Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that's in the running state. An instance is automatically unlinked from a VPC when it's stopped - you can link it to the VPC again when you restart it.
After you've linked an instance, you cannot change the VPC security groups that are associated with it. To change the security groups, you must first unlink the instance, and then link it again.
Linking your instance to a VPC is sometimes referred to as attaching your instance.
", "AttachInternetGateway": "Attaches an internet gateway to a VPC, enabling connectivity between the internet and the VPC. For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide.
", "AttachNetworkInterface": "Attaches a network interface to an instance.
", - "AttachVolume": "Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.
Encrypted EBS volumes may only be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
For a list of supported device names, see Attaching an EBS Volume to an Instance. Any device names that aren't reserved for instance store volumes can be used for EBS volumes. For more information, see Amazon EC2 Instance Store in the Amazon Elastic Compute Cloud User Guide.
If a volume has an AWS Marketplace product code:
The volume can be attached only to a stopped instance.
AWS Marketplace product codes are copied from the volume to the instance.
You must be subscribed to the product.
The instance type and operating system of the instance must support the product. For example, you can't detach a volume from a Windows instance and attach it to a Linux instance.
For more information about EBS volumes, see Attaching Amazon EBS Volumes in the Amazon Elastic Compute Cloud User Guide.
", + "AttachVolume": "Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.
Encrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
After you attach an EBS volume, you must make it available. For more information, see Making an EBS Volume Available For Use.
If a volume has an AWS Marketplace product code:
The volume can be attached only to a stopped instance.
AWS Marketplace product codes are copied from the volume to the instance.
You must be subscribed to the product.
The instance type and operating system of the instance must support the product. For example, you can't detach a volume from a Windows instance and attach it to a Linux instance.
For more information, see Attaching Amazon EBS Volumes in the Amazon Elastic Compute Cloud User Guide.
", "AttachVpnGateway": "Attaches a virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time.
For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide.
", "AuthorizeClientVpnIngress": "Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in AWS or on-premises networks.
", "AuthorizeSecurityGroupEgress": "[VPC only] Adds the specified egress rules to a security group for use with a VPC.
An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances associated with the specified destination security groups.
You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.
Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.
For more information about VPC security group limits, see Amazon VPC Limits.
", @@ -40,7 +40,7 @@ "ConfirmProductInstance": "Determines whether a product code is associated with an instance. This action can only be used by the owner of the product code. It is useful when a product code owner must verify whether another user's instance is eligible for support.
", "CopyFpgaImage": "Copies the specified Amazon FPGA Image (AFI) to the current Region.
", "CopyImage": "Initiates the copy of an AMI from the specified source Region to the current Region. You specify the destination Region by using its endpoint when making the request.
Copies of encrypted backing snapshots for the AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, unless you set Encrypted during the copy operation. You cannot create an unencrypted copy of an encrypted backing snapshot.
For more information about the prerequisites and limits when copying an AMI, see Copying an AMI in the Amazon Elastic Compute Cloud User Guide.
", - "CopySnapshot": "Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy the snapshot within the same Region or from one Region to another. You can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs). The snapshot is copied to the regional endpoint that you send the HTTP request to.
Copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted snapshots remain unencrypted, unless the Encrypted flag is specified during the snapshot copy operation. By default, encrypted snapshot copies use the default AWS Key Management Service (AWS KMS) customer master key (CMK); however, you can specify a non-default CMK with the KmsKeyId parameter.
To copy an encrypted snapshot that has been shared from another account, you must have permissions for the CMK used to encrypt the snapshot.
Snapshots created by copying another snapshot have an arbitrary volume ID that should not be used for any purpose.
For more information, see Copying an Amazon EBS Snapshot in the Amazon Elastic Compute Cloud User Guide.
", + "CopySnapshot": "Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy the snapshot within the same Region or from one Region to another. You can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs).
Copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted snapshots remain unencrypted, unless you enable encryption for the snapshot copy operation. By default, encrypted snapshot copies use the default AWS Key Management Service (AWS KMS) customer master key (CMK); however, you can specify a different CMK.
To copy an encrypted snapshot that has been shared from another account, you must have permissions for the CMK used to encrypt the snapshot.
