Ec2Client
Amazon Elastic Compute Cloud
You can access the features of Amazon Elastic Compute Cloud (Amazon EC2) programmatically. For more information, see the Amazon EC2 Developer Guide.
Functions
Accepts an Elastic IP address transfer. For more information, see Accept a transferred Elastic IP address in the Amazon VPC User Guide.
Accepts a request to assign billing of the available capacity of a shared Capacity Reservation to your account. For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
Accepts the Convertible Reserved Instance exchange quote described in the GetReservedInstancesExchangeQuote call.
Accepts a request to associate subnets with a transit gateway multicast domain.
Accepts a transit gateway peering attachment request. The peering attachment must be in the pendingAcceptance state.
Accepts a request to attach a VPC to a transit gateway.
Accepts connection requests to your VPC endpoint service.
Accept a VPC peering connection request. To accept a request, the VPC peering connection must be in the pending-acceptance state, and you must be the owner of the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC peering connection requests.
Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).
Allocates an Elastic IP address to your Amazon Web Services account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different Amazon Web Services account.
Allocates a Dedicated Host to your account. At a minimum, specify the supported instance type or instance family, the Availability Zone in which to allocate the host, and the number of hosts to allocate.
Allocate a CIDR from an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations.
Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups.
Assigns the specified IPv6 addresses to the specified network interface. You can specify specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from the subnet's IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies by instance type.
Assigns the specified secondary private IP addresses to the specified network interface.
Assigns private IPv4 addresses to a private NAT gateway. For more information, see Work with NAT gateways in the Amazon VPC User Guide.
Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account.
Initiates a request to assign billing of the unused capacity of a shared Capacity Reservation to a consumer account that is consolidated under the same Amazon Web Services organizations payer account. For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.
Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC.
Associates an Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the Amazon Web Services Nitro Enclaves User Guide.
Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance.
Associates one or more targets with an event window. Only one type of target (instance IDs, Dedicated Host IDs, or tags) can be specified with an event window.
Associates your Autonomous System Number (ASN) with a BYOIP CIDR that you own in the same Amazon Web Services Region. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
Associates an IPAM resource discovery with an Amazon VPC IPAM. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Associates Elastic IP addresses (EIPs) and private IPv4 addresses with a public NAT gateway. For more information, see Work with NAT gateways in the Amazon VPC User Guide.
Associates a route server with a VPC to enable dynamic route updates.
Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC. This association causes traffic from the subnet or gateway to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table later. A route table can be associated with multiple subnets.
Associates a security group with another VPC in the same Region. This enables you to use the same security group with network interfaces and instances in the specified VPC.
Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet.
Associates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain.
Associates the specified transit gateway attachment with a transit gateway policy table.
Associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment.
Associates a branch network interface with a trunk network interface.
Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).
This action is deprecated.
Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC. For more information, see Internet gateways in the Amazon VPC User Guide.
Attaches a network interface to an instance.
Attaches the specified Amazon Web Services Verified Access trust provider to the specified Amazon Web Services Verified Access instance.
Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.
Attaches an available virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time.
Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in Amazon Web Services or on-premises networks.
Adds the specified outbound (egress) rules to a security group.
Adds the specified inbound (ingress) rules to a security group.
Bundles an Amazon instance store-backed Windows instance.
Cancels a bundling operation for an instance store-backed Windows instance.
Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation's state to cancelled.
Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity Reservation Fleet, the following happens:
Cancels an active conversion task. The task can be the import of an instance or volume. The action removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is in the process of transferring the final disk image, the command fails and returns an exception.
Cancels the generation of an account status report.
Cancels an active export task. The request removes all artifacts of the export, including any partially-created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk image, the command fails and returns an error.
Removes your Amazon Web Services account from the launch permissions for the specified AMI. For more information, see Cancel having an AMI shared with your Amazon Web Services account in the Amazon EC2 User Guide.
Cancels an in-process import virtual machine or import snapshot task.
Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.
Cancels the specified Spot Fleet requests.
Cancels one or more Spot Instance requests.
Determines whether a product code is associated with an instance. This action can only be used by the owner of the product code. It is useful when a product code owner must verify whether another user's instance is eligible for support.
Copies the specified Amazon FPGA Image (AFI) to the current Region.
Initiates an AMI copy operation. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.
Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a snapshot within the same Region, from one Region to another, or from a Region to an Outpost. You can't copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.
Creates a new Capacity Reservation with the specified attributes. Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration.
Create a new Capacity Reservation by splitting the capacity of the source Capacity Reservation. The new Capacity Reservation will have the same attributes as the source Capacity Reservation except for tags. The source Capacity Reservation must be active and owned by your Amazon Web Services account.
Creates a Capacity Reservation Fleet. For more information, see Create a Capacity Reservation Fleet in the Amazon EC2 User Guide.
Creates a carrier gateway. For more information about carrier gateways, see Carrier gateways in the Amazon Web Services Wavelength Developer Guide.
Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated.
Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks.
Creates a range of customer-owned IP addresses.
Creates a pool of customer-owned IP (CoIP) addresses.
Provides information to Amazon Web Services about your customer gateway device. The customer gateway device is the appliance at your end of the VPN connection. You must provide the IP address of the customer gateway device’s external interface. The IP address must be static and can be behind a device performing network address translation (NAT).
Creates a default subnet with a size /20 IPv4 CIDR block in the specified Availability Zone in your default VPC. You can have only one default subnet per Availability Zone. For more information, see Create a default subnet in the Amazon VPC User Guide.
Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPCs in the Amazon VPC User Guide. You cannot specify the components of the default VPC yourself.
Creates a custom set of DHCP options. After you create a DHCP option set, you associate it with a VPC. After you associate a DHCP option set with a VPC, all existing and newly launched instances in the VPC use this set of DHCP options.
[IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.
Creates an EC2 Fleet that contains the configuration information for On-Demand Instances and Spot Instances. Instances are launched immediately if there is available capacity.
Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC.
Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).
Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.
Creates an EC2 Instance Connect Endpoint.
Creates an event window in which scheduled events for the associated Amazon EC2 instances can run.
Exports a running or stopped instance to an Amazon S3 bucket.
Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway.
Create an IPAM. Amazon VPC IP Address Manager (IPAM) is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization.
Create a verification token. A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.
Creates an IPAM resource discovery. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Create an IPAM scope. In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.
Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified format. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.
Creates a launch template.
Creates a new version of a launch template. You must specify an existing launch template, either by name or ID. You can determine whether the new version inherits parameters from a source version, and add or overwrite parameters as needed.
Creates a static route for the specified local gateway route table. You must specify one of the following targets:
Creates a local gateway route table.
Creates a local gateway route table virtual interface group association.
Associates the specified VPC with the specified local gateway route table.
Creates a managed prefix list. You can specify entries for the prefix list. Each entry consists of a CIDR block and an optional description.
Creates a NAT gateway in the specified subnet. This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. You can create either a public NAT gateway or a private NAT gateway.
Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC.
Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules.
Creates a Network Access Scope.
Creates a path to analyze for reachability.
Creates a network interface in the specified subnet.
Grants an Amazon Web Services-authorized account permission to attach the specified network interface to an instance in their account.
Creates a placement group in which to launch instances. The strategy of the placement group determines how the instances are organized within the group.
Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only. To monitor the status of pool creation, use DescribePublicIpv4Pools.
Replaces the EBS-backed root volume for a running instance with a new volume that is restored to the original root volume's launch state, that is restored to a specific snapshot taken from the original root volume, or that is restored from an AMI that has the same key characteristics as that of the instance.
Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace. You can submit one Standard Reserved Instance listing at a time. To get a list of your Standard Reserved Instances, you can use the DescribeReservedInstances operation.
Starts a task that restores an AMI from an Amazon S3 object that was previously created by using CreateStoreImageTask.
Creates a route in a route table within a VPC.
Creates a new route server to manage dynamic routing in a VPC.
Creates a new endpoint for a route server in a specified subnet.
Creates a new BGP peer for a specified route server endpoint.
Creates a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet.
Creates a security group.
Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance.
Creates crash-consistent snapshots of multiple EBS volumes attached to an Amazon EC2 instance. Volumes are chosen by specifying an instance. Each volume attached to the specified instance will produce one snapshot that is crash-consistent across the instance. You can include all of the volumes currently attached to the instance, or you can exclude the root volume or specific data (non-root) volumes from the multi-volume snapshot set.
Creates a data feed for Spot Instances, enabling you to view Spot Instance usage logs. You can create one data feed per Amazon Web Services account. For more information, see Spot Instance data feed in the Amazon EC2 User Guide.
Stores an AMI as a single object in an Amazon S3 bucket.
Creates a subnet in the specified VPC. For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block.
Creates a subnet CIDR reservation. For more information, see Subnet CIDR reservations in the Amazon VPC User Guide and Manage prefixes for your network interfaces in the Amazon EC2 User Guide.
Adds or overwrites only the specified tags for the specified Amazon EC2 resource or resources. When you specify an existing tag key, the value is overwritten with the new value. Each resource can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique per resource.
Creates a Traffic Mirror filter.
Creates a Traffic Mirror filter rule.
Creates a Traffic Mirror session.
Creates a target for your Traffic Mirror session.
Creates a transit gateway.
Creates a Connect attachment from a specified transit gateway attachment. A Connect attachment is a GRE-based tunnel attachment that you can use to establish a connection between a transit gateway and an appliance.
Creates a Connect peer for a specified transit gateway Connect attachment between a transit gateway and an appliance.
Creates a multicast domain using the specified transit gateway.
Requests a transit gateway peering attachment between the specified transit gateway (requester) and a peer transit gateway (accepter). The peer transit gateway can be in your account or a different Amazon Web Services account.
Creates a transit gateway policy table.
Creates a reference (route) to a prefix list in a specified transit gateway route table.
Creates a static route for the specified transit gateway route table.
Creates a route table for the specified transit gateway.
Advertises a new transit gateway route table.
Attaches the specified VPC to the specified transit gateway.
An Amazon Web Services Verified Access endpoint is where you define your application along with an optional endpoint-level access policy.
An Amazon Web Services Verified Access group is a collection of Amazon Web Services Verified Access endpoints who's associated applications have similar security requirements. Each instance within a Verified Access group shares an Verified Access policy. For example, you can group all Verified Access instances associated with "sales" applications together and use one common Verified Access policy.
An Amazon Web Services Verified Access instance is a regional entity that evaluates application requests and grants access only when your security requirements are met.
A trust provider is a third-party entity that creates, maintains, and manages identity information for users and devices. When an application request is made, the identity information sent by the trust provider is evaluated by Verified Access before allowing or denying the application request.
Creates an EBS volume that can be attached to an instance in the same Availability Zone.
Creates a VPC with the specified CIDR blocks. For more information, see IP addressing for your VPCs and subnets in the Amazon VPC User Guide.
Create a VPC Block Public Access (BPA) exclusion. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
Creates a VPC endpoint. A VPC endpoint provides a private connection between the specified VPC and the specified endpoint service. You can use an endpoint service provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or another Amazon Web Services account. For more information, see the Amazon Web Services PrivateLink User Guide.
Creates a connection notification for a specified VPC endpoint or VPC endpoint service. A connection notification notifies you of specific endpoint events. You must create an SNS topic to receive notifications. For more information, see Creating an Amazon SNS topic in the Amazon SNS Developer Guide.
Creates a VPC endpoint service to which service consumers (Amazon Web Services accounts, users, and IAM roles) can connect.
Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to another Amazon Web Services account and can be in a different Region to the requester VPC. The requester VPC and accepter VPC cannot have overlapping CIDR blocks.
Creates a VPN connection between an existing virtual private gateway or transit gateway and a customer gateway. The supported connection type is ipsec.1.
Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.
Creates a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself.
Deletes a carrier gateway.
Deletes the specified Client VPN endpoint. You must disassociate all target networks before you can delete a Client VPN endpoint.
Deletes a route from a Client VPN endpoint. You can only delete routes that you manually added using the CreateClientVpnRoute action. You cannot delete routes that were automatically added when associating a subnet. To remove routes that have been automatically added, disassociate the target subnet from the Client VPN endpoint.
Deletes a range of customer-owned IP addresses.
Deletes a pool of customer-owned IP (CoIP) addresses.
Deletes the specified customer gateway. You must delete the VPN connection before you can delete the customer gateway.
Deletes the specified set of DHCP options. You must disassociate the set of DHCP options before you can delete it. You can disassociate the set of DHCP options by associating either a new set of options or the default set of options with the VPC.
Deletes an egress-only internet gateway.
Deletes the specified EC2 Fleet request.
Deletes one or more flow logs.
Deletes the specified Amazon FPGA Image (AFI).
Deletes the specified EC2 Instance Connect Endpoint.
Deletes the specified event window.
Deletes the specified internet gateway. You must detach the internet gateway from the VPC before you can delete it.
Delete an IPAM. Deleting an IPAM removes all monitored data associated with the IPAM including the historical data for CIDRs.
Delete a verification token. A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
Delete an IPAM pool.
Deletes an IPAM resource discovery. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Delete the scope for an IPAM. You cannot delete the default scopes.
Deletes the specified key pair, by removing the public key from Amazon EC2.
Deletes a launch template. Deleting a launch template deletes all of its versions.
Deletes one or more versions of a launch template.
Deletes the specified route from the specified local gateway route table.
Deletes a local gateway route table.
Deletes a local gateway route table virtual interface group association.
Deletes the specified association between a VPC and local gateway route table.
Deletes the specified managed prefix list. You must first remove all references to the prefix list in your resources.
Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates its Elastic IP address, but does not release the address from your account. Deleting a NAT gateway does not delete any NAT gateway routes in your route tables.
Deletes the specified network ACL. You can't delete the ACL if it's associated with any subnets. You can't delete the default network ACL.
Deletes the specified ingress or egress entry (rule) from the specified network ACL.
Deletes the specified Network Access Scope.
Deletes the specified Network Access Scope analysis.
Deletes the specified network insights analysis.
Deletes the specified path.
Deletes the specified network interface. You must detach the network interface before you can delete it.
Deletes a permission for a network interface. By default, you cannot delete the permission if the account for which you're removing the permission has attached the network interface to an instance. However, you can force delete the permission, regardless of any attachment.
Deletes the specified placement group. You must terminate all instances in the placement group before you can delete the placement group. For more information, see Placement groups in the Amazon EC2 User Guide.
Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only.
Deletes the queued purchases for the specified Reserved Instances.
Deletes the specified route from the specified route table.
Deletes the specified route server.
Deletes the specified route server endpoint.
Deletes the specified BGP peer from a route server.
Deletes the specified route table. You must disassociate the route table from any subnets before you can delete it. You can't delete the main route table.
Deletes a security group.
Deletes the specified snapshot.
Deletes the data feed for Spot Instances.
Deletes the specified subnet. You must terminate all running instances in the subnet before you can delete the subnet.
Deletes a subnet CIDR reservation.
Deletes the specified set of tags from the specified set of resources.
Deletes the specified Traffic Mirror filter.
Deletes the specified Traffic Mirror rule.
Deletes the specified Traffic Mirror session.
Deletes the specified Traffic Mirror target.
