPC.cidr-block-association.association-id
- The association ID for an IPv4 CIDR block associated with the VPC.cidr-block-association.state
- The state of an IPv4 CIDR block associated with the VPC.dhcp-options-id
- The ID of a set of DHCP options.ipv6-cidr-block-association.ipv6-cidr-block
- An IPv6 CIDR block associated with the VPC.ipv6-cidr-block-association.ipv6-pool
- The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.ipv6-cidr-block-association.association-id
- The association ID for an IPv6 CIDR block associated with the VPC.ipv6-cidr-block-association.state
- The state of an IPv6 CIDR block associated with the VPC.is-default
- Indicates whether the VPC is the default VPC.owner-id
- The ID of the Amazon Web Services account that owns the VPC.state
- The state of the VPC (pending
| available
).tag
:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner
and the value TeamA
, specify tag:Owner
for the filter name and TeamA
for the filter value.tag-key
- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.vpc-id
- The ID of the VPC.KmsKeyId
is specified, the Encrypted
flag must also be set.
arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias
namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the key
namespace, and then the key ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias
namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. KmsKeyId
asynchronously, meaning that the action you call may appear to complete even though you provided an invalid identifier. This action will eventually report failure. KmsKeyId
is specified, the Encrypted
flag must also be set.
arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the key
namespace, and then the key ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias
namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. KmsKeyId
asynchronously, meaning that the action you call may appear to complete even though you provided an invalid identifier. This action will eventually report failure. Windows
| Linux
Windows
| Linux
KmsKeyId
is specified, the Encrypted
flag must also be set.
arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias
namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the key
namespace, and then the key ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias
namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. KmsKeyId
asynchronously, meaning that the action you call may appear to complete even though you provided an invalid identifier. This action will eventually report failure. KmsKeyId
is specified, the Encrypted
flag must also be set.
arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the key
namespace, and then the key ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.arn:aws:kms
namespace, followed by the Region of the key, the Amazon Web Services account ID of the key owner, the alias
namespace, and then the key alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. KmsKeyId
asynchronously, meaning that the action you call may appear to complete even though you provided an invalid identifier. This action will eventually report failure.
AllowedInstanceTypes
- The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.ExcludedInstanceTypes
- The instance types to exclude from the list, even if they match your specified attributes.VCpuCount
and MemoryMiB
. All other attributes are optional. Any unspecified optional attribute is set to its default.VCpuCount
and MemoryMiB
. All other attributes are optional. Any unspecified optional attribute is set to its default.
AllowedInstanceTypes
- The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.ExcludedInstanceTypes
- The instance types to exclude from the list, even if they match your specified attributes.InstanceRequirements
, you can't specify InstanceType
.InstanceRequirements
.
AllowedInstanceTypes
- The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.ExcludedInstanceTypes
- The instance types to exclude from the list, even if they match your specified attributes.VCpuCount
and MemoryMiB
. All other attributes are optional. Any unspecified optional attribute is set to its default.VCpuCount
and MemoryMiB
. All other attributes are optional. Any unspecified optional attribute is set to its default.
AllowedInstanceTypes
- The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.ExcludedInstanceTypes
- The instance types to exclude from the list, even if they match your specified attributes.InstanceRequirements
, you can't specify InstanceType
.InstanceRequirements
.tcp
, udp
, icmp
, icmpv6
) or number (see Protocol Numbers).-1
to specify all protocols. When authorizing security group rules, specifying -1
or a protocol number other than tcp
, udp
, icmp
, or icmpv6
allows traffic on all ports, regardless of any port range you specify. For tcp
, udp
, and icmp
, you must specify a port range. For icmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.tcp
, udp
, icmp
, icmpv6
) or number (see Protocol Numbers).-1
to specify all protocols. When authorizing security group rules, specifying -1
or a protocol number other than tcp
, udp
, icmp
, or icmpv6
allows traffic on all ports, regardless of any port range you specify. For tcp
, udp
, and icmp
, you must specify a port range. For icmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.InstanceRequirements
, you can't specify InstanceType
.VCpuCount
and MemoryMiB
. All other attributes are optional. Any unspecified optional attribute is set to its default.