Snapshots created by copying another snapshot have an arbitrary volume ID that should not be used for any purpose.
For more information, see Copying an Amazon EBS Snapshot in the Amazon Elastic Compute Cloud User Guide.
", "CreateCapacityReservation": "Creates a new Capacity Reservation with the specified attributes.
Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. This gives you the flexibility to selectively add capacity reservations and still get the Regional RI discounts for that usage. By creating Capacity Reservations, you ensure that you always have access to Amazon EC2 capacity when you need it, for as long as you need it. For more information, see Capacity Reservations in the Amazon Elastic Compute Cloud User Guide.
Your request to create a Capacity Reservation could fail if Amazon EC2 does not have sufficient capacity to fulfill the request. If your request fails due to Amazon EC2 capacity constraints, either try again at a later time, try in a different Availability Zone, or request a smaller capacity reservation. If your application is flexible across instance types and sizes, try to create a Capacity Reservation with different instance attributes.
Your request could also fail if the requested quantity exceeds your On-Demand Instance limit for the selected instance type. If your request fails due to limit constraints, increase your On-Demand Instance limit for the required instance type and try again. For more information about increasing your instance limits, see Amazon EC2 Service Limits in the Amazon Elastic Compute Cloud User Guide.
", "CreateClientVpnEndpoint": "Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated.
", "CreateClientVpnRoute": "Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks.
", @@ -77,7 +77,7 @@ "CreateTransitGatewayRoute": "Creates a static route for the specified transit gateway route table.
", "CreateTransitGatewayRouteTable": "Creates a route table for the specified transit gateway.
", "CreateTransitGatewayVpcAttachment": "Attaches the specified VPC to the specified transit gateway.
If you attach a VPC with a CIDR range that overlaps the CIDR range of a VPC that is already attached, the new VPC CIDR range is not propagated to the default propagation route table.
To send VPC traffic to an attached transit gateway, add a route to the VPC route table using CreateRoute.
", - "CreateVolume": "Creates an EBS volume that can be attached to an instance in the same Availability Zone. The volume is created in the regional endpoint that you send the HTTP request to. For more information see Regions and Endpoints.
You can create a new empty volume or restore a volume from an EBS snapshot. Any AWS Marketplace product codes from the snapshot are propagated to the volume.
You can create encrypted volumes with the Encrypted parameter. Encrypted volumes may only be attached to instances that support Amazon EBS encryption. Volumes that are created from encrypted snapshots are also automatically encrypted. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
You can tag your volumes during creation. For more information, see Tagging Your Amazon EC2 Resources in the Amazon Elastic Compute Cloud User Guide.
For more information, see Creating an Amazon EBS Volume in the Amazon Elastic Compute Cloud User Guide.
", + "CreateVolume": "Creates an EBS volume that can be attached to an instance in the same Availability Zone. The volume is created in the regional endpoint that you send the HTTP request to. For more information see Regions and Endpoints.
You can create a new empty volume or restore a volume from an EBS snapshot. Any AWS Marketplace product codes from the snapshot are propagated to the volume.
You can create encrypted volumes. Encrypted volumes must be attached to instances that support Amazon EBS encryption. Volumes that are created from encrypted snapshots are also automatically encrypted. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
You can tag your volumes during creation. For more information, see Tagging Your Amazon EC2 Resources in the Amazon Elastic Compute Cloud User Guide.
For more information, see Creating an Amazon EBS Volume in the Amazon Elastic Compute Cloud User Guide.
", "CreateVpc": "Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 netmask (65,536 IPv4 addresses). For more information about how large to make your VPC, see Your VPC and Subnets in the Amazon Virtual Private Cloud User Guide.
You can optionally request an Amazon-provided IPv6 CIDR block for the VPC. The IPv6 CIDR block uses a /56 prefix length, and is allocated from Amazon's pool of IPv6 addresses. You cannot choose the IPv6 range for your VPC.
By default, each instance you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP Options Sets in the Amazon Virtual Private Cloud User Guide.
You can specify the instance tenancy value for the VPC when you create it. You can't change this value for the VPC after you create it. For more information, see Dedicated Instances in the Amazon Elastic Compute Cloud User Guide.