Deletes the specified transit gateway.
Deletes the specified Connect attachment. You must first delete any Connect peers for the attachment.
Deletes the specified Connect peer.
Deletes the specified transit gateway multicast domain.
Deletes a transit gateway peering attachment.
Deletes the specified transit gateway policy table.
Deletes a reference (route) to a prefix list in a specified transit gateway route table.
Deletes the specified route from the specified transit gateway route table.
Deletes the specified transit gateway route table. If there are any route tables associated with the transit gateway route table, you must first run DisassociateRouteTable before you can delete the transit gateway route table. This removes any route tables associated with the transit gateway route table.
Advertises to the transit gateway that a transit gateway route table is deleted.
Deletes the specified VPC attachment.
Delete an Amazon Web Services Verified Access endpoint.
Delete an Amazon Web Services Verified Access group.
Delete an Amazon Web Services Verified Access instance.
Delete an Amazon Web Services Verified Access trust provider.
Deletes the specified EBS volume. The volume must be in the available state (not attached to an instance).
Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on. When you delete the VPC, it deletes the default security group, network ACL, and route table for the VPC.
Delete a VPC Block Public Access (BPA) exclusion. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
Deletes the specified VPC endpoint connection notifications.
Deletes the specified VPC endpoints.
Deletes the specified VPC endpoint service configurations. Before you can delete an endpoint service configuration, you must reject any Available or PendingAcceptance interface endpoint connections that are attached to the service.
Deletes a VPC peering connection. Either the owner of the requester VPC or the owner of the accepter VPC can delete the VPC peering connection if it's in the active state. The owner of the requester VPC can delete a VPC peering connection in the pending-acceptance state. You cannot delete a VPC peering connection that's in the failed or rejected state.
Deletes the specified VPN connection.
Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.
Deletes the specified virtual private gateway. You must first detach the virtual private gateway from the VPC. Note that you don't need to delete the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and your network.
Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.
Deprovisions your Autonomous System Number (ASN) from your Amazon Web Services account. This action can only be called after any BYOIP CIDR associations are removed from your Amazon Web Services account with DisassociateIpamByoasn. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from a pool that has a source pool, the CIDR is recycled back into the source pool. For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User Guide.
Deprovision a CIDR from a public IPv4 pool.
Deregisters the specified AMI. A deregistered AMI can't be used to launch new instances.
Deregisters tag keys to prevent tags that have the specified tag keys from being included in scheduled event notifications for resources in the Region.
Deregisters the specified members (network interfaces) from the transit gateway multicast group.
Deregisters the specified sources (network interfaces) from the transit gateway multicast group.
Describes attributes of your Amazon Web Services account. The following are the supported account attributes:
Describes the specified Elastic IP addresses or all of your Elastic IP addresses.
Describes the attributes of the specified Elastic IP addresses. For requirements, see Using reverse DNS for email applications.
Describes an Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.
Describes the longer ID format settings for all resource types in a specific Region. This request is useful for performing a quick audit to determine whether a specific Region is fully opted in for longer IDs (17-character IDs).
Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to you.
Describes the current Infrastructure Performance metric subscriptions.
Describes the specified bundle tasks or all of your bundle tasks.
Describes the IP address ranges that were specified in calls to ProvisionByoipCidr.
Describes the events for the specified Capacity Block extension during the specified time.
Describes Capacity Block extension offerings available for purchase in the Amazon Web Services Region that you're currently using.
Describes Capacity Block offerings available for purchase in the Amazon Web Services Region that you're currently using. With Capacity Blocks, you purchase a specific instance type for a period of time.
Describes a request to assign the billing of the unused capacity of a Capacity Reservation. For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
Describes one or more Capacity Reservation Fleets.
Describes one or more of your Capacity Reservations. The results describe only the Capacity Reservations in the Amazon Web Services Region that you're currently using.
Describes one or more of your carrier gateways.
This action is deprecated.
Describes the authorization rules for a specified Client VPN endpoint.
Describes active client connections and connections that have been terminated within the last 60 minutes for the specified Client VPN endpoint.
Describes one or more Client VPN endpoints in the account.
Describes the routes for the specified Client VPN endpoint.
Describes the target networks associated with the specified Client VPN endpoint.
Describes the specified customer-owned address pools or all of your customer-owned address pools.
Describes the specified conversion tasks or all your conversion tasks. For more information, see the VM Import/Export User Guide.
Describes one or more of your VPN customer gateways.
Describes the metadata of an account status report, including the status of the report.
Describes your DHCP option sets. The default is to describe all your DHCP option sets. Alternatively, you can specify specific DHCP option set IDs or filter the results to include only the DHCP option sets that match specific criteria.
Describes your egress-only internet gateways. The default is to describe all your egress-only internet gateways. Alternatively, you can specify specific egress-only internet gateway IDs or filter the results to include only the egress-only internet gateways that match specific criteria.
Amazon Elastic Graphics reached end of life on January 8, 2024.
Describes the specified export image tasks or all of your export image tasks.
Describes the specified export instance tasks or all of your export instance tasks.
Describe details for Windows AMIs that are configured for Windows fast launch.
Describes the state of fast snapshot restores for your snapshots.
Describes the events for the specified EC2 Fleet during the specified time.
Describes the running instances for the specified EC2 Fleet.
Describes the specified EC2 Fleet or all of your EC2 Fleets.
Describes one or more flow logs.
Describes the specified attribute of the specified Amazon FPGA Image (AFI).
Describes the Amazon FPGA Images (AFIs) available to you. These include public AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services accounts for which you have load permissions.
Describes the Dedicated Host reservations that are available to purchase.
Describes reservations that are associated with Dedicated Hosts in your account.
Describes the specified Dedicated Hosts or all your Dedicated Hosts.
Describes your IAM instance profile associations.
Describes the ID format settings for resources for the specified IAM user, IAM role, or root user. For example, you can view the resource types that are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.
Describes the ID format settings for your resources on a per-Region basis, for example, to view which resource types are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types.
Describes the specified attribute of the specified AMI. You can specify only one attribute at a time.
Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.
Displays details about an import virtual machine or import snapshot tasks that are already created.
Describes your import snapshot tasks.
Describes the specified attribute of the specified instance. You can specify only one attribute at a time.
Describes the specified EC2 Instance Connect Endpoints or all EC2 Instance Connect Endpoints.
Describes the credit option for CPU usage of the specified burstable performance instances. The credit options are standard and unlimited.
Describes the tag keys that are registered to appear in scheduled event notifications for resources in the current Region.
Describes the specified event windows or all event windows.
Describes the AMI that was used to launch an instance, even if the AMI is deprecated, deregistered, made private (no longer public or shared with your account), or not allowed.
Describes the specified instances or all instances.
Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.
Describes a tree-based hierarchy that represents the physical host placement of your EC2 instances within an Availability Zone or Local Zone. You can use this information to determine the relative proximity of your EC2 instances within the Amazon Web Services network to support your tightly coupled workloads.
Lists the instance types that are offered for the specified location. If no location is specified, the default is to list the instance types that are offered in the current Region.
Describes the specified instance types. By default, all instance types for the current Region are described. Alternatively, you can filter the results.
Describes your internet gateways. The default is to describe all your internet gateways. Alternatively, you can specify specific internet gateway IDs or filter the results to include only the internet gateways that match specific criteria.
Describes your Autonomous System Numbers (ASNs), their provisioning statuses, and the BYOIP CIDRs with which they are associated. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
Describe verification tokens. A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
Get information about your IPAM pools.
Describes IPAM resource discoveries. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Describes resource discovery association with an Amazon VPC IPAM. An associated resource discovery is a resource discovery that has been associated with an IPAM..
Get information about your IPAM pools.
Get information about your IPAM scopes.
Describes your IPv6 address pools.
Describes the specified key pairs or all of your key pairs.
Describes one or more launch templates.
Describes one or more versions of a specified launch template. You can describe all versions, individual versions, or a range of versions. You can also describe all the latest versions or all the default versions of all the launch templates in your account.
Describes one or more local gateway route tables. By default, all local gateway route tables are described. Alternatively, you can filter the results.
Describes the associations between virtual interface groups and local gateway route tables.
Describes the specified associations between VPCs and local gateway route tables.
Describes one or more local gateways. By default, all local gateways are described. Alternatively, you can filter the results.
Describes the specified local gateway virtual interface groups.
Describes the specified local gateway virtual interfaces.
Describes the lock status for a snapshot.
Describes the specified EC2 Mac Dedicated Host or all of your EC2 Mac Dedicated Hosts.
Describes your managed prefix lists and any Amazon Web Services-managed prefix lists.
This action is deprecated.
Describes your NAT gateways. The default is to describe all your NAT gateways. Alternatively, you can specify specific NAT gateway IDs or filter the results to include only the NAT gateways that match specific criteria.
Describes your network ACLs. The default is to describe all your network ACLs. Alternatively, you can specify specific network ACL IDs or filter the results to include only the network ACLs that match specific criteria.
Describes the specified Network Access Scope analyses.
Describes the specified Network Access Scopes.
Describes one or more of your network insights analyses.
Describes one or more of your paths.
Describes a network interface attribute. You can specify only one attribute at a time.
Describes the permissions for your network interfaces.
Describes the specified network interfaces or all your network interfaces.
Describes the specified placement groups or all of your placement groups.
Describes available Amazon Web Services services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.
Describes the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference.
Describes the specified IPv4 address pools.
Describes the Regions that are enabled for your account, or all Regions.
Describes a root volume replacement task. For more information, see Replace a root volume in the Amazon EC2 User Guide.
Describes one or more of the Reserved Instances that you purchased.
Describes your account's Reserved Instance listings in the Reserved Instance Marketplace.
Describes the modifications made to your Reserved Instances. If no parameter is specified, information about all your Reserved Instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned.
Describes Reserved Instance offerings that are available for purchase. With Reserved Instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.
Describes one or more route server endpoints.
Describes one or more route server peers.
Describes one or more route servers.
Describes your route tables. The default is to describe all your route tables. Alternatively, you can specify specific route table IDs or filter the results to include only the route tables that match specific criteria.
Finds available schedules that meet the specified criteria.
Describes the specified Scheduled Instances or all your Scheduled Instances.
Describes the VPCs on the other side of a VPC peering or Transit Gateway connection that are referencing the security groups you've specified in this request.
Describes one or more of your security group rules.
Describes the specified security groups or all of your security groups.
Describes security group VPC associations made with AssociateSecurityGroupVpc.
Describes the specified attribute of the specified snapshot. You can specify only one attribute at a time.
Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you.
Describes the storage tier status of one or more Amazon EBS snapshots.
Describes the data feed for Spot Instances. For more information, see Spot Instance data feed in the Amazon EC2 User Guide.
Describes the running instances for the specified Spot Fleet.
Describes the events for the specified Spot Fleet request during the specified time.
Describes your Spot Fleet requests.
Describes the specified Spot Instance requests.
Describes the Spot price history. For more information, see Spot Instance pricing history in the Amazon EC2 User Guide.
Describes the stale security group rules for security groups referenced across a VPC peering connection, transit gateway connection, or with a security group VPC association. Rules are stale when they reference a deleted security group. Rules can also be stale if they reference a security group in a peer VPC for which the VPC peering connection has been deleted, across a transit gateway where the transit gateway has been deleted (or the transit gateway security group referencing feature has been disabled), or if a security group VPC association has been disassociated.
Describes the progress of the AMI store tasks. You can describe the store tasks for specified AMIs. If you don't specify the AMIs, you get a paginated list of store tasks from the last 31 days.
Describes your subnets. The default is to describe all your subnets. Alternatively, you can specify specific subnet IDs or filter the results to include only the subnets that match specific criteria.
Describes the specified tags for your EC2 resources.
Describe traffic mirror filters that determine the traffic that is mirrored.
Describes one or more Traffic Mirror filters.
Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror sessions are described. Alternatively, you can filter the results.
Information about one or more Traffic Mirror targets.
Describes one or more attachments between resources and transit gateways. By default, all attachments are described. Alternatively, you can filter the results by attachment ID, attachment state, resource ID, or resource owner.
Describes one or more Connect peers.
Describes one or more Connect attachments.
Describes one or more transit gateway multicast domains.
Describes your transit gateway peering attachments.
Describes one or more transit gateway route policy tables.
Describes one or more transit gateway route table advertisements.
Describes one or more transit gateway route tables. By default, all transit gateway route tables are described. Alternatively, you can filter the results.
Describes one or more transit gateways. By default, all transit gateways are described. Alternatively, you can filter the results.
Describes one or more VPC attachments. By default, all VPC attachments are described. Alternatively, you can filter the results.
Describes one or more network interface trunk associations.
Describes the specified Amazon Web Services Verified Access endpoints.
Describes the specified Verified Access groups.
Describes the specified Amazon Web Services Verified Access instances.
Describes the specified Amazon Web Services Verified Access instances.
Describes the specified Amazon Web Services Verified Access trust providers.
Describes the specified attribute of the specified volume. You can specify only one attribute at a time.
Describes the specified EBS volumes or all of your EBS volumes.
Describes the most recent volume modification request for the specified EBS volumes.
Describes the status of the specified volumes. Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume's underlying host. If the volume's underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to be taken in response to the event.
Describes the specified attribute of the specified VPC. You can specify only one attribute at a time.
Describe VPC Block Public Access (BPA) exclusions. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
Describe VPC Block Public Access (BPA) options. VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
This action is deprecated.
This action is deprecated.
Describes the VPC resources, VPC endpoint services, Amazon Lattice services, or service networks associated with the VPC endpoint.
Describes the connection notifications for VPC endpoints and VPC endpoint services.
Describes the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance.
Describes your VPC endpoints. The default is to describe all your VPC endpoints. Alternatively, you can specify specific VPC endpoint IDs or filter the results to include only the VPC endpoints that match specific criteria.
Describes the VPC endpoint service configurations in your account (your services).
Describes the principals (service consumers) that are permitted to discover your VPC endpoint service. Principal ARNs with path components aren't supported.
Describes available services to which you can create a VPC endpoint.
Describes your VPC peering connections. The default is to describe all your VPC peering connections. Alternatively, you can specify specific VPC peering connection IDs or filter the results to include only the VPC peering connections that match specific criteria.
Describes your VPCs. The default is to describe all your VPCs. Alternatively, you can specify specific VPC IDs or filter the results to include only the VPCs that match specific criteria.
Describes one or more of your VPN connections.
Describes one or more of your virtual private gateways.
This action is deprecated.
Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC. The VPC must not contain any running instances with Elastic IP addresses or public IPv4 addresses.
Detaches a network interface from an instance.
Detaches the specified Amazon Web Services Verified Access trust provider from the specified Amazon Web Services Verified Access instance.
Detaches an EBS volume from an instance. Make sure to unmount any file systems on the device within your operating system before detaching the volume. Failure to do so can result in the volume becoming stuck in the busy state while detaching. If this happens, detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot the instance, or all three. If an EBS volume is the root device of an instance, it can't be detached while the instance is running. To detach the root volume, stop the instance first.