AllowedInstanceTypes
- The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.ExcludedInstanceTypes
- The instance types to exclude from the list, even if they match your specified attributes.InstanceRequirements
, you can't specify InstanceType
.InstanceRequirements
.m1.small
ACTIVE
data store. The import job imports DICOM P10 files found in the S3 prefix specified by the inputS3Uri
parameter. The import job stores processing results in the file specified by the outputS3Uri
parameter.yyMMdd
format.HHmmss.FFFFFF
format.ImageSetMetadata
.ImageSetMetadata
.removableAttributes
and updatableAttributes
.application/octet-stream
.text/plain
.1985-04-12T23:20:50.52Z
format.removableAttributes
and updatableAttributes
.imageSetDateTime
.SearchByAttribute
.
"
+}
diff --git a/services/medicalimaging/src/main/resources/codegen-resources/waiters-2.json b/services/medicalimaging/src/main/resources/codegen-resources/waiters-2.json
new file mode 100644
index 000000000000..13f60ee66be6
--- /dev/null
+++ b/services/medicalimaging/src/main/resources/codegen-resources/waiters-2.json
@@ -0,0 +1,5 @@
+{
+ "version": 2,
+ "waiters": {
+ }
+}
From 77ecd13d7974e9a4cfb4c5f5f3ecf85f9cfd6c1a Mon Sep 17 00:00:00 2001
From: AWS <>
Date: Wed, 19 Jul 2023 18:08:00 +0000
Subject: [PATCH 10/13] Amazon Managed Grafana Update: Amazon Managed Grafana
now supports grafanaVersion update for existing workspaces with
UpdateWorkspaceConfiguration API. DescribeWorkspaceConfiguration API
additionally returns grafanaVersion. A new ListVersions API lists available
versions or, if given a workspaceId, the versions it can upgrade to.
---
.../feature-AmazonManagedGrafana-381cac5.json | 6 ++
.../codegen-resources/paginators-1.json | 6 ++
.../codegen-resources/service-2.json | 88 +++++++++++++++++--
3 files changed, 93 insertions(+), 7 deletions(-)
create mode 100644 .changes/next-release/feature-AmazonManagedGrafana-381cac5.json
diff --git a/.changes/next-release/feature-AmazonManagedGrafana-381cac5.json b/.changes/next-release/feature-AmazonManagedGrafana-381cac5.json
new file mode 100644
index 000000000000..0ac9ed5f29a3
--- /dev/null
+++ b/.changes/next-release/feature-AmazonManagedGrafana-381cac5.json
@@ -0,0 +1,6 @@
+{
+ "type": "feature",
+ "category": "Amazon Managed Grafana",
+ "contributor": "",
+ "description": "Amazon Managed Grafana now supports grafanaVersion update for existing workspaces with UpdateWorkspaceConfiguration API. DescribeWorkspaceConfiguration API additionally returns grafanaVersion. A new ListVersions API lists available versions or, if given a workspaceId, the versions it can upgrade to."