", "CreateVpcEndpoint": "Creates a VPC endpoint for a specified service. An endpoint enables you to create a private connection between your VPC and the service. The service may be provided by AWS, an AWS Marketplace partner, or another AWS account. For more information, see VPC Endpoints in the Amazon Virtual Private Cloud User Guide.
A gateway endpoint serves as a target for a route in your route table for traffic destined for the AWS service. You can specify an endpoint policy to attach to the endpoint that will control access to the service from your VPC. You can also specify the VPC route tables that use the endpoint.
An interface endpoint is a network interface in your subnet that serves as an endpoint for communicating with the specified service. You can specify the subnets in which to create an endpoint, and the security groups to associate with the endpoint network interface.
Use DescribeVpcEndpointServices to get a list of supported services.
", "CreateVpcEndpointConnectionNotification": "Creates a connection notification for a specified VPC endpoint or VPC endpoint service. A connection notification notifies you of specific endpoint events. You must create an SNS topic to receive notifications. For more information, see Create a Topic in the Amazon Simple Notification Service Developer Guide.
You can create a connection notification for interface endpoints only.
", @@ -226,7 +226,7 @@ "DetachNetworkInterface": "Detaches a network interface from an instance.
", "DetachVolume": "Detaches an EBS volume from an instance. Make sure to unmount any file systems on the device within your operating system before detaching the volume. Failure to do so can result in the volume becoming stuck in the busy state while detaching. If this happens, detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot the instance, or all three. If an EBS volume is the root device of an instance, it can't be detached while the instance is running. To detach the root volume, stop the instance first.
When a volume with an AWS Marketplace product code is detached from an instance, the product code is no longer associated with the instance.
For more information, see Detaching an Amazon EBS Volume in the Amazon Elastic Compute Cloud User Guide.
", "DetachVpnGateway": "Detaches a virtual private gateway from a VPC. You do this if you're planning to turn off the VPC and not use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by describing the virtual private gateway (any attachments to the virtual private gateway are also described).
You must wait for the attachment's state to switch to detached before you can delete the VPC or attach a different VPC to the virtual private gateway.
Disables default encryption for EBS volumes that are created in your account in the current region.
Call this API if you have enabled default encryption using EnableEbsEncryptionByDefault and want to disable default EBS encryption. Once default EBS encryption is disabled, you can still create an encrypted volume by setting encrypted to true in the API call that creates the volume.
Disabling default EBS encryption will not change the encryption status of any of your existing volumes.
", + "DisableEbsEncryptionByDefault": "Disables EBS encryption by default for your account in the current Region.
After you disable encryption by default, you can still create encrypted volumes by enabling encryption when you create each volume.
Disabling encryption by default does not change the encryption status of your existing volumes.
For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
", "DisableTransitGatewayRouteTablePropagation": "Disables the specified resource attachment from propagating routes to the specified propagation route table.
", "DisableVgwRoutePropagation": "Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC.
", "DisableVpcClassicLink": "Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that has EC2-Classic instances linked to it.
", @@ -238,7 +238,7 @@ "DisassociateSubnetCidrBlock": "Disassociates a CIDR block from a subnet. Currently, you can disassociate an IPv6 CIDR block only. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.
", "DisassociateTransitGatewayRouteTable": "Disassociates a resource attachment from a transit gateway route table.
", "DisassociateVpcCidrBlock": "Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must specify its association ID. You can get the association ID by using DescribeVpcs. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.
You cannot disassociate the CIDR block with which you originally created the VPC (the primary CIDR block).
", - "EnableEbsEncryptionByDefault": "Enables default encryption for EBS volumes that are created in your account in the current region.
Once encryption is enabled with this action, EBS volumes that are created in your account will always be encrypted even if encryption is not specified at launch. This setting overrides the encrypted setting to true in all API calls that create EBS volumes in your account. A volume will be encrypted even if you specify encryption to be false in the API call that creates the volume.
If you do not specify a customer master key (CMK) in the API call that creates the EBS volume, then the volume is encrypted to your AWS account's managed CMK.
You can specify a CMK of your choice using ModifyEbsDefaultKmsKeyId.