Detaches a virtual private gateway from a VPC. You do this if you're planning to turn off the VPC and not use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by describing the virtual private gateway (any attachments to the virtual private gateway are also described).
Disables Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.
Disables Allowed AMIs for your account in the specified Amazon Web Services Region. When set to disabled, the image criteria in your Allowed AMIs settings do not apply, and no restrictions are placed on AMI discoverability or usage. Users in your account can launch instances using any public AMI or AMI shared with your account.
Disables Infrastructure Performance metric subscriptions.
Disables EBS encryption by default for your account in the current Region.
Discontinue Windows fast launch for a Windows AMI, and clean up existing pre-provisioned snapshots. After you disable Windows fast launch, the AMI uses the standard launch process for each new instance. Amazon EC2 must remove all pre-provisioned snapshots before you can enable Windows fast launch again.
Disables fast snapshot restores for the specified snapshots in the specified Availability Zones.
Sets the AMI state to disabled and removes all launch permissions from the AMI. A disabled AMI can't be used for instance launches.
Disables block public access for AMIs at the account level in the specified Amazon Web Services Region. This removes the block public access restriction from your account. With the restriction removed, you can publicly share your AMIs in the specified Amazon Web Services Region.
Cancels the deprecation of the specified AMI.
Disables deregistration protection for an AMI. When deregistration protection is disabled, the AMI can be deregistered.
Disable the IPAM account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide.
Disables route propagation from a route server to a specified route table.
Disables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
Disables the block public access for snapshots setting at the account level for the specified Amazon Web Services Region. After you disable block public access for snapshots in a Region, users can publicly share snapshots in that Region.
Disables the specified resource attachment from propagating routes to the specified propagation route table.
Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC.
This action is deprecated.
This action is deprecated.
Disassociates an Elastic IP address from the instance or network interface it's associated with.
Cancels a pending request to assign billing of the unused capacity of a Capacity Reservation to a consumer account, or revokes a request that has already been accepted. For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
Disassociates a target network from the specified Client VPN endpoint. When you disassociate the last target network from a Client VPN, the following happens:
Disassociates an IAM role from an Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role's permission to use the KMS key used to encrypt the private key. This effectively revokes the role's permission to use the certificate.
Disassociates an IAM instance profile from a running or stopped instance.
Disassociates one or more targets from an event window.
Remove the association between your Autonomous System Number (ASN) and your BYOIP CIDR. You may want to use this action to disassociate an ASN from a CIDR or if you want to swap ASNs. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
Disassociates a resource discovery from an Amazon VPC IPAM. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Disassociates secondary Elastic IP addresses (EIPs) from a public NAT gateway. You cannot disassociate your primary EIP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide.
Disassociates a route server from a VPC.
Disassociates a subnet or gateway from a route table.
Disassociates a security group from a VPC. You cannot disassociate the security group if any Elastic network interfaces in the associated VPC are still associated with the security group. Note that the disassociation is asynchronous and you can check the status of the request with DescribeSecurityGroupVpcAssociations.
Disassociates a CIDR block from a subnet. Currently, you can disassociate an IPv6 CIDR block only. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.
Disassociates the specified subnets from the transit gateway multicast domain.
Removes the association between an an attachment and a policy table.
Disassociates a resource attachment from a transit gateway route table.
Removes an association between a branch network interface with a trunk network interface.
Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must specify its association ID. You can get the association ID by using DescribeVpcs. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.
Enables Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.
Enables Allowed AMIs for your account in the specified Amazon Web Services Region. Two values are accepted:
Enables Infrastructure Performance subscriptions.
Enables EBS encryption by default for your account in the current Region.
When you enable Windows fast launch for a Windows AMI, images are pre-provisioned, using snapshots to launch instances up to 65% faster. To create the optimized Windows image, Amazon EC2 launches an instance and runs through Sysprep steps, rebooting as required. Then it creates a set of reserved snapshots that are used for subsequent launches. The reserved snapshots are automatically replenished as they are used, depending on your settings for launch frequency.
Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.
Re-enables a disabled AMI. The re-enabled AMI is marked as available and can be used for instance launches, appears in describe operations, and can be shared. Amazon Web Services accounts, organizations, and Organizational Units that lost access to the AMI when it was disabled do not regain access automatically. Once the AMI is available, it can be shared with them again.
Enables block public access for AMIs at the account level in the specified Amazon Web Services Region. This prevents the public sharing of your AMIs. However, if you already have public AMIs, they will remain publicly available.
Enables deprecation of the specified AMI at the specified date and time.
Enables deregistration protection for an AMI. When deregistration protection is enabled, the AMI can't be deregistered.
Enable an Organizations member account as the IPAM admin account. You cannot select the Organizations management account as the IPAM admin account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide.
Establishes a trust relationship between Reachability Analyzer and Organizations. This operation must be performed by the management account for the organization.
Defines which route tables the route server can update with routes.
Enables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
Enables or modifies the block public access for snapshots setting at the account level for the specified Amazon Web Services Region. After you enable block public access for snapshots in a Region, users can no longer request public sharing for snapshots in that Region. Snapshots that are already publicly shared are either treated as private or they remain publicly shared, depending on the State that you specify.
Enables the specified attachment to propagate routes to the specified propagation route table.
Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC.
Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent.
This action is deprecated.
This action is deprecated.
Downloads the client certificate revocation list for the specified Client VPN endpoint.
Downloads the contents of the Client VPN endpoint configuration file for the specified Client VPN endpoint. The Client VPN endpoint configuration file includes the Client VPN endpoint and certificate information clients need to establish a connection with the Client VPN endpoint.
Exports an Amazon Machine Image (AMI) to a VM file. For more information, see Exporting a VM directly from an Amazon Machine Image (AMI) in the VM Import/Export User Guide.
Exports routes from the specified transit gateway route table to the specified S3 bucket. By default, all routes are exported. Alternatively, you can filter by CIDR range.
Exports the client configuration for a Verified Access instance.
Gets the current state of the Allowed AMIs setting and the list of Allowed AMIs criteria at the account level in the specified Region.
Returns the IAM roles that are associated with the specified ACM (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the KMS key that's used to encrypt the private key.
Gets information about the IPv6 CIDR block associations for a specified IPv6 address pool.
Gets network performance data.
Gets usage information about a Capacity Reservation. If the Capacity Reservation is shared, it shows usage information for the Capacity Reservation owner and each Amazon Web Services account that is currently using the shared capacity. If the Capacity Reservation is not shared, it shows only the Capacity Reservation owner's usage.
Describes the allocations from the specified customer-owned address pool.
Gets the console output for the specified instance. For Linux instances, the instance console output displays the exact console output that would normally be displayed on a physical monitor attached to a computer. For Windows instances, the instance console output includes the last three system event log errors.
Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.
Retrieves a summary of the account status report.
Describes the default credit option for CPU usage of a burstable performance instance family.
Describes the default KMS key for EBS encryption by default for your account in this Region. You can change the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.
Describes whether EBS encryption by default is enabled for your account in the current Region.
Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena. This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following:
Lists the resource groups to which a Capacity Reservation has been added.
Preview a reservation purchase with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation.
Gets the current state of block public access for AMIs at the account level in the specified Amazon Web Services Region.
Gets the default instance metadata service (IMDS) settings that are set at the account level in the specified Amazon Web Services Region.
Gets the public endorsement key associated with the Nitro Trusted Platform Module (NitroTPM) for the specified instance.
Returns a list of instance types with the specified instance attributes. You can use the response to preview the instance types without launching instances. Note that the response does not consider capacity.
A binary representation of the UEFI variable store. Only non-volatile variables are stored. This is a base64 encoded and zlib compressed binary value that must be properly encoded.
Retrieve historical information about a CIDR within an IPAM scope. For more information, see View the history of IP addresses in the Amazon VPC IPAM User Guide.
Gets IPAM discovered accounts. A discovered account is an Amazon Web Services account that is monitored under a resource discovery. If you have integrated IPAM with Amazon Web Services Organizations, all accounts in the organization are discovered accounts. Only the IPAM account can get all discovered accounts in the organization.
Gets the public IP addresses that have been discovered by IPAM.
Returns the resource CIDRs that are monitored as part of a resource discovery. A discovered resource is a resource CIDR monitored under a resource discovery. The following resources can be discovered: VPCs, Public IPv4 pools, VPC subnets, and Elastic IP addresses.
Get a list of all the CIDR allocations in an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations.
Get the CIDRs provisioned to an IPAM pool.
Returns resource CIDRs managed by IPAM in a given scope. If an IPAM is associated with more than one resource discovery, the resource CIDRs across all of the resource discoveries is returned. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Retrieves the configuration data of the specified instance. You can use this data to create a launch template.
Gets information about the resources that are associated with the specified managed prefix list.
Gets information about the entries for a specified managed prefix list.
Gets the findings for the specified Network Access Scope analysis.
Gets the content for the specified Network Access Scope.
Retrieves the encrypted administrator password for a running Windows instance.
Returns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance. If the exchange cannot be performed, the reason is returned in the response. Use AcceptReservedInstancesExchangeQuote to perform the exchange.
Gets information about the associations for the specified route server.
Gets information about the route propagations for the specified route server.
Gets the routing database for the specified route server. The Routing Information Base (RIB) serves as a database that stores all the routing information and network topology data collected by a router or routing system, such as routes learned from BGP peers. The RIB is constantly updated as new routing information is received or existing routes change. This ensures that the route server always has the most current view of the network topology and can make optimal routing decisions.
Gets security groups that can be associated by the Amazon Web Services account making the request with network interfaces in the specified VPC.
Retrieves the access status of your account to the EC2 serial console of all instances. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
Gets the current state of block public access for snapshots setting for the account and Region.
Calculates the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements.
Gets information about the subnet CIDR reservations.
Lists the route tables to which the specified resource attachment propagates routes.
Gets information about the associations for the transit gateway multicast domain.
Gets a list of the transit gateway policy table associations.
Returns a list of transit gateway policy table entries.
Gets information about the prefix list references in a specified transit gateway route table.
Gets information about the associations for the specified transit gateway route table.
Gets information about the route table propagations for the specified transit gateway route table.
Get the Verified Access policy associated with the endpoint.
Gets the targets for the specified network CIDR endpoint for Verified Access.
Shows the contents of the Verified Access policy associated with the group.
Download an Amazon Web Services-provided sample configuration file to be used with the customer gateway device specified for your Site-to-Site VPN connection.
Obtain a list of customer gateway devices for which sample configuration files can be provided. The request has no additional parameters. You can also see the list of device types with sample configuration files available under Your customer gateway device in the Amazon Web Services Site-to-Site VPN User Guide.
Get details of available tunnel endpoint maintenance.
Uploads a client certificate revocation list to the specified Client VPN endpoint. Uploading a client certificate revocation list overwrites the existing client certificate revocation list.
To import your virtual machines (VMs) with a console-based experience, you can use the Import virtual machine images to Amazon Web Services template in the Migration Hub Orchestrator console. For more information, see the Migration Hub Orchestrator User Guide.
We recommend that you use the ImportImage API instead. For more information, see Importing a VM as an image using VM Import/Export in the VM Import/Export User Guide.
Imports the public key from an RSA or ED25519 key pair that you created using a third-party tool. You give Amazon Web Services only the public key. The private key is never transferred between you and Amazon Web Services.
Imports a disk into an EBS snapshot.
This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead.
Lists one or more AMIs that are currently in the Recycle Bin. For more information, see Recycle Bin in the Amazon EC2 User Guide.
Lists one or more snapshots that are currently in the Recycle Bin.
Locks an Amazon EBS snapshot in either governance or compliance mode to protect it against accidental or malicious deletions for a specific duration. A locked snapshot can't be deleted.
Modifies an attribute of the specified Elastic IP address. For requirements, see Using reverse DNS for email applications.
Changes the opt-in status of the specified zone group for your account.
Modifies a Capacity Reservation's capacity, instance eligibility, and the conditions under which it is to be released. You can't modify a Capacity Reservation's instance type, EBS optimization, platform, instance store settings, Availability Zone, or tenancy. If you need to modify any of these attributes, we recommend that you cancel the Capacity Reservation, and then create a new one with the required attributes. For more information, see Modify an active Capacity Reservation.
Modifies a Capacity Reservation Fleet.
Modifies the specified Client VPN endpoint. Modifying the DNS server resets existing client connections.
Modifies the default credit option for CPU usage of burstable performance instances. The default credit option is set at the account level per Amazon Web Services Region, and is specified per instance family. All new burstable performance instances in the account launch using the default credit option.
Changes the default KMS key for EBS encryption by default for your account in this Region.
Modifies the specified EC2 Fleet.
Modifies the specified attribute of the specified Amazon FPGA Image (AFI).
Modify the auto-placement setting of a Dedicated Host. When auto-placement is enabled, any instances that you launch with a tenancy of host but without a specific host ID are placed onto any available Dedicated Host in your account that has auto-placement enabled. When auto-placement is disabled, you need to provide a host ID to have the instance launch onto a specific host. If no host ID is provided, the instance is launched onto a suitable host with auto-placement enabled.
Modifies the ID format of a resource for a specified IAM user, IAM role, or the root user for an account; or all IAM users, IAM roles, and the root user for an account. You can specify that resources should receive longer IDs (17-character IDs) when they are created.
Modifies the ID format for the specified resource on a per-Region basis. You can specify that resources should receive longer IDs (17-character IDs) when they are created.
Modifies the specified attribute of the specified AMI. You can specify only one attribute at a time.
Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.
Modifies the Capacity Reservation settings for a stopped instance. Use this action to configure an instance to target a specific Capacity Reservation, run in any open Capacity Reservation with matching attributes, run in On-Demand Instance capacity, or only run in a Capacity Reservation.
By default, all vCPUs for the instance type are active when you launch an instance. When you configure the number of active vCPUs for the instance, it can help you save on licensing costs and optimize performance. The base cost of the instance remains unchanged.
Modifies the credit option for CPU usage on a running or stopped burstable performance instance. The credit options are standard and unlimited.
Modifies the start time for a scheduled Amazon EC2 instance event.
Modifies the specified event window.
Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default. The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see Simplified automatic recovery.
Modifies the default instance metadata service (IMDS) settings at the account level in the specified Amazon Web Services Region.
Modify the instance metadata parameters on a running or stopped instance. When you modify the parameters on a stopped instance, they are applied when the instance is started. When you modify the parameters on a running instance, the API responds with a state of “pending”. After the parameter modifications are successfully applied to the instance, the state of the modifications changes from “pending” to “applied” in subsequent describe-instances API calls. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.
Change the configuration of the network performance options for an existing instance.
Modifies the placement attributes for a specified instance. You can do the following:
Modify the configurations of an IPAM.
Modify the configurations of an IPAM pool.
Modify a resource CIDR. You can use this action to transfer resource CIDRs between scopes and ignore resource CIDRs that you do not want to manage. If set to false, the resource will not be tracked for overlap, it cannot be auto-imported into a pool, and it will be removed from any pool it has an allocation in.
Modifies a resource discovery. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Modify an IPAM scope.
Modifies a launch template. You can specify which version of the launch template to set as the default version. When launching an instance, the default version applies when a launch template version is not specified.