+}
diff --git a/services/grafana/src/main/resources/codegen-resources/paginators-1.json b/services/grafana/src/main/resources/codegen-resources/paginators-1.json
index 0edc06932815..f2e804d5bb85 100644
--- a/services/grafana/src/main/resources/codegen-resources/paginators-1.json
+++ b/services/grafana/src/main/resources/codegen-resources/paginators-1.json
@@ -6,6 +6,12 @@
"limit_key": "maxResults",
"result_key": "permissions"
},
+ "ListVersions": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "grafanaVersions"
+ },
"ListWorkspaces": {
"input_token": "nextToken",
"output_token": "nextToken",
diff --git a/services/grafana/src/main/resources/codegen-resources/service-2.json b/services/grafana/src/main/resources/codegen-resources/service-2.json
index 948c219ad7a8..270eaa088518 100644
--- a/services/grafana/src/main/resources/codegen-resources/service-2.json
+++ b/services/grafana/src/main/resources/codegen-resources/service-2.json
@@ -216,6 +216,24 @@
],
"documentation":"ListTagsForResource
operation returns the tags that are associated with the Amazon Managed Service for Grafana resource specified by the resourceArn
. Currently, the only resource that can be tagged is a workspace. CreateWorkspace
. Optionally, include a workspace to list the versions to which it can be upgraded.8.4
and 9.4
.ListVersions
operation.ListVersions
operation.CreateWorkspace
.ListVersions
operation to return the next set of results.pl-1a2b3c4d
.pl-1a2b3c4d
.NetworkAccessConfiguration
is specified then only VPC endpoints specified here will be allowed to access the workspace.vpce-1a2b3c4d
.com.amazonaws.[region].grafana-workspace
service endpoint). Other VPC endpoints will be ignored.NetworkAccessConfiguration
is specified then only VPC endpoints specified here are allowed to access the workspace. If you pass in an empty array of strings, then no VPCs are allowed to access the workspace.vpce-1a2b3c4d
.com.amazonaws.[region].grafana-workspace
service endpoint). Other VPC endpoints are ignored.prefixListIds
and vpceIds
are required, you can pass in an empty array of strings for either parameter if you do not want to allow any of that type.ListVersions
operation.securityGroupIds
and subnetIds
must be part of the same VPC.securityGroupIds
and subnetIds
must be part of the same VPC.SELF
is specified. Use SELF
for stack sets with self-managed permissions.
"
+ },
+ "TemplateSummaryConfig":{
+ "shape":"TemplateSummaryConfig",
+ "documentation":"SELF
.DELEGATED_ADMIN
.GetTemplateSummary
API action.BucketName
is a possible identifier property for an AWS::S3::Bucket
resource.True
, any unrecognized resource types generate warnings and not an error. Any unrecognized resource types are returned in the Warnings
output parameter.GetTemplateSummary
API action.TemplateSummaryConfig
parameter has the TreatUnrecognizedResourceTypesAsWarning
configuration set to True
.GetTemplateSummary
API action.All
, IncludedCookies
, or ExcludedCookies
.\"MatchPattern\": { \"IncludedCookies\": {\"KeyToInclude1\", \"KeyToInclude2\", \"KeyToInclude3\"} }
All
, IncludedCookies
, or ExcludedCookies
.\"MatchPattern\": { \"IncludedCookies\": [ \"session-id-time\", \"session-id\" ] }
All
, IncludedCookies
, or ExcludedCookies
.\"MatchPattern\": { \"IncludedCookies\": {\"KeyToInclude1\", \"KeyToInclude2\", \"KeyToInclude3\"} }
All
, IncludedCookies
, or ExcludedCookies
.\"MatchPattern\": { \"IncludedCookies\": [ \"session-id-time\", \"session-id\" ] }
All
, IncludedHeaders
, or ExcludedHeaders
.\"MatchPattern\": { \"ExcludedHeaders\": {\"KeyToExclude1\", \"KeyToExclude2\"} }
All
, IncludedHeaders
, or ExcludedHeaders
.\"MatchPattern\": { \"ExcludedHeaders\": [ \"KeyToExclude1\", \"KeyToExclude2\" ] }
All
, IncludedHeaders
, or ExcludedHeaders
.\"MatchPattern\": { \"ExcludedHeaders\": {\"KeyToExclude1\", \"KeyToExclude2\"} }
All
, IncludedHeaders
, or ExcludedHeaders
.\"MatchPattern\": { \"ExcludedHeaders\": [ \"KeyToExclude1\", \"KeyToExclude2\" ] }
FieldToMatch
request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the component contents.