Enabling encryption-by-default for EBS volumes has no effect on existing unencrypted volumes in your account. Encrypting the data in these requires manual action. You can either create an encrypted snapshot of an unencrypted volume, or encrypt a copy of an unencrypted snapshot. Any volume restored from an encrypted snapshot is also encrypted. For more information, see Amazon EBS Snapshots.
After EBS encryption-by-default is enabled, you can no longer launch older-generation instance types that do not support encryption. For more information, see Supported Instance Types.
", + "EnableEbsEncryptionByDefault": "Enables EBS encryption by default for your account in the current Region.
After you enable encryption by default, the EBS volumes that you create are are always encrypted, either using the default CMK or the CMK that you specified when you created each volume. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
You can specify the default CMK for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.
Enabling encryption by default has no effect on the encryption status of your existing volumes.
After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported Instance Types.
", "EnableTransitGatewayRouteTablePropagation": "Enables the specified attachment to propagate routes to the specified propagation route table.
", "EnableVgwRoutePropagation": "Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC.
", "EnableVolumeIO": "Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent.
", @@ -249,8 +249,8 @@ "ExportTransitGatewayRoutes": "Exports routes from the specified transit gateway route table to the specified S3 bucket. By default, all routes are exported. Alternatively, you can filter by CIDR range.
", "GetConsoleOutput": "Gets the console output for the specified instance. For Linux instances, the instance console output displays the exact console output that would normally be displayed on a physical monitor attached to a computer. For Windows instances, the instance console output includes the last three system event log errors.
By default, the console output returns buffered information that was posted shortly after an instance transition state (start, stop, reboot, or terminate). This information is available for at least one hour after the most recent post. Only the most recent 64 KB of console output is available.
You can optionally retrieve the latest serial console output at any time during the instance lifecycle. This option is supported on instance types that use the Nitro hypervisor.
For more information, see Instance Console Output in the Amazon Elastic Compute Cloud User Guide.
", "GetConsoleScreenshot": "Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.
The returned content is Base64-encoded.
", - "GetEbsDefaultKmsKeyId": "Describes the default customer master key (CMK) that your account uses to encrypt EBS volumes if you don’t specify a CMK in the API call. You can change this default using ModifyEbsDefaultKmsKeyId.
", - "GetEbsEncryptionByDefault": "Describes whether default EBS encryption is enabled for your account in the current region.
", + "GetEbsDefaultKmsKeyId": "Describes the default customer master key (CMK) for EBS encryption by default for your account in this Region. You can change the default CMK for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.
For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
", + "GetEbsEncryptionByDefault": "Describes whether EBS encryption by default is enabled for your account in the current Region.
For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
", "GetHostReservationPurchasePreview": "Preview a reservation purchase with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation.
This is a preview of the PurchaseHostReservation action and does not result in the offering being purchased.
", "GetLaunchTemplateData": "Retrieves the configuration data of the specified instance. You can use this data to create a launch template.
", "GetPasswordData": "Retrieves the encrypted administrator password for a running Windows instance.
The Windows password is generated at boot by the EC2Config service or EC2Launch scripts (Windows Server 2016 and later). This usually only happens the first time an instance is launched. For more information, see EC2Config and EC2Launch in the Amazon Elastic Compute Cloud User Guide.
For the EC2Config service, the password is not generated for rebundled AMIs unless Ec2SetPassword is enabled before bundling.
The password is encrypted using the key pair that you specified when you launched the instance. You must provide the corresponding key pair file.
When you launch an instance, password generation and encryption may take a few minutes. If you try to retrieve the password before it's available, the output returns an empty string. We recommend that you wait up to 15 minutes after launching an instance before trying to retrieve the generated password.
", @@ -266,7 +266,7 @@ "ImportVolume": "Creates an import volume task using metadata from the specified disk image.For more information, see Importing Disks to Amazon EBS.
For information about the import manifest referenced by this API action, see VM Import Manifest.
", "ModifyCapacityReservation": "Modifies a Capacity Reservation's capacity and the conditions under which it is to be released. You cannot change a Capacity Reservation's instance type, EBS optimization, instance store settings, platform, Availability Zone, or instance eligibility. If you need to modify any of these attributes, we recommend that you cancel the Capacity Reservation, and then create a new one with the required attributes.