Modifies the specified local gateway route.
Modifies the specified managed prefix list.
Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance.
Modifies the options for instance hostnames for the specified instance.
Modifies the configuration of your Reserved Instances, such as the Availability Zone, instance count, or instance type. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.
Modifies the configuration of an existing route server.
Modifies the rules of a security group.
Adds or removes permission settings for the specified snapshot. You may add or remove specified Amazon Web Services account IDs from a snapshot's list of create volume permissions, but you cannot do both in a single operation. If you need to both add and remove account IDs for a snapshot, you must use multiple operations. You can make up to 500 modifications to a snapshot in a single operation.
Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to a full snapshot that includes all of the blocks of data that were written to the volume at the time the snapshot was created, and moved from the standard tier to the archive tier. For more information, see Archive Amazon EBS snapshots in the Amazon EBS User Guide.
Modifies the specified Spot Fleet request.
Modifies a subnet attribute. You can only modify one attribute at a time.
Allows or restricts mirroring network services.
Modifies the specified Traffic Mirror rule.
Modifies a Traffic Mirror session.
Modifies the specified transit gateway. When you modify a transit gateway, the modified options are applied to new transit gateway attachments only. Your existing transit gateway attachments are not modified.
Modifies a reference (route) to a prefix list in a specified transit gateway route table.
Modifies the specified VPC attachment.
Modifies the configuration of the specified Amazon Web Services Verified Access endpoint.
Modifies the specified Amazon Web Services Verified Access endpoint policy.
Modifies the specified Amazon Web Services Verified Access group configuration.
Modifies the specified Amazon Web Services Verified Access group policy.
Modifies the configuration of the specified Amazon Web Services Verified Access instance.
Modifies the logging configuration for the specified Amazon Web Services Verified Access instance.
Modifies the configuration of the specified Amazon Web Services Verified Access trust provider.
You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance type, you might be able to apply these changes without stopping the instance or detaching the volume from it. For more information about modifying EBS volumes, see Amazon EBS Elastic Volumes in the Amazon EBS User Guide.
Modifies a volume attribute.
Modifies the specified attribute of the specified VPC.
Modify VPC Block Public Access (BPA) exclusions. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on.
Modify VPC Block Public Access (BPA) options. VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
Modifies attributes of a specified VPC endpoint. The attributes that you can modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load Balancer). For more information, see the Amazon Web Services PrivateLink Guide.
Modifies a connection notification for VPC endpoint or VPC endpoint service. You can change the SNS topic for the notification, or the events for which to be notified.
Modifies the attributes of the specified VPC endpoint service configuration.
Modifies the payer responsibility for your VPC endpoint service.
Modifies the permissions for your VPC endpoint service. You can add or remove permissions for service consumers (Amazon Web Services accounts, users, and IAM roles) to connect to your endpoint service. Principal ARNs with path components aren't supported.
Modifies the VPC peering connection options on one side of a VPC peering connection.
Modifies the instance tenancy attribute of the specified VPC. You can change the instance tenancy attribute of a VPC to default only. You cannot change the instance tenancy attribute to dedicated.
Modifies the customer gateway or the target gateway of an Amazon Web Services Site-to-Site VPN connection. To modify the target gateway, the following migration options are available:
Modifies the connection options for your Site-to-Site VPN connection.
Modifies the VPN tunnel endpoint certificate.
Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN connection. You can modify multiple options for a tunnel in a single request, but you can only modify one tunnel at a time. For more information, see Site-to-Site VPN tunnel options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.
Enables detailed monitoring for a running instance. Otherwise, basic monitoring is enabled. For more information, see Monitor your instances using CloudWatch in the Amazon EC2 User Guide.
This action is deprecated.
Move a BYOIPv4 CIDR to IPAM from a public IPv4 pool.
Move available capacity from a source Capacity Reservation to a destination Capacity Reservation. The source Capacity Reservation and the destination Capacity Reservation must be active, owned by your Amazon Web Services account, and share the following:
Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr.
Provisions your Autonomous System Number (ASN) for use in your Amazon Web Services account. This action requires authorization context for Amazon to bring the ASN to an Amazon Web Services account. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs to a top-level pool or to transfer a CIDR from a top-level pool to a pool within it.
Provision a CIDR to a public IPv4 pool.
Purchase the Capacity Block for use with your account. With Capacity Blocks you ensure GPU capacity is available for machine learning (ML) workloads. You must specify the ID of the Capacity Block offering you are purchasing.
Purchase the Capacity Block extension for use with your account. You must specify the ID of the Capacity Block extension offering you are purchasing.
Purchase a reservation with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation. This action results in the specified reservation being purchased and charged to your account.
Purchases a Reserved Instance for use with your account. With Reserved Instances, you pay a lower hourly rate compared to On-Demand instance pricing.
You can no longer purchase Scheduled Instances.
Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.
Registers an AMI. When you're creating an instance-store backed AMI, registering the AMI is the final step in the creation process. For more information about creating AMIs, see Create an AMI from a snapshot and Create an instance-store backed AMI in the Amazon EC2 User Guide.
Registers a set of tag keys to include in scheduled event notifications for your resources.
Registers members (network interfaces) with the transit gateway multicast group. A member is a network interface associated with a supported EC2 instance that receives multicast traffic. For more information, see Multicast on transit gateways in the Amazon Web Services Transit Gateways Guide.
Registers sources (network interfaces) with the specified transit gateway multicast group.
Rejects a request to assign billing of the available capacity of a shared Capacity Reservation to your account. For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
Rejects a request to associate cross-account subnets with a transit gateway multicast domain.
Rejects a transit gateway peering attachment request.
Rejects a request to attach a VPC to a transit gateway.
Rejects VPC endpoint connection requests to your VPC endpoint service.
Rejects a VPC peering connection request. The VPC peering connection must be in the pending-acceptance state. Use the DescribeVpcPeeringConnections request to view your outstanding VPC peering connection requests. To delete an active VPC peering connection, or to delete a VPC peering connection request that you initiated, use DeleteVpcPeeringConnection.
Releases the specified Elastic IP address.
When you no longer want to use an On-Demand Dedicated Host it can be released. On-Demand billing is stopped and the host goes into released state. The host ID of Dedicated Hosts that have been released can no longer be specified in another request, for example, to modify the host. You must stop or terminate all instances on a host before it can be released.
Release an allocation within an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations. You can only use this action to release manual allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using ModifyIpamResourceCidr. For more information, see Release an allocation in the Amazon VPC IPAM User Guide.
Replaces an IAM instance profile for the specified running instance. You can use this action to change the IAM instance profile that's associated with an instance without having to disassociate the existing IAM instance profile first.
Sets or replaces the criteria for Allowed AMIs.
Changes which network ACL a subnet is associated with. By default when you create a subnet, it's automatically associated with the default network ACL. For more information, see Network ACLs in the Amazon VPC User Guide.
Replaces an entry (rule) in a network ACL. For more information, see Network ACLs in the Amazon VPC User Guide.
Replaces an existing route within a route table in a VPC.
Changes the route table associated with a given subnet, internet gateway, or virtual private gateway in a VPC. After the operation completes, the subnet or gateway uses the routes in the new route table. For more information about route tables, see Route tables in the Amazon VPC User Guide.
Replaces the specified route in the specified transit gateway route table.
Trigger replacement of specified VPN tunnel.
Submits feedback about the status of an instance. The instance must be in the running state. If your experience with the instance differs from the instance status returned by DescribeInstanceStatus, use ReportInstanceStatus to report your experience with the instance. Amazon EC2 collects this information to improve the accuracy of status checks.
Creates a Spot Fleet request.
Creates a Spot Instance request.
Resets the attribute of the specified IP address. For requirements, see Using reverse DNS for email applications.
Resets the default KMS key for EBS encryption for your account in this Region to the Amazon Web Services managed KMS key for EBS.
Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its default value. You can only reset the load permission attribute.
Resets an attribute of an AMI to its default value.
Resets an attribute of an instance to its default value. To reset the kernel or ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck, the instance can be either running or stopped.
Resets a network interface attribute. You can specify only one attribute at a time.
Resets permission settings for the specified snapshot.
This action is deprecated.
Restores an AMI from the Recycle Bin. For more information, see Recycle Bin in the Amazon EC2 User Guide.
Restores the entries from a previous version of a managed prefix list to a new version of the prefix list.
Restores a snapshot from the Recycle Bin. For more information, see Restore snapshots from the Recycle Bin in the Amazon EBS User Guide.
Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore period or restore type for a snapshot that was previously temporarily restored.
Removes an ingress authorization rule from a Client VPN endpoint.
Removes the specified outbound (egress) rules from the specified security group.
Removes the specified inbound (ingress) rules from a security group.
Launches the specified number of instances using an AMI for which you have permissions.
Launches the specified Scheduled Instances.
Searches for routes in the specified local gateway route table.
Searches one or more transit gateway multicast groups and returns the group membership information.
Searches for routes in the specified transit gateway route table.
Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a kernel panic (on Linux instances), or a blue screen/stop error (on Windows instances). For instances based on Intel and AMD processors, the interrupt is received as a non-maskable interrupt (NMI).
Generates an account status report. The report is generated asynchronously, and can take several hours to complete.
Starts an Amazon EBS-backed instance that you've previously stopped.
Starts analyzing the specified Network Access Scope.
Starts analyzing the specified path. If the path is reachable, the operation returns the shortest feasible path.
Initiates the verification process to prove that the service provider owns the private DNS name domain for the endpoint service.
Stops an Amazon EBS-backed instance. For more information, see Stop and start Amazon EC2 instances in the Amazon EC2 User Guide.
Terminates active Client VPN endpoint connections. This action can be used to terminate a specific client connection, or up to five connections established by a specific user.
Shuts down the specified instances. This operation is idempotent; if you terminate an instance more than once, each call succeeds.
Unassigns the specified IPv6 addresses or Prefix Delegation prefixes from a network interface.
Unassigns the specified secondary private IP addresses or IPv4 Prefix Delegation prefixes from a network interface.
Unassigns secondary private IPv4 addresses from a private NAT gateway. You cannot unassign your primary private IP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide.
Unlocks a snapshot that is locked in governance mode or that is locked in compliance mode but still in the cooling-off period. You can't unlock a snapshot that is locked in compliance mode after the cooling-off period has expired.
Disables detailed monitoring for a running instance. For more information, see Monitoring your instances and volumes in the Amazon EC2 User Guide.
Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.
Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.
Stops advertising an address range that is provisioned as an address pool.
Inherited functions
Accepts an Elastic IP address transfer. For more information, see Accept a transferred Elastic IP address in the Amazon VPC User Guide.
Accepts a request to assign billing of the available capacity of a shared Capacity Reservation to your account. For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
Accepts the Convertible Reserved Instance exchange quote described in the GetReservedInstancesExchangeQuote call.
Accepts a request to associate subnets with a transit gateway multicast domain.
Accepts a transit gateway peering attachment request. The peering attachment must be in the pendingAcceptance state.
Accepts a request to attach a VPC to a transit gateway.
Accepts connection requests to your VPC endpoint service.
Accept a VPC peering connection request. To accept a request, the VPC peering connection must be in the pending-acceptance state, and you must be the owner of the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC peering connection requests.
Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).
Allocates an Elastic IP address to your Amazon Web Services account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different Amazon Web Services account.
Allocates a Dedicated Host to your account. At a minimum, specify the supported instance type or instance family, the Availability Zone in which to allocate the host, and the number of hosts to allocate.
Allocate a CIDR from an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations.
Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups.
Assigns the specified IPv6 addresses to the specified network interface. You can specify specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from the subnet's IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies by instance type.
Assigns the specified secondary private IP addresses to the specified network interface.
Assigns private IPv4 addresses to a private NAT gateway. For more information, see Work with NAT gateways in the Amazon VPC User Guide.
Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account.
Initiates a request to assign billing of the unused capacity of a shared Capacity Reservation to a consumer account that is consolidated under the same Amazon Web Services organizations payer account. For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.
Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC.
Associates an Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the Amazon Web Services Nitro Enclaves User Guide.
Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance.
Associates one or more targets with an event window. Only one type of target (instance IDs, Dedicated Host IDs, or tags) can be specified with an event window.
Associates your Autonomous System Number (ASN) with a BYOIP CIDR that you own in the same Amazon Web Services Region. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
Associates an IPAM resource discovery with an Amazon VPC IPAM. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Associates Elastic IP addresses (EIPs) and private IPv4 addresses with a public NAT gateway. For more information, see Work with NAT gateways in the Amazon VPC User Guide.
Associates a route server with a VPC to enable dynamic route updates.
Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC. This association causes traffic from the subnet or gateway to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table later. A route table can be associated with multiple subnets.
Associates a security group with another VPC in the same Region. This enables you to use the same security group with network interfaces and instances in the specified VPC.
Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet.
Associates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain.
Associates the specified transit gateway attachment with a transit gateway policy table.
Associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment.
Associates a branch network interface with a trunk network interface.
Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).
This action is deprecated.
Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC. For more information, see Internet gateways in the Amazon VPC User Guide.
Attaches a network interface to an instance.
Attaches the specified Amazon Web Services Verified Access trust provider to the specified Amazon Web Services Verified Access instance.
Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.
Attaches an available virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time.
Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in Amazon Web Services or on-premises networks.
Adds the specified outbound (egress) rules to a security group.
Adds the specified inbound (ingress) rules to a security group.
Bundles an Amazon instance store-backed Windows instance.
Cancels a bundling operation for an instance store-backed Windows instance.
Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation's state to cancelled.
Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity Reservation Fleet, the following happens:
Cancels an active conversion task. The task can be the import of an instance or volume. The action removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is in the process of transferring the final disk image, the command fails and returns an exception.
Cancels the generation of an account status report.
Cancels an active export task. The request removes all artifacts of the export, including any partially-created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk image, the command fails and returns an error.
Removes your Amazon Web Services account from the launch permissions for the specified AMI. For more information, see Cancel having an AMI shared with your Amazon Web Services account in the Amazon EC2 User Guide.
Cancels an in-process import virtual machine or import snapshot task.
Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.
Cancels the specified Spot Fleet requests.
Cancels one or more Spot Instance requests.
Determines whether a product code is associated with an instance. This action can only be used by the owner of the product code. It is useful when a product code owner must verify whether another user's instance is eligible for support.
Copies the specified Amazon FPGA Image (AFI) to the current Region.
Initiates an AMI copy operation. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.
Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a snapshot within the same Region, from one Region to another, or from a Region to an Outpost. You can't copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.
Creates a new Capacity Reservation with the specified attributes. Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration.
Create a new Capacity Reservation by splitting the capacity of the source Capacity Reservation. The new Capacity Reservation will have the same attributes as the source Capacity Reservation except for tags. The source Capacity Reservation must be active and owned by your Amazon Web Services account.
Creates a Capacity Reservation Fleet. For more information, see Create a Capacity Reservation Fleet in the Amazon EC2 User Guide.
Creates a carrier gateway. For more information about carrier gateways, see Carrier gateways in the Amazon Web Services Wavelength Developer Guide.
Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated.
Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks.