", "ModifyClientVpnEndpoint": "Modifies the specified Client VPN endpoint. You can only modify an endpoint's server certificate information, client connection logging information, DNS server, and description. Modifying the DNS server resets existing client connections.
", - "ModifyEbsDefaultKmsKeyId": "Changes the customer master key (CMK) that your account uses to encrypt EBS volumes if you don't specify a CMK in the API call.
By default, your account has an AWS-managed CMK that is used for encrypting an EBS volume when no CMK is specified in the API call that creates the volume. By calling this API, you can specify a customer-managed CMK to use in place of the AWS-managed CMK.
Note: Deleting or disabling the CMK that you have specified to act as your default CMK will result in instance-launch failures.
", + "ModifyEbsDefaultKmsKeyId": "Changes the default customer master key (CMK) for EBS encryption by default for your account in this Region.
AWS creates a unique AWS managed CMK in each Region for use with encryption by default. If you change the default CMK to a customer managed CMK, it is used instead of the AWS managed CMK. To reset the default CMK to the AWS managed CMK for EBS, use ResetEbsDefaultKmsKeyId.
If you delete or disable the customer managed CMK that you specified for use with encryption by default, your instances will fail to launch.
For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
", "ModifyFleet": "Modifies the specified EC2 Fleet.
While the EC2 Fleet is being modified, it is in the modifying state.
Modifies the specified attribute of the specified Amazon FPGA Image (AFI).
", "ModifyHosts": "Modify the auto-placement setting of a Dedicated Host. When auto-placement is enabled, any instances that you launch with a tenancy of host but without a specific host ID are placed onto any available Dedicated Host in your account that has auto-placement enabled. When auto-placement is disabled, you need to provide a host ID to have the instance launch onto a specific host. If no host ID is provided, the instance is launched onto a suitable host with auto-placement enabled.
Modifies a launch template. You can specify which version of the launch template to set as the default version. When launching an instance, the default version applies when a launch template version is not specified.
", "ModifyNetworkInterfaceAttribute": "Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance.
", "ModifyReservedInstances": "Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.
For more information, see Modifying Reserved Instances in the Amazon Elastic Compute Cloud User Guide.
", - "ModifySnapshotAttribute": "Adds or removes permission settings for the specified snapshot. You may add or remove specified AWS account IDs from a snapshot's list of create volume permissions, but you cannot do both in a single API call. If you need to both add and remove account IDs for a snapshot, you must use multiple API calls.
Encrypted snapshots and snapshots with AWS Marketplace product codes cannot be made public. Snapshots encrypted with your default CMK cannot be shared with other accounts.
For more information about modifying snapshot permissions, see Sharing Snapshots in the Amazon Elastic Compute Cloud User Guide.
", + "ModifySnapshotAttribute": "Adds or removes permission settings for the specified snapshot. You may add or remove specified AWS account IDs from a snapshot's list of create volume permissions, but you cannot do both in a single operation. If you need to both add and remove account IDs for a snapshot, you must use multiple operations.
Encrypted snapshots and snapshots with AWS Marketplace product codes cannot be made public. Snapshots encrypted with your default CMK cannot be shared with other accounts.
For more information about modifying snapshot permissions, see Sharing Snapshots in the Amazon Elastic Compute Cloud User Guide.
", "ModifySpotFleetRequest": "Modifies the specified Spot Fleet request.
You can only modify a Spot Fleet request of type maintain.
While the Spot Fleet request is being modified, it is in the modifying state.
To scale up your Spot Fleet, increase its target capacity. The Spot Fleet launches the additional Spot Instances according to the allocation strategy for the Spot Fleet request. If the allocation strategy is lowestPrice, the Spot Fleet launches instances using the Spot pool with the lowest price. If the allocation strategy is diversified, the Spot Fleet distributes the instances across the Spot pools.
To scale down your Spot Fleet, decrease its target capacity. First, the Spot Fleet cancels any open requests that exceed the new target capacity. You can request that the Spot Fleet terminate Spot Instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowestPrice, the Spot Fleet terminates the instances with the highest price per unit. If the allocation strategy is diversified, the Spot Fleet terminates instances across the Spot pools. Alternatively, you can request that the Spot Fleet keep the fleet at its current size, but not replace any Spot Instances that are interrupted or that you terminate manually.
If you are finished with your Spot Fleet for now, but will use it again later, you can set the target capacity to 0.
", "ModifySubnetAttribute": "Modifies a subnet attribute. You can only modify one attribute at a time.
", "ModifyTransitGatewayVpcAttachment": "Modifies the specified VPC attachment.
", - "ModifyVolume": "You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance type, you may be able to apply these changes without stopping the instance or detaching the volume from it. For more information about modifying an EBS volume running Linux, see Modifying the Size, IOPS, or Type of an EBS Volume on Linux. For more information about modifying an EBS volume running Windows, see Modifying the Size, IOPS, or Type of an EBS Volume on Windows.
When you complete a resize operation on your volume, you need to extend the volume's file-system size to take advantage of the new storage capacity. For information about extending a Linux file system, see Extending a Linux File System. For information about extending a Windows file system, see Extending a Windows File System.
You can use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. You can also track the status of a modification using the DescribeVolumesModifications API. For information about tracking status changes using either method, see Monitoring Volume Modifications.
With previous-generation instance types, resizing an EBS volume may require detaching and reattaching the volume or stopping and restarting the instance. For more information, see Modifying the Size, IOPS, or Type of an EBS Volume on Linux and Modifying the Size, IOPS, or Type of an EBS Volume on Windows.
If you reach the maximum volume modification rate per volume limit, you will need to wait at least six hours before applying further modifications to the affected EBS volume.
", + "ModifyVolume": "You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance type, you may be able to apply these changes without stopping the instance or detaching the volume from it. For more information about modifying an EBS volume running Linux, see Modifying the Size, IOPS, or Type of an EBS Volume on Linux. For more information about modifying an EBS volume running Windows, see Modifying the Size, IOPS, or Type of an EBS Volume on Windows.
When you complete a resize operation on your volume, you need to extend the volume's file-system size to take advantage of the new storage capacity. For information about extending a Linux file system, see Extending a Linux File System. For information about extending a Windows file system, see Extending a Windows File System.
You can use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. You can also track the status of a modification using DescribeVolumesModifications. For information about tracking status changes using either method, see Monitoring Volume Modifications.
With previous-generation instance types, resizing an EBS volume may require detaching and reattaching the volume or stopping and restarting the instance. For more information, see Modifying the Size, IOPS, or Type of an EBS Volume on Linux and Modifying the Size, IOPS, or Type of an EBS Volume on Windows.
If you reach the maximum volume modification rate per volume limit, you will need to wait at least six hours before applying further modifications to the affected EBS volume.
", "ModifyVolumeAttribute": "Modifies a volume attribute.
By default, all I/O operations for the volume are suspended when the data on the volume is determined to be potentially inconsistent, to prevent undetectable, latent data corruption. The I/O access to the volume can be resumed by first enabling I/O access and then checking the data consistency on your volume.
You can change the default behavior to resume I/O operations. We recommend that you change this only for boot volumes or for volumes that are stateless or disposable.
", "ModifyVpcAttribute": "Modifies the specified attribute of the specified VPC.
", "ModifyVpcEndpoint": "Modifies attributes of a specified VPC endpoint. The attributes that you can modify depend on the type of VPC endpoint (interface or gateway). For more information, see VPC Endpoints in the Amazon Virtual Private Cloud User Guide.
", @@ -317,7 +317,7 @@ "ReportInstanceStatus": "Submits feedback about the status of an instance. The instance must be in the running state. If your experience with the instance differs from the instance status returned by DescribeInstanceStatus, use ReportInstanceStatus to report your experience with the instance. Amazon EC2 collects this information to improve the accuracy of status checks.
Use of this action does not change the value returned by DescribeInstanceStatus.
", "RequestSpotFleet": "Creates a Spot Fleet request.
The Spot Fleet request specifies the total target capacity and the On-Demand target capacity. Amazon EC2 calculates the difference between the total capacity and On-Demand capacity, and launches the difference as Spot capacity.
You can submit a single request that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.