Creates a range of customer-owned IP addresses.
Creates a pool of customer-owned IP (CoIP) addresses.
Provides information to Amazon Web Services about your customer gateway device. The customer gateway device is the appliance at your end of the VPN connection. You must provide the IP address of the customer gateway device’s external interface. The IP address must be static and can be behind a device performing network address translation (NAT).
Creates a default subnet with a size /20 IPv4 CIDR block in the specified Availability Zone in your default VPC. You can have only one default subnet per Availability Zone. For more information, see Create a default subnet in the Amazon VPC User Guide.
Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPCs in the Amazon VPC User Guide. You cannot specify the components of the default VPC yourself.
Creates a custom set of DHCP options. After you create a DHCP option set, you associate it with a VPC. After you associate a DHCP option set with a VPC, all existing and newly launched instances in the VPC use this set of DHCP options.
[IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.
Creates an EC2 Fleet that contains the configuration information for On-Demand Instances and Spot Instances. Instances are launched immediately if there is available capacity.
Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC.
Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).
Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.
Creates an EC2 Instance Connect Endpoint.
Creates an event window in which scheduled events for the associated Amazon EC2 instances can run.
Exports a running or stopped instance to an Amazon S3 bucket.
Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway.
Create an IPAM. Amazon VPC IP Address Manager (IPAM) is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization.
Create a verification token. A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.
Creates an IPAM resource discovery. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Create an IPAM scope. In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.
Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified format. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.
Creates a launch template.
Creates a new version of a launch template. You must specify an existing launch template, either by name or ID. You can determine whether the new version inherits parameters from a source version, and add or overwrite parameters as needed.
Creates a static route for the specified local gateway route table. You must specify one of the following targets:
Creates a local gateway route table.
Creates a local gateway route table virtual interface group association.
Associates the specified VPC with the specified local gateway route table.
Creates a managed prefix list. You can specify entries for the prefix list. Each entry consists of a CIDR block and an optional description.
Creates a NAT gateway in the specified subnet. This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. You can create either a public NAT gateway or a private NAT gateway.
Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC.
Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules.
Creates a Network Access Scope.
Creates a path to analyze for reachability.
Creates a network interface in the specified subnet.
Grants an Amazon Web Services-authorized account permission to attach the specified network interface to an instance in their account.
Creates a placement group in which to launch instances. The strategy of the placement group determines how the instances are organized within the group.
Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only. To monitor the status of pool creation, use DescribePublicIpv4Pools.
Replaces the EBS-backed root volume for a running instance with a new volume that is restored to the original root volume's launch state, that is restored to a specific snapshot taken from the original root volume, or that is restored from an AMI that has the same key characteristics as that of the instance.
Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace. You can submit one Standard Reserved Instance listing at a time. To get a list of your Standard Reserved Instances, you can use the DescribeReservedInstances operation.
Starts a task that restores an AMI from an Amazon S3 object that was previously created by using CreateStoreImageTask.
Creates a route in a route table within a VPC.
Creates a new route server to manage dynamic routing in a VPC.
Creates a new endpoint for a route server in a specified subnet.
Creates a new BGP peer for a specified route server endpoint.
Creates a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet.
Creates a security group.
Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance.
Creates crash-consistent snapshots of multiple EBS volumes attached to an Amazon EC2 instance. Volumes are chosen by specifying an instance. Each volume attached to the specified instance will produce one snapshot that is crash-consistent across the instance. You can include all of the volumes currently attached to the instance, or you can exclude the root volume or specific data (non-root) volumes from the multi-volume snapshot set.
Creates a data feed for Spot Instances, enabling you to view Spot Instance usage logs. You can create one data feed per Amazon Web Services account. For more information, see Spot Instance data feed in the Amazon EC2 User Guide.
Stores an AMI as a single object in an Amazon S3 bucket.
Creates a subnet in the specified VPC. For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block.
Creates a subnet CIDR reservation. For more information, see Subnet CIDR reservations in the Amazon VPC User Guide and Manage prefixes for your network interfaces in the Amazon EC2 User Guide.
Adds or overwrites only the specified tags for the specified Amazon EC2 resource or resources. When you specify an existing tag key, the value is overwritten with the new value. Each resource can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique per resource.
Creates a Traffic Mirror filter.
Creates a Traffic Mirror filter rule.
Creates a Traffic Mirror session.
Creates a target for your Traffic Mirror session.
Creates a transit gateway.
Creates a Connect attachment from a specified transit gateway attachment. A Connect attachment is a GRE-based tunnel attachment that you can use to establish a connection between a transit gateway and an appliance.
Creates a Connect peer for a specified transit gateway Connect attachment between a transit gateway and an appliance.
Creates a multicast domain using the specified transit gateway.
Requests a transit gateway peering attachment between the specified transit gateway (requester) and a peer transit gateway (accepter). The peer transit gateway can be in your account or a different Amazon Web Services account.
Creates a transit gateway policy table.
Creates a reference (route) to a prefix list in a specified transit gateway route table.
Creates a static route for the specified transit gateway route table.
Creates a route table for the specified transit gateway.
Advertises a new transit gateway route table.
Attaches the specified VPC to the specified transit gateway.
An Amazon Web Services Verified Access endpoint is where you define your application along with an optional endpoint-level access policy.
An Amazon Web Services Verified Access group is a collection of Amazon Web Services Verified Access endpoints who's associated applications have similar security requirements. Each instance within a Verified Access group shares an Verified Access policy. For example, you can group all Verified Access instances associated with "sales" applications together and use one common Verified Access policy.
An Amazon Web Services Verified Access instance is a regional entity that evaluates application requests and grants access only when your security requirements are met.
A trust provider is a third-party entity that creates, maintains, and manages identity information for users and devices. When an application request is made, the identity information sent by the trust provider is evaluated by Verified Access before allowing or denying the application request.
Creates an EBS volume that can be attached to an instance in the same Availability Zone.
Creates a VPC with the specified CIDR blocks. For more information, see IP addressing for your VPCs and subnets in the Amazon VPC User Guide.
Create a VPC Block Public Access (BPA) exclusion. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
Creates a VPC endpoint. A VPC endpoint provides a private connection between the specified VPC and the specified endpoint service. You can use an endpoint service provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or another Amazon Web Services account. For more information, see the Amazon Web Services PrivateLink User Guide.
Creates a connection notification for a specified VPC endpoint or VPC endpoint service. A connection notification notifies you of specific endpoint events. You must create an SNS topic to receive notifications. For more information, see Creating an Amazon SNS topic in the Amazon SNS Developer Guide.
Creates a VPC endpoint service to which service consumers (Amazon Web Services accounts, users, and IAM roles) can connect.
Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to another Amazon Web Services account and can be in a different Region to the requester VPC. The requester VPC and accepter VPC cannot have overlapping CIDR blocks.
Creates a VPN connection between an existing virtual private gateway or transit gateway and a customer gateway. The supported connection type is ipsec.1.
Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.
Creates a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself.
Deletes a carrier gateway.
Deletes the specified Client VPN endpoint. You must disassociate all target networks before you can delete a Client VPN endpoint.
Deletes a route from a Client VPN endpoint. You can only delete routes that you manually added using the CreateClientVpnRoute action. You cannot delete routes that were automatically added when associating a subnet. To remove routes that have been automatically added, disassociate the target subnet from the Client VPN endpoint.
Deletes a range of customer-owned IP addresses.
Deletes a pool of customer-owned IP (CoIP) addresses.
Deletes the specified customer gateway. You must delete the VPN connection before you can delete the customer gateway.
Deletes the specified set of DHCP options. You must disassociate the set of DHCP options before you can delete it. You can disassociate the set of DHCP options by associating either a new set of options or the default set of options with the VPC.
Deletes an egress-only internet gateway.
Deletes the specified EC2 Fleet request.
Deletes one or more flow logs.
Deletes the specified Amazon FPGA Image (AFI).
Deletes the specified EC2 Instance Connect Endpoint.
Deletes the specified event window.
Deletes the specified internet gateway. You must detach the internet gateway from the VPC before you can delete it.
Delete an IPAM. Deleting an IPAM removes all monitored data associated with the IPAM including the historical data for CIDRs.
Delete a verification token. A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
Delete an IPAM pool.
Deletes an IPAM resource discovery. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Delete the scope for an IPAM. You cannot delete the default scopes.
Deletes the specified key pair, by removing the public key from Amazon EC2.
Deletes a launch template. Deleting a launch template deletes all of its versions.
Deletes one or more versions of a launch template.
Deletes the specified route from the specified local gateway route table.
Deletes a local gateway route table.
Deletes a local gateway route table virtual interface group association.
Deletes the specified association between a VPC and local gateway route table.
Deletes the specified managed prefix list. You must first remove all references to the prefix list in your resources.
Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates its Elastic IP address, but does not release the address from your account. Deleting a NAT gateway does not delete any NAT gateway routes in your route tables.
Deletes the specified network ACL. You can't delete the ACL if it's associated with any subnets. You can't delete the default network ACL.
Deletes the specified ingress or egress entry (rule) from the specified network ACL.
Deletes the specified Network Access Scope.
Deletes the specified Network Access Scope analysis.
Deletes the specified network insights analysis.
Deletes the specified path.
Deletes the specified network interface. You must detach the network interface before you can delete it.
Deletes a permission for a network interface. By default, you cannot delete the permission if the account for which you're removing the permission has attached the network interface to an instance. However, you can force delete the permission, regardless of any attachment.
Deletes the specified placement group. You must terminate all instances in the placement group before you can delete the placement group. For more information, see Placement groups in the Amazon EC2 User Guide.
Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only.
Deletes the queued purchases for the specified Reserved Instances.
Deletes the specified route from the specified route table.
Deletes the specified route server.
Deletes the specified route server endpoint.
Deletes the specified BGP peer from a route server.
Deletes the specified route table. You must disassociate the route table from any subnets before you can delete it. You can't delete the main route table.
Deletes a security group.
Deletes the specified snapshot.
Deletes the data feed for Spot Instances.
Deletes the specified subnet. You must terminate all running instances in the subnet before you can delete the subnet.
Deletes a subnet CIDR reservation.
Deletes the specified set of tags from the specified set of resources.
Deletes the specified Traffic Mirror filter.
Deletes the specified Traffic Mirror rule.
Deletes the specified Traffic Mirror session.
Deletes the specified Traffic Mirror target.
Deletes the specified transit gateway.
Deletes the specified Connect attachment. You must first delete any Connect peers for the attachment.
Deletes the specified Connect peer.
Deletes the specified transit gateway multicast domain.
Deletes a transit gateway peering attachment.
Deletes the specified transit gateway policy table.
Deletes a reference (route) to a prefix list in a specified transit gateway route table.
Deletes the specified route from the specified transit gateway route table.
Deletes the specified transit gateway route table. If there are any route tables associated with the transit gateway route table, you must first run DisassociateRouteTable before you can delete the transit gateway route table. This removes any route tables associated with the transit gateway route table.
Advertises to the transit gateway that a transit gateway route table is deleted.
Deletes the specified VPC attachment.
Delete an Amazon Web Services Verified Access endpoint.
Delete an Amazon Web Services Verified Access group.
Delete an Amazon Web Services Verified Access instance.
Delete an Amazon Web Services Verified Access trust provider.
Deletes the specified EBS volume. The volume must be in the available state (not attached to an instance).
Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on. When you delete the VPC, it deletes the default security group, network ACL, and route table for the VPC.
Delete a VPC Block Public Access (BPA) exclusion. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
Deletes the specified VPC endpoint connection notifications.
Deletes the specified VPC endpoints.
Deletes the specified VPC endpoint service configurations. Before you can delete an endpoint service configuration, you must reject any Available or PendingAcceptance interface endpoint connections that are attached to the service.
Deletes a VPC peering connection. Either the owner of the requester VPC or the owner of the accepter VPC can delete the VPC peering connection if it's in the active state. The owner of the requester VPC can delete a VPC peering connection in the pending-acceptance state. You cannot delete a VPC peering connection that's in the failed or rejected state.
Deletes the specified VPN connection.
Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.
Deletes the specified virtual private gateway. You must first detach the virtual private gateway from the VPC. Note that you don't need to delete the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and your network.
Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.
Deprovisions your Autonomous System Number (ASN) from your Amazon Web Services account. This action can only be called after any BYOIP CIDR associations are removed from your Amazon Web Services account with DisassociateIpamByoasn. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from a pool that has a source pool, the CIDR is recycled back into the source pool. For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User Guide.
Deprovision a CIDR from a public IPv4 pool.
Deregisters the specified AMI. A deregistered AMI can't be used to launch new instances.
Deregisters tag keys to prevent tags that have the specified tag keys from being included in scheduled event notifications for resources in the Region.
Deregisters the specified members (network interfaces) from the transit gateway multicast group.
Deregisters the specified sources (network interfaces) from the transit gateway multicast group.
Describes attributes of your Amazon Web Services account. The following are the supported account attributes:
Describes the specified Elastic IP addresses or all of your Elastic IP addresses.
Describes the attributes of the specified Elastic IP addresses. For requirements, see Using reverse DNS for email applications.
Paginate over DescribeAddressesAttributeResponse results.
Describes an Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.
Paginate over DescribeAddressTransfersResponse results.
Describes the longer ID format settings for all resource types in a specific Region. This request is useful for performing a quick audit to determine whether a specific Region is fully opted in for longer IDs (17-character IDs).
Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to you.
Describes the current Infrastructure Performance metric subscriptions.
Paginate over DescribeAwsNetworkPerformanceMetricSubscriptionsResponse results.
Describes the specified bundle tasks or all of your bundle tasks.
Describes the IP address ranges that were specified in calls to ProvisionByoipCidr.
Paginate over DescribeByoipCidrsResponse results.
Describes the events for the specified Capacity Block extension during the specified time.
Paginate over DescribeCapacityBlockExtensionHistoryResponse results.
Describes Capacity Block extension offerings available for purchase in the Amazon Web Services Region that you're currently using.
Paginate over DescribeCapacityBlockExtensionOfferingsResponse results.
Describes Capacity Block offerings available for purchase in the Amazon Web Services Region that you're currently using. With Capacity Blocks, you purchase a specific instance type for a period of time.
Paginate over DescribeCapacityBlockOfferingsResponse results.
Describes a request to assign the billing of the unused capacity of a Capacity Reservation. For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
Paginate over DescribeCapacityReservationBillingRequestsResponse results.
Describes one or more Capacity Reservation Fleets.
Paginate over DescribeCapacityReservationFleetsResponse results.
Describes one or more of your Capacity Reservations. The results describe only the Capacity Reservations in the Amazon Web Services Region that you're currently using.
Paginate over DescribeCapacityReservationsResponse results.
Describes one or more of your carrier gateways.
Paginate over DescribeCarrierGatewaysResponse results.
This action is deprecated.
Paginate over DescribeClassicLinkInstancesResponse results.
Describes the authorization rules for a specified Client VPN endpoint.
Paginate over DescribeClientVpnAuthorizationRulesResponse results.
Describes active client connections and connections that have been terminated within the last 60 minutes for the specified Client VPN endpoint.
Paginate over DescribeClientVpnConnectionsResponse results.
Describes one or more Client VPN endpoints in the account.
Paginate over DescribeClientVpnEndpointsResponse results.
Describes the routes for the specified Client VPN endpoint.
Paginate over DescribeClientVpnRoutesResponse results.
Describes the target networks associated with the specified Client VPN endpoint.
Paginate over DescribeClientVpnTargetNetworksResponse results.
Describes the specified customer-owned address pools or all of your customer-owned address pools.
Paginate over DescribeCoipPoolsResponse results.
Describes the specified conversion tasks or all your conversion tasks. For more information, see the VM Import/Export User Guide.
Describes one or more of your VPN customer gateways.
Describes the metadata of an account status report, including the status of the report.
Describes your DHCP option sets. The default is to describe all your DHCP option sets. Alternatively, you can specify specific DHCP option set IDs or filter the results to include only the DHCP option sets that match specific criteria.
Paginate over DescribeDhcpOptionsResponse results.
Describes your egress-only internet gateways. The default is to describe all your egress-only internet gateways. Alternatively, you can specify specific egress-only internet gateway IDs or filter the results to include only the egress-only internet gateways that match specific criteria.
Paginate over DescribeEgressOnlyInternetGatewaysResponse results.
Amazon Elastic Graphics reached end of life on January 8, 2024.
Describes the specified export image tasks or all of your export image tasks.
Paginate over DescribeExportImageTasksResponse results.
Describes the specified export instance tasks or all of your export instance tasks.
Describe details for Windows AMIs that are configured for Windows fast launch.
Paginate over DescribeFastLaunchImagesResponse results.
Describes the state of fast snapshot restores for your snapshots.
Paginate over DescribeFastSnapshotRestoresResponse results.
Describes the events for the specified EC2 Fleet during the specified time.
Describes the running instances for the specified EC2 Fleet.
Describes the specified EC2 Fleet or all of your EC2 Fleets.
Paginate over DescribeFleetsResponse results.
Describes one or more flow logs.
Paginate over DescribeFlowLogsResponse results.
Describes the specified attribute of the specified Amazon FPGA Image (AFI).
Describes the Amazon FPGA Images (AFIs) available to you. These include public AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services accounts for which you have load permissions.
Paginate over DescribeFpgaImagesResponse results.
Describes the Dedicated Host reservations that are available to purchase.
Paginate over DescribeHostReservationOfferingsResponse results.
Describes reservations that are associated with Dedicated Hosts in your account.
Paginate over DescribeHostReservationsResponse results.
Describes the specified Dedicated Hosts or all your Dedicated Hosts.
Paginate over DescribeHostsResponse results.
Describes your IAM instance profile associations.
Paginate over DescribeIamInstanceProfileAssociationsResponse results.
Describes the ID format settings for resources for the specified IAM user, IAM role, or root user. For example, you can view the resource types that are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.
Describes the ID format settings for your resources on a per-Region basis, for example, to view which resource types are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types.
Describes the specified attribute of the specified AMI. You can specify only one attribute at a time.
Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.
Paginate over DescribeImagesResponse results.
Displays details about an import virtual machine or import snapshot tasks that are already created.
Paginate over DescribeImportImageTasksResponse results.
Describes your import snapshot tasks.
Paginate over DescribeImportSnapshotTasksResponse results.
Describes the specified attribute of the specified instance. You can specify only one attribute at a time.
Describes the specified EC2 Instance Connect Endpoints or all EC2 Instance Connect Endpoints.
Paginate over DescribeInstanceConnectEndpointsResponse results.
Describes the credit option for CPU usage of the specified burstable performance instances. The credit options are standard and unlimited.
Paginate over DescribeInstanceCreditSpecificationsResponse results.
Describes the tag keys that are registered to appear in scheduled event notifications for resources in the current Region.
Describes the specified event windows or all event windows.
Paginate over DescribeInstanceEventWindowsResponse results.
Describes the AMI that was used to launch an instance, even if the AMI is deprecated, deregistered, made private (no longer public or shared with your account), or not allowed.
Paginate over DescribeInstanceImageMetadataResponse results.
Describes the specified instances or all instances.
Paginate over DescribeInstancesResponse results.
Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.
Paginate over DescribeInstanceStatusResponse results.
Describes a tree-based hierarchy that represents the physical host placement of your EC2 instances within an Availability Zone or Local Zone. You can use this information to determine the relative proximity of your EC2 instances within the Amazon Web Services network to support your tightly coupled workloads.
Paginate over DescribeInstanceTopologyResponse results.
Lists the instance types that are offered for the specified location. If no location is specified, the default is to list the instance types that are offered in the current Region.
Paginate over DescribeInstanceTypeOfferingsResponse results.
Describes the specified instance types. By default, all instance types for the current Region are described. Alternatively, you can filter the results.
Paginate over DescribeInstanceTypesResponse results.
Describes your internet gateways. The default is to describe all your internet gateways. Alternatively, you can specify specific internet gateway IDs or filter the results to include only the internet gateways that match specific criteria.
Paginate over DescribeInternetGatewaysResponse results.
Describes your Autonomous System Numbers (ASNs), their provisioning statuses, and the BYOIP CIDRs with which they are associated. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
Describe verification tokens. A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
Get information about your IPAM pools.
Paginate over DescribeIpamPoolsResponse results.
Describes IPAM resource discoveries. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Paginate over DescribeIpamResourceDiscoveriesResponse results.
Describes resource discovery association with an Amazon VPC IPAM. An associated resource discovery is a resource discovery that has been associated with an IPAM..
Paginate over DescribeIpamResourceDiscoveryAssociationsResponse results.
Get information about your IPAM pools.
Get information about your IPAM scopes.
Paginate over DescribeIpamScopesResponse results.
Paginate over DescribeIpamsResponse results.
Describes your IPv6 address pools.
Paginate over DescribeIpv6PoolsResponse results.
Describes the specified key pairs or all of your key pairs.
Describes one or more launch templates.
Paginate over DescribeLaunchTemplatesResponse results.
Describes one or more versions of a specified launch template. You can describe all versions, individual versions, or a range of versions. You can also describe all the latest versions or all the default versions of all the launch templates in your account.
Paginate over DescribeLaunchTemplateVersionsResponse results.
Describes one or more local gateway route tables. By default, all local gateway route tables are described. Alternatively, you can filter the results.
Paginate over DescribeLocalGatewayRouteTablesResponse results.
Describes the associations between virtual interface groups and local gateway route tables.
Paginate over DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsResponse results.
Describes the specified associations between VPCs and local gateway route tables.
Paginate over DescribeLocalGatewayRouteTableVpcAssociationsResponse results.
Describes one or more local gateways. By default, all local gateways are described. Alternatively, you can filter the results.
Paginate over DescribeLocalGatewaysResponse results.
Describes the specified local gateway virtual interface groups.
Paginate over DescribeLocalGatewayVirtualInterfaceGroupsResponse results.
Describes the specified local gateway virtual interfaces.
Paginate over DescribeLocalGatewayVirtualInterfacesResponse results.
Describes the lock status for a snapshot.
Describes the specified EC2 Mac Dedicated Host or all of your EC2 Mac Dedicated Hosts.
Paginate over DescribeMacHostsResponse results.
Describes your managed prefix lists and any Amazon Web Services-managed prefix lists.
Paginate over DescribeManagedPrefixListsResponse results.
This action is deprecated.
Paginate over DescribeMovingAddressesResponse results.
Describes your NAT gateways. The default is to describe all your NAT gateways. Alternatively, you can specify specific NAT gateway IDs or filter the results to include only the NAT gateways that match specific criteria.
Paginate over DescribeNatGatewaysResponse results.
Describes your network ACLs. The default is to describe all your network ACLs. Alternatively, you can specify specific network ACL IDs or filter the results to include only the network ACLs that match specific criteria.
Paginate over DescribeNetworkAclsResponse results.
Describes the specified Network Access Scope analyses.
Paginate over DescribeNetworkInsightsAccessScopeAnalysesResponse results.
Describes the specified Network Access Scopes.
Paginate over DescribeNetworkInsightsAccessScopesResponse results.
Describes one or more of your network insights analyses.
Paginate over DescribeNetworkInsightsAnalysesResponse results.
Describes one or more of your paths.
Paginate over DescribeNetworkInsightsPathsResponse results.
Describes a network interface attribute. You can specify only one attribute at a time.
Describes the permissions for your network interfaces.
Paginate over DescribeNetworkInterfacePermissionsResponse results.
Describes the specified network interfaces or all your network interfaces.
Paginate over DescribeNetworkInterfacesResponse results.
Describes the specified placement groups or all of your placement groups.
Describes available Amazon Web Services services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.
Paginate over DescribePrefixListsResponse results.
Describes the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference.
Paginate over DescribePrincipalIdFormatResponse results.
Describes the specified IPv4 address pools.
Paginate over DescribePublicIpv4PoolsResponse results.
Describes the Regions that are enabled for your account, or all Regions.
Describes a root volume replacement task. For more information, see Replace a root volume in the Amazon EC2 User Guide.
Paginate over DescribeReplaceRootVolumeTasksResponse results.
Describes one or more of the Reserved Instances that you purchased.
Describes your account's Reserved Instance listings in the Reserved Instance Marketplace.
Describes the modifications made to your Reserved Instances. If no parameter is specified, information about all your Reserved Instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned.
Paginate over DescribeReservedInstancesModificationsResponse results.
Describes Reserved Instance offerings that are available for purchase. With Reserved Instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.
Paginate over DescribeReservedInstancesOfferingsResponse results.
Describes one or more route server endpoints.
Paginate over DescribeRouteServerEndpointsResponse results.
Describes one or more route server peers.
Paginate over DescribeRouteServerPeersResponse results.
Describes one or more route servers.
Paginate over DescribeRouteServersResponse results.
Describes your route tables. The default is to describe all your route tables. Alternatively, you can specify specific route table IDs or filter the results to include only the route tables that match specific criteria.
Paginate over DescribeRouteTablesResponse results.
Finds available schedules that meet the specified criteria.
Paginate over DescribeScheduledInstanceAvailabilityResponse results.
Describes the specified Scheduled Instances or all your Scheduled Instances.
Paginate over DescribeScheduledInstancesResponse results.
Describes the VPCs on the other side of a VPC peering or Transit Gateway connection that are referencing the security groups you've specified in this request.
Describes one or more of your security group rules.
Paginate over DescribeSecurityGroupRulesResponse results.
Describes the specified security groups or all of your security groups.
Paginate over DescribeSecurityGroupsResponse results.
Describes security group VPC associations made with AssociateSecurityGroupVpc.
Paginate over DescribeSecurityGroupVpcAssociationsResponse results.
Describes the specified attribute of the specified snapshot. You can specify only one attribute at a time.
Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you.
Paginate over DescribeSnapshotsResponse results.
Describes the storage tier status of one or more Amazon EBS snapshots.
Paginate over DescribeSnapshotTierStatusResponse results.
Describes the data feed for Spot Instances. For more information, see Spot Instance data feed in the Amazon EC2 User Guide.
Describes the running instances for the specified Spot Fleet.
Describes the events for the specified Spot Fleet request during the specified time.
Describes your Spot Fleet requests.
Paginate over DescribeSpotFleetRequestsResponse results.
Describes the specified Spot Instance requests.
Paginate over DescribeSpotInstanceRequestsResponse results.
Describes the Spot price history. For more information, see Spot Instance pricing history in the Amazon EC2 User Guide.
Paginate over DescribeSpotPriceHistoryResponse results.
Describes the stale security group rules for security groups referenced across a VPC peering connection, transit gateway connection, or with a security group VPC association. Rules are stale when they reference a deleted security group. Rules can also be stale if they reference a security group in a peer VPC for which the VPC peering connection has been deleted, across a transit gateway where the transit gateway has been deleted (or the transit gateway security group referencing feature has been disabled), or if a security group VPC association has been disassociated.
Paginate over DescribeStaleSecurityGroupsResponse results.
Describes the progress of the AMI store tasks. You can describe the store tasks for specified AMIs. If you don't specify the AMIs, you get a paginated list of store tasks from the last 31 days.
Paginate over DescribeStoreImageTasksResponse results.
Describes your subnets. The default is to describe all your subnets. Alternatively, you can specify specific subnet IDs or filter the results to include only the subnets that match specific criteria.
Paginate over DescribeSubnetsResponse results.
Describes the specified tags for your EC2 resources.
Paginate over DescribeTagsResponse results.
Describe traffic mirror filters that determine the traffic that is mirrored.
Describes one or more Traffic Mirror filters.
Paginate over DescribeTrafficMirrorFiltersResponse results.
Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror sessions are described. Alternatively, you can filter the results.
Paginate over DescribeTrafficMirrorSessionsResponse results.
Information about one or more Traffic Mirror targets.
Paginate over DescribeTrafficMirrorTargetsResponse results.
Describes one or more attachments between resources and transit gateways. By default, all attachments are described. Alternatively, you can filter the results by attachment ID, attachment state, resource ID, or resource owner.
Paginate over DescribeTransitGatewayAttachmentsResponse results.
Describes one or more Connect peers.
Paginate over DescribeTransitGatewayConnectPeersResponse results.
Describes one or more Connect attachments.
Paginate over DescribeTransitGatewayConnectsResponse results.
Describes one or more transit gateway multicast domains.
Paginate over DescribeTransitGatewayMulticastDomainsResponse results.
Describes your transit gateway peering attachments.
Paginate over DescribeTransitGatewayPeeringAttachmentsResponse results.
Describes one or more transit gateway route policy tables.
Paginate over DescribeTransitGatewayPolicyTablesResponse results.
Describes one or more transit gateway route table advertisements.
Paginate over DescribeTransitGatewayRouteTableAnnouncementsResponse results.
Describes one or more transit gateway route tables. By default, all transit gateway route tables are described. Alternatively, you can filter the results.
Paginate over DescribeTransitGatewayRouteTablesResponse results.
Describes one or more transit gateways. By default, all transit gateways are described. Alternatively, you can filter the results.
Paginate over DescribeTransitGatewaysResponse results.
Describes one or more VPC attachments. By default, all VPC attachments are described. Alternatively, you can filter the results.
Paginate over DescribeTransitGatewayVpcAttachmentsResponse results.
Describes one or more network interface trunk associations.
Paginate over DescribeTrunkInterfaceAssociationsResponse results.
Describes the specified Amazon Web Services Verified Access endpoints.
Paginate over DescribeVerifiedAccessEndpointsResponse results.
Describes the specified Verified Access groups.
Paginate over DescribeVerifiedAccessGroupsResponse results.
Describes the specified Amazon Web Services Verified Access instances.
Paginate over DescribeVerifiedAccessInstanceLoggingConfigurationsResponse results.
Describes the specified Amazon Web Services Verified Access instances.
Paginate over DescribeVerifiedAccessInstancesResponse results.
Describes the specified Amazon Web Services Verified Access trust providers.
Paginate over DescribeVerifiedAccessTrustProvidersResponse results.
Describes the specified attribute of the specified volume. You can specify only one attribute at a time.
Describes the specified EBS volumes or all of your EBS volumes.
Describes the most recent volume modification request for the specified EBS volumes.
Paginate over DescribeVolumesModificationsResponse results.
Paginate over DescribeVolumesResponse results.
Describes the status of the specified volumes. Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume's underlying host. If the volume's underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to be taken in response to the event.
Paginate over DescribeVolumeStatusResponse results.
Describes the specified attribute of the specified VPC. You can specify only one attribute at a time.
Describe VPC Block Public Access (BPA) exclusions. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
Describe VPC Block Public Access (BPA) options. VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
This action is deprecated.
This action is deprecated.
Paginate over DescribeVpcClassicLinkDnsSupportResponse results.
Describes the VPC resources, VPC endpoint services, Amazon Lattice services, or service networks associated with the VPC endpoint.
Describes the connection notifications for VPC endpoints and VPC endpoint services.
Paginate over DescribeVpcEndpointConnectionNotificationsResponse results.
Describes the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance.
Paginate over DescribeVpcEndpointConnectionsResponse results.
Describes your VPC endpoints. The default is to describe all your VPC endpoints. Alternatively, you can specify specific VPC endpoint IDs or filter the results to include only the VPC endpoints that match specific criteria.
Describes the VPC endpoint service configurations in your account (your services).
Paginate over DescribeVpcEndpointServiceConfigurationsResponse results.
Describes the principals (service consumers) that are permitted to discover your VPC endpoint service. Principal ARNs with path components aren't supported.
Paginate over DescribeVpcEndpointServicePermissionsResponse results.
Describes available services to which you can create a VPC endpoint.
Paginate over DescribeVpcEndpointsResponse results.
Describes your VPC peering connections. The default is to describe all your VPC peering connections. Alternatively, you can specify specific VPC peering connection IDs or filter the results to include only the VPC peering connections that match specific criteria.
Paginate over DescribeVpcPeeringConnectionsResponse results.
Describes your VPCs. The default is to describe all your VPCs. Alternatively, you can specify specific VPC IDs or filter the results to include only the VPCs that match specific criteria.
Paginate over DescribeVpcsResponse results.
Describes one or more of your VPN connections.
Describes one or more of your virtual private gateways.
This action is deprecated.
Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC. The VPC must not contain any running instances with Elastic IP addresses or public IPv4 addresses.
Detaches a network interface from an instance.
Detaches the specified Amazon Web Services Verified Access trust provider from the specified Amazon Web Services Verified Access instance.
Detaches an EBS volume from an instance. Make sure to unmount any file systems on the device within your operating system before detaching the volume. Failure to do so can result in the volume becoming stuck in the busy state while detaching. If this happens, detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot the instance, or all three. If an EBS volume is the root device of an instance, it can't be detached while the instance is running. To detach the root volume, stop the instance first.
Detaches a virtual private gateway from a VPC. You do this if you're planning to turn off the VPC and not use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by describing the virtual private gateway (any attachments to the virtual private gateway are also described).
Disables Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.
Disables Allowed AMIs for your account in the specified Amazon Web Services Region. When set to disabled, the image criteria in your Allowed AMIs settings do not apply, and no restrictions are placed on AMI discoverability or usage. Users in your account can launch instances using any public AMI or AMI shared with your account.
Disables Infrastructure Performance metric subscriptions.
Disables EBS encryption by default for your account in the current Region.
Discontinue Windows fast launch for a Windows AMI, and clean up existing pre-provisioned snapshots. After you disable Windows fast launch, the AMI uses the standard launch process for each new instance. Amazon EC2 must remove all pre-provisioned snapshots before you can enable Windows fast launch again.
Disables fast snapshot restores for the specified snapshots in the specified Availability Zones.
Sets the AMI state to disabled and removes all launch permissions from the AMI. A disabled AMI can't be used for instance launches.
Disables block public access for AMIs at the account level in the specified Amazon Web Services Region. This removes the block public access restriction from your account. With the restriction removed, you can publicly share your AMIs in the specified Amazon Web Services Region.
Cancels the deprecation of the specified AMI.
Disables deregistration protection for an AMI. When deregistration protection is disabled, the AMI can be deregistered.
Disable the IPAM account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide.
Disables route propagation from a route server to a specified route table.
Disables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
Disables the block public access for snapshots setting at the account level for the specified Amazon Web Services Region. After you disable block public access for snapshots in a Region, users can publicly share snapshots in that Region.
Disables the specified resource attachment from propagating routes to the specified propagation route table.
Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC.
This action is deprecated.
This action is deprecated.
Disassociates an Elastic IP address from the instance or network interface it's associated with.
Cancels a pending request to assign billing of the unused capacity of a Capacity Reservation to a consumer account, or revokes a request that has already been accepted. For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
Disassociates a target network from the specified Client VPN endpoint. When you disassociate the last target network from a Client VPN, the following happens:
Disassociates an IAM role from an Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role's permission to use the KMS key used to encrypt the private key. This effectively revokes the role's permission to use the certificate.
Disassociates an IAM instance profile from a running or stopped instance.
Disassociates one or more targets from an event window.
Remove the association between your Autonomous System Number (ASN) and your BYOIP CIDR. You may want to use this action to disassociate an ASN from a CIDR or if you want to swap ASNs. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
Disassociates a resource discovery from an Amazon VPC IPAM. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Disassociates secondary Elastic IP addresses (EIPs) from a public NAT gateway. You cannot disassociate your primary EIP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide.
Disassociates a route server from a VPC.
Disassociates a subnet or gateway from a route table.
Disassociates a security group from a VPC. You cannot disassociate the security group if any Elastic network interfaces in the associated VPC are still associated with the security group. Note that the disassociation is asynchronous and you can check the status of the request with DescribeSecurityGroupVpcAssociations.
Disassociates a CIDR block from a subnet. Currently, you can disassociate an IPv6 CIDR block only. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.
Disassociates the specified subnets from the transit gateway multicast domain.
Removes the association between an an attachment and a policy table.
Disassociates a resource attachment from a transit gateway route table.
Removes an association between a branch network interface with a trunk network interface.
Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must specify its association ID. You can get the association ID by using DescribeVpcs. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.
Enables Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.
Enables Allowed AMIs for your account in the specified Amazon Web Services Region. Two values are accepted:
Enables Infrastructure Performance subscriptions.
Enables EBS encryption by default for your account in the current Region.
When you enable Windows fast launch for a Windows AMI, images are pre-provisioned, using snapshots to launch instances up to 65% faster. To create the optimized Windows image, Amazon EC2 launches an instance and runs through Sysprep steps, rebooting as required. Then it creates a set of reserved snapshots that are used for subsequent launches. The reserved snapshots are automatically replenished as they are used, depending on your settings for launch frequency.
Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.
Re-enables a disabled AMI. The re-enabled AMI is marked as available and can be used for instance launches, appears in describe operations, and can be shared. Amazon Web Services accounts, organizations, and Organizational Units that lost access to the AMI when it was disabled do not regain access automatically. Once the AMI is available, it can be shared with them again.
Enables block public access for AMIs at the account level in the specified Amazon Web Services Region. This prevents the public sharing of your AMIs. However, if you already have public AMIs, they will remain publicly available.
Enables deprecation of the specified AMI at the specified date and time.
Enables deregistration protection for an AMI. When deregistration protection is enabled, the AMI can't be deregistered.
Enable an Organizations member account as the IPAM admin account. You cannot select the Organizations management account as the IPAM admin account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide.
Establishes a trust relationship between Reachability Analyzer and Organizations. This operation must be performed by the management account for the organization.
Defines which route tables the route server can update with routes.
Enables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
Enables or modifies the block public access for snapshots setting at the account level for the specified Amazon Web Services Region. After you enable block public access for snapshots in a Region, users can no longer request public sharing for snapshots in that Region. Snapshots that are already publicly shared are either treated as private or they remain publicly shared, depending on the State that you specify.
Enables the specified attachment to propagate routes to the specified propagation route table.
Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC.
Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent.
This action is deprecated.
This action is deprecated.
Downloads the client certificate revocation list for the specified Client VPN endpoint.
Downloads the contents of the Client VPN endpoint configuration file for the specified Client VPN endpoint. The Client VPN endpoint configuration file includes the Client VPN endpoint and certificate information clients need to establish a connection with the Client VPN endpoint.
Exports an Amazon Machine Image (AMI) to a VM file. For more information, see Exporting a VM directly from an Amazon Machine Image (AMI) in the VM Import/Export User Guide.
Exports routes from the specified transit gateway route table to the specified S3 bucket. By default, all routes are exported. Alternatively, you can filter by CIDR range.
Exports the client configuration for a Verified Access instance.
Gets the current state of the Allowed AMIs setting and the list of Allowed AMIs criteria at the account level in the specified Region.
Returns the IAM roles that are associated with the specified ACM (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the KMS key that's used to encrypt the private key.
Gets information about the IPv6 CIDR block associations for a specified IPv6 address pool.
Paginate over GetAssociatedIpv6PoolCidrsResponse results.
Gets network performance data.
Paginate over GetAwsNetworkPerformanceDataResponse results.
Gets usage information about a Capacity Reservation. If the Capacity Reservation is shared, it shows usage information for the Capacity Reservation owner and each Amazon Web Services account that is currently using the shared capacity. If the Capacity Reservation is not shared, it shows only the Capacity Reservation owner's usage.
Describes the allocations from the specified customer-owned address pool.
Gets the console output for the specified instance. For Linux instances, the instance console output displays the exact console output that would normally be displayed on a physical monitor attached to a computer. For Windows instances, the instance console output includes the last three system event log errors.
Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.
Retrieves a summary of the account status report.
Describes the default credit option for CPU usage of a burstable performance instance family.
Describes the default KMS key for EBS encryption by default for your account in this Region. You can change the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.
Describes whether EBS encryption by default is enabled for your account in the current Region.
Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena. This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following:
Lists the resource groups to which a Capacity Reservation has been added.
Paginate over GetGroupsForCapacityReservationResponse results.
Preview a reservation purchase with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation.
Gets the current state of block public access for AMIs at the account level in the specified Amazon Web Services Region.
Gets the default instance metadata service (IMDS) settings that are set at the account level in the specified Amazon Web Services Region.
Gets the public endorsement key associated with the Nitro Trusted Platform Module (NitroTPM) for the specified instance.
Returns a list of instance types with the specified instance attributes. You can use the response to preview the instance types without launching instances. Note that the response does not consider capacity.
Paginate over GetInstanceTypesFromInstanceRequirementsResponse results.
A binary representation of the UEFI variable store. Only non-volatile variables are stored. This is a base64 encoded and zlib compressed binary value that must be properly encoded.
Retrieve historical information about a CIDR within an IPAM scope. For more information, see View the history of IP addresses in the Amazon VPC IPAM User Guide.
Paginate over GetIpamAddressHistoryResponse results.
Gets IPAM discovered accounts. A discovered account is an Amazon Web Services account that is monitored under a resource discovery. If you have integrated IPAM with Amazon Web Services Organizations, all accounts in the organization are discovered accounts. Only the IPAM account can get all discovered accounts in the organization.
Paginate over GetIpamDiscoveredAccountsResponse results.
Gets the public IP addresses that have been discovered by IPAM.
Returns the resource CIDRs that are monitored as part of a resource discovery. A discovered resource is a resource CIDR monitored under a resource discovery. The following resources can be discovered: VPCs, Public IPv4 pools, VPC subnets, and Elastic IP addresses.
Paginate over GetIpamDiscoveredResourceCidrsResponse results.
Get a list of all the CIDR allocations in an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations.
Paginate over GetIpamPoolAllocationsResponse results.
Get the CIDRs provisioned to an IPAM pool.
Paginate over GetIpamPoolCidrsResponse results.
Returns resource CIDRs managed by IPAM in a given scope. If an IPAM is associated with more than one resource discovery, the resource CIDRs across all of the resource discoveries is returned. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Paginate over GetIpamResourceCidrsResponse results.
Retrieves the configuration data of the specified instance. You can use this data to create a launch template.
Gets information about the resources that are associated with the specified managed prefix list.
Paginate over GetManagedPrefixListAssociationsResponse results.
Gets information about the entries for a specified managed prefix list.
Paginate over GetManagedPrefixListEntriesResponse results.
Gets the findings for the specified Network Access Scope analysis.
Paginate over GetNetworkInsightsAccessScopeAnalysisFindingsResponse results.
Gets the content for the specified Network Access Scope.
Retrieves the encrypted administrator password for a running Windows instance.
Returns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance. If the exchange cannot be performed, the reason is returned in the response. Use AcceptReservedInstancesExchangeQuote to perform the exchange.
Gets information about the associations for the specified route server.
Gets information about the route propagations for the specified route server.
Gets the routing database for the specified route server. The Routing Information Base (RIB) serves as a database that stores all the routing information and network topology data collected by a router or routing system, such as routes learned from BGP peers. The RIB is constantly updated as new routing information is received or existing routes change. This ensures that the route server always has the most current view of the network topology and can make optimal routing decisions.
Gets security groups that can be associated by the Amazon Web Services account making the request with network interfaces in the specified VPC.
Paginate over GetSecurityGroupsForVpcResponse results.
Retrieves the access status of your account to the EC2 serial console of all instances. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
Gets the current state of block public access for snapshots setting for the account and Region.
Calculates the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements.
Paginate over GetSpotPlacementScoresResponse results.
Gets information about the subnet CIDR reservations.
Lists the route tables to which the specified resource attachment propagates routes.
Paginate over GetTransitGatewayAttachmentPropagationsResponse results.
Gets information about the associations for the transit gateway multicast domain.
Paginate over GetTransitGatewayMulticastDomainAssociationsResponse results.
Gets a list of the transit gateway policy table associations.
Paginate over GetTransitGatewayPolicyTableAssociationsResponse results.
Returns a list of transit gateway policy table entries.
Gets information about the prefix list references in a specified transit gateway route table.
Paginate over GetTransitGatewayPrefixListReferencesResponse results.
Gets information about the associations for the specified transit gateway route table.
Paginate over GetTransitGatewayRouteTableAssociationsResponse results.
Gets information about the route table propagations for the specified transit gateway route table.
Paginate over GetTransitGatewayRouteTablePropagationsResponse results.
Get the Verified Access policy associated with the endpoint.
Gets the targets for the specified network CIDR endpoint for Verified Access.
Shows the contents of the Verified Access policy associated with the group.
Download an Amazon Web Services-provided sample configuration file to be used with the customer gateway device specified for your Site-to-Site VPN connection.
Obtain a list of customer gateway devices for which sample configuration files can be provided. The request has no additional parameters. You can also see the list of device types with sample configuration files available under Your customer gateway device in the Amazon Web Services Site-to-Site VPN User Guide.
Paginate over GetVpnConnectionDeviceTypesResponse results.
Get details of available tunnel endpoint maintenance.
Uploads a client certificate revocation list to the specified Client VPN endpoint. Uploading a client certificate revocation list overwrites the existing client certificate revocation list.
To import your virtual machines (VMs) with a console-based experience, you can use the Import virtual machine images to Amazon Web Services template in the Migration Hub Orchestrator console. For more information, see the Migration Hub Orchestrator User Guide.
We recommend that you use the ImportImage API instead. For more information, see Importing a VM as an image using VM Import/Export in the VM Import/Export User Guide.
Imports the public key from an RSA or ED25519 key pair that you created using a third-party tool. You give Amazon Web Services only the public key. The private key is never transferred between you and Amazon Web Services.
Imports a disk into an EBS snapshot.
This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead.
Lists one or more AMIs that are currently in the Recycle Bin. For more information, see Recycle Bin in the Amazon EC2 User Guide.
Paginate over ListImagesInRecycleBinResponse results.
Lists one or more snapshots that are currently in the Recycle Bin.
Paginate over ListSnapshotsInRecycleBinResponse results.
Locks an Amazon EBS snapshot in either governance or compliance mode to protect it against accidental or malicious deletions for a specific duration. A locked snapshot can't be deleted.
Modifies an attribute of the specified Elastic IP address. For requirements, see Using reverse DNS for email applications.
Changes the opt-in status of the specified zone group for your account.
Modifies a Capacity Reservation's capacity, instance eligibility, and the conditions under which it is to be released. You can't modify a Capacity Reservation's instance type, EBS optimization, platform, instance store settings, Availability Zone, or tenancy. If you need to modify any of these attributes, we recommend that you cancel the Capacity Reservation, and then create a new one with the required attributes. For more information, see Modify an active Capacity Reservation.
Modifies a Capacity Reservation Fleet.
Modifies the specified Client VPN endpoint. Modifying the DNS server resets existing client connections.
Modifies the default credit option for CPU usage of burstable performance instances. The default credit option is set at the account level per Amazon Web Services Region, and is specified per instance family. All new burstable performance instances in the account launch using the default credit option.
Changes the default KMS key for EBS encryption by default for your account in this Region.
Modifies the specified EC2 Fleet.
Modifies the specified attribute of the specified Amazon FPGA Image (AFI).
Modify the auto-placement setting of a Dedicated Host. When auto-placement is enabled, any instances that you launch with a tenancy of host but without a specific host ID are placed onto any available Dedicated Host in your account that has auto-placement enabled. When auto-placement is disabled, you need to provide a host ID to have the instance launch onto a specific host. If no host ID is provided, the instance is launched onto a suitable host with auto-placement enabled.
Modifies the ID format of a resource for a specified IAM user, IAM role, or the root user for an account; or all IAM users, IAM roles, and the root user for an account. You can specify that resources should receive longer IDs (17-character IDs) when they are created.
Modifies the ID format for the specified resource on a per-Region basis. You can specify that resources should receive longer IDs (17-character IDs) when they are created.
Modifies the specified attribute of the specified AMI. You can specify only one attribute at a time.
Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.
Modifies the Capacity Reservation settings for a stopped instance. Use this action to configure an instance to target a specific Capacity Reservation, run in any open Capacity Reservation with matching attributes, run in On-Demand Instance capacity, or only run in a Capacity Reservation.
By default, all vCPUs for the instance type are active when you launch an instance. When you configure the number of active vCPUs for the instance, it can help you save on licensing costs and optimize performance. The base cost of the instance remains unchanged.
Modifies the credit option for CPU usage on a running or stopped burstable performance instance. The credit options are standard and unlimited.
Modifies the start time for a scheduled Amazon EC2 instance event.
Modifies the specified event window.
Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default. The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see Simplified automatic recovery.
Modifies the default instance metadata service (IMDS) settings at the account level in the specified Amazon Web Services Region.
Modify the instance metadata parameters on a running or stopped instance. When you modify the parameters on a stopped instance, they are applied when the instance is started. When you modify the parameters on a running instance, the API responds with a state of “pending”. After the parameter modifications are successfully applied to the instance, the state of the modifications changes from “pending” to “applied” in subsequent describe-instances API calls. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.
Change the configuration of the network performance options for an existing instance.
Modifies the placement attributes for a specified instance. You can do the following:
Modify the configurations of an IPAM.
Modify the configurations of an IPAM pool.
Modify a resource CIDR. You can use this action to transfer resource CIDRs between scopes and ignore resource CIDRs that you do not want to manage. If set to false, the resource will not be tracked for overlap, it cannot be auto-imported into a pool, and it will be removed from any pool it has an allocation in.
Modifies a resource discovery. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
Modify an IPAM scope.
Modifies a launch template. You can specify which version of the launch template to set as the default version. When launching an instance, the default version applies when a launch template version is not specified.
Modifies the specified local gateway route.
Modifies the specified managed prefix list.
Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance.
Modifies the options for instance hostnames for the specified instance.
Modifies the configuration of your Reserved Instances, such as the Availability Zone, instance count, or instance type. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.
Modifies the configuration of an existing route server.
Modifies the rules of a security group.
Adds or removes permission settings for the specified snapshot. You may add or remove specified Amazon Web Services account IDs from a snapshot's list of create volume permissions, but you cannot do both in a single operation. If you need to both add and remove account IDs for a snapshot, you must use multiple operations. You can make up to 500 modifications to a snapshot in a single operation.
Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to a full snapshot that includes all of the blocks of data that were written to the volume at the time the snapshot was created, and moved from the standard tier to the archive tier. For more information, see Archive Amazon EBS snapshots in the Amazon EBS User Guide.
Modifies the specified Spot Fleet request.
Modifies a subnet attribute. You can only modify one attribute at a time.
Allows or restricts mirroring network services.
Modifies the specified Traffic Mirror rule.
Modifies a Traffic Mirror session.
Modifies the specified transit gateway. When you modify a transit gateway, the modified options are applied to new transit gateway attachments only. Your existing transit gateway attachments are not modified.
Modifies a reference (route) to a prefix list in a specified transit gateway route table.
Modifies the specified VPC attachment.
Modifies the configuration of the specified Amazon Web Services Verified Access endpoint.
Modifies the specified Amazon Web Services Verified Access endpoint policy.
Modifies the specified Amazon Web Services Verified Access group configuration.
Modifies the specified Amazon Web Services Verified Access group policy.
Modifies the configuration of the specified Amazon Web Services Verified Access instance.
Modifies the logging configuration for the specified Amazon Web Services Verified Access instance.
Modifies the configuration of the specified Amazon Web Services Verified Access trust provider.
You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance type, you might be able to apply these changes without stopping the instance or detaching the volume from it. For more information about modifying EBS volumes, see Amazon EBS Elastic Volumes in the Amazon EBS User Guide.
Modifies a volume attribute.
Modifies the specified attribute of the specified VPC.
Modify VPC Block Public Access (BPA) exclusions. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on.
Modify VPC Block Public Access (BPA) options. VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
Modifies attributes of a specified VPC endpoint. The attributes that you can modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load Balancer). For more information, see the Amazon Web Services PrivateLink Guide.
Modifies a connection notification for VPC endpoint or VPC endpoint service. You can change the SNS topic for the notification, or the events for which to be notified.
Modifies the attributes of the specified VPC endpoint service configuration.
Modifies the payer responsibility for your VPC endpoint service.
Modifies the permissions for your VPC endpoint service. You can add or remove permissions for service consumers (Amazon Web Services accounts, users, and IAM roles) to connect to your endpoint service. Principal ARNs with path components aren't supported.
Modifies the VPC peering connection options on one side of a VPC peering connection.
Modifies the instance tenancy attribute of the specified VPC. You can change the instance tenancy attribute of a VPC to default only. You cannot change the instance tenancy attribute to dedicated.
Modifies the customer gateway or the target gateway of an Amazon Web Services Site-to-Site VPN connection. To modify the target gateway, the following migration options are available:
Modifies the connection options for your Site-to-Site VPN connection.
Modifies the VPN tunnel endpoint certificate.
Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN connection. You can modify multiple options for a tunnel in a single request, but you can only modify one tunnel at a time. For more information, see Site-to-Site VPN tunnel options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.
Enables detailed monitoring for a running instance. Otherwise, basic monitoring is enabled. For more information, see Monitor your instances using CloudWatch in the Amazon EC2 User Guide.
This action is deprecated.
Move a BYOIPv4 CIDR to IPAM from a public IPv4 pool.
Move available capacity from a source Capacity Reservation to a destination Capacity Reservation. The source Capacity Reservation and the destination Capacity Reservation must be active, owned by your Amazon Web Services account, and share the following:
Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr.
Provisions your Autonomous System Number (ASN) for use in your Amazon Web Services account. This action requires authorization context for Amazon to bring the ASN to an Amazon Web Services account. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs to a top-level pool or to transfer a CIDR from a top-level pool to a pool within it.
Provision a CIDR to a public IPv4 pool.
Purchase the Capacity Block for use with your account. With Capacity Blocks you ensure GPU capacity is available for machine learning (ML) workloads. You must specify the ID of the Capacity Block offering you are purchasing.
Purchase the Capacity Block extension for use with your account. You must specify the ID of the Capacity Block extension offering you are purchasing.
Purchase a reservation with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation. This action results in the specified reservation being purchased and charged to your account.
Purchases a Reserved Instance for use with your account. With Reserved Instances, you pay a lower hourly rate compared to On-Demand instance pricing.
You can no longer purchase Scheduled Instances.
Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.
Registers an AMI. When you're creating an instance-store backed AMI, registering the AMI is the final step in the creation process. For more information about creating AMIs, see Create an AMI from a snapshot and Create an instance-store backed AMI in the Amazon EC2 User Guide.
Registers a set of tag keys to include in scheduled event notifications for your resources.
Registers members (network interfaces) with the transit gateway multicast group. A member is a network interface associated with a supported EC2 instance that receives multicast traffic. For more information, see Multicast on transit gateways in the Amazon Web Services Transit Gateways Guide.
Registers sources (network interfaces) with the specified transit gateway multicast group.
Rejects a request to assign billing of the available capacity of a shared Capacity Reservation to your account. For more information, see Billing assignment for shared Amazon EC2 Capacity Reservations.
Rejects a request to associate cross-account subnets with a transit gateway multicast domain.
Rejects a transit gateway peering attachment request.
Rejects a request to attach a VPC to a transit gateway.
Rejects VPC endpoint connection requests to your VPC endpoint service.
Rejects a VPC peering connection request. The VPC peering connection must be in the pending-acceptance state. Use the DescribeVpcPeeringConnections request to view your outstanding VPC peering connection requests. To delete an active VPC peering connection, or to delete a VPC peering connection request that you initiated, use DeleteVpcPeeringConnection.
Releases the specified Elastic IP address.
When you no longer want to use an On-Demand Dedicated Host it can be released. On-Demand billing is stopped and the host goes into released state. The host ID of Dedicated Hosts that have been released can no longer be specified in another request, for example, to modify the host. You must stop or terminate all instances on a host before it can be released.
Release an allocation within an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations. You can only use this action to release manual allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using ModifyIpamResourceCidr. For more information, see Release an allocation in the Amazon VPC IPAM User Guide.
Replaces an IAM instance profile for the specified running instance. You can use this action to change the IAM instance profile that's associated with an instance without having to disassociate the existing IAM instance profile first.
Sets or replaces the criteria for Allowed AMIs.
Changes which network ACL a subnet is associated with. By default when you create a subnet, it's automatically associated with the default network ACL. For more information, see Network ACLs in the Amazon VPC User Guide.
Replaces an entry (rule) in a network ACL. For more information, see Network ACLs in the Amazon VPC User Guide.
Replaces an existing route within a route table in a VPC.
Changes the route table associated with a given subnet, internet gateway, or virtual private gateway in a VPC. After the operation completes, the subnet or gateway uses the routes in the new route table. For more information about route tables, see Route tables in the Amazon VPC User Guide.
Replaces the specified route in the specified transit gateway route table.
Trigger replacement of specified VPN tunnel.
Submits feedback about the status of an instance. The instance must be in the running state. If your experience with the instance differs from the instance status returned by DescribeInstanceStatus, use ReportInstanceStatus to report your experience with the instance. Amazon EC2 collects this information to improve the accuracy of status checks.
Creates a Spot Fleet request.
Creates a Spot Instance request.
Resets the attribute of the specified IP address. For requirements, see Using reverse DNS for email applications.
Resets the default KMS key for EBS encryption for your account in this Region to the Amazon Web Services managed KMS key for EBS.
Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its default value. You can only reset the load permission attribute.
Resets an attribute of an AMI to its default value.
Resets an attribute of an instance to its default value. To reset the kernel or ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck, the instance can be either running or stopped.
Resets a network interface attribute. You can specify only one attribute at a time.
Resets permission settings for the specified snapshot.
This action is deprecated.
Restores an AMI from the Recycle Bin. For more information, see Recycle Bin in the Amazon EC2 User Guide.
Restores the entries from a previous version of a managed prefix list to a new version of the prefix list.
Restores a snapshot from the Recycle Bin. For more information, see Restore snapshots from the Recycle Bin in the Amazon EBS User Guide.
Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore period or restore type for a snapshot that was previously temporarily restored.
Removes an ingress authorization rule from a Client VPN endpoint.
Removes the specified outbound (egress) rules from the specified security group.
Removes the specified inbound (ingress) rules from a security group.
Launches the specified number of instances using an AMI for which you have permissions.
Launches the specified Scheduled Instances.
Searches for routes in the specified local gateway route table.
Paginate over SearchLocalGatewayRoutesResponse results.
Searches one or more transit gateway multicast groups and returns the group membership information.
Paginate over SearchTransitGatewayMulticastGroupsResponse results.
Searches for routes in the specified transit gateway route table.
Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a kernel panic (on Linux instances), or a blue screen/stop error (on Windows instances). For instances based on Intel and AMD processors, the interrupt is received as a non-maskable interrupt (NMI).
Generates an account status report. The report is generated asynchronously, and can take several hours to complete.
Starts an Amazon EBS-backed instance that you've previously stopped.
Starts analyzing the specified Network Access Scope.
Starts analyzing the specified path. If the path is reachable, the operation returns the shortest feasible path.
Initiates the verification process to prove that the service provider owns the private DNS name domain for the endpoint service.
Stops an Amazon EBS-backed instance. For more information, see Stop and start Amazon EC2 instances in the Amazon EC2 User Guide.
Terminates active Client VPN endpoint connections. This action can be used to terminate a specific client connection, or up to five connections established by a specific user.
Shuts down the specified instances. This operation is idempotent; if you terminate an instance more than once, each call succeeds.
Unassigns the specified IPv6 addresses or Prefix Delegation prefixes from a network interface.
Unassigns the specified secondary private IP addresses or IPv4 Prefix Delegation prefixes from a network interface.
Unassigns secondary private IPv4 addresses from a private NAT gateway. You cannot unassign your primary private IP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide.
Unlocks a snapshot that is locked in governance mode or that is locked in compliance mode but still in the cooling-off period. You can't unlock a snapshot that is locked in compliance mode after the cooling-off period has expired.
Disables detailed monitoring for a running instance. For more information, see Monitoring your instances and volumes in the Amazon EC2 User Guide.
Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.
Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.
Create a copy of the client with one or more configuration values overridden. This method allows the caller to perform scoped config overrides for one or more client operations.
Stops advertising an address range that is provisioned as an address pool.