By default, the Spot Fleet requests Spot Instances in the Spot pool where the price per unit is the lowest. Each launch specification can include its own instance weighting that reflects the value of the instance type to your application workload.
Alternatively, you can specify that the Spot Fleet distribute the target capacity across the Spot pools included in its launch specifications. By ensuring that the Spot Instances in your Spot Fleet are in different Spot pools, you can improve the availability of your fleet.
You can specify tags for the Spot Instances. You cannot tag other resource types in a Spot Fleet request because only the instance resource type is supported.
For more information, see Spot Fleet Requests in the Amazon EC2 User Guide for Linux Instances.
", "RequestSpotInstances": "Creates a Spot Instance request.
For more information, see Spot Instance Requests in the Amazon EC2 User Guide for Linux Instances.
", - "ResetEbsDefaultKmsKeyId": "Resets the account's default customer master key (CMK) to the account's AWS-managed default CMK. This default CMK is used to encrypt EBS volumes when you have enabled EBS encryption by default without specifying a CMK in the API call. If you have not enabled encryption by default, then this CMK is used when you set the Encrypted parameter to true without specifying a custom CMK in the API call.
Call this API if you have modified the default CMK that is used for encrypting your EBS volume using ModifyEbsDefaultKmsKeyId and you want to reset it to the AWS-managed default CMK. After resetting, you can continue to provide a CMK of your choice in the API call that creates the volume. However, if no CMK is specified, your account will encrypt the volume to the AWS-managed default CMK.
", + "ResetEbsDefaultKmsKeyId": "Resets the default customer master key (CMK) for EBS encryption for your account in this Region to the AWS managed CMK for EBS.
After resetting the default CMK to the AWS managed CMK, you can continue to encrypt by a customer managed CMK by specifying it when you create the volume. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
", "ResetFpgaImageAttribute": "Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its default value. You can only reset the load permission attribute.
", "ResetImageAttribute": "Resets an attribute of an AMI to its default value.
The productCodes attribute can't be reset.
Resets an attribute of an instance to its default value. To reset the kernel or ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck, the instance can be either running or stopped.
The sourceDestCheck attribute controls whether source/destination checking is enabled. The default value is true, which means checking is enabled. This value must be false for a NAT instance to perform NAT. For more information, see NAT Instances in the Amazon Virtual Private Cloud User Guide.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default CMK for EBS is used unless you specify a non-default AWS Key Management Service (AWS KMS) CMK using KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Specifies whether the destination snapshot should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot use it to create an unencrypted copy of an encrypted snapshot. Your default CMK for EBS is used unless you specify a non-default AWS Key Management Service (AWS KMS) CMK using KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
Specifies whether the destination snapshot should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot use it to create an unencrypted copy of an encrypted snapshot. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.
", "CopySnapshotRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS- optimized instance.
", "CreateCapacityReservationRequest$EphemeralStorage": "Indicates whether the Capacity Reservation supports instances with temporary, block-level storage.
", @@ -995,7 +995,7 @@ "CreateTransitGatewayRouteRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Specifies the encryption state of the volume. The default effect of setting the Encrypted parameter to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether account-level encryption is enabled. Each default case can be overridden by specifying a customer master key (CMK) using the KmsKeyId parameter, in addition to setting Encrypted to true. For a complete list of possible encryption cases, see Amazon EBS Encryption.
Encrypted Amazon EBS volumes may only be attached to instances that support Amazon EBS encryption. For more information, see Supported Instance Types.
", + "CreateVolumeRequest$Encrypted": "Specifies whether the volume should be encrypted. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Encryption by Default in the Amazon Elastic Compute Cloud User Guide.
Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Supported Instance Types.
", "CreateVolumeRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Account-level encryption status after performing the action.
", + "DisableEbsEncryptionByDefaultResult$EbsEncryptionByDefault": "The updated status of encryption by default.
", "DisableTransitGatewayRouteTablePropagationRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Returns true if the request succeeds; otherwise, it returns an error.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Indicates whether the volume is deleted on instance termination.
", "EbsInstanceBlockDeviceSpecification$DeleteOnTermination": "Indicates whether the volume is deleted on instance termination.
", "EnableEbsEncryptionByDefaultRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Account-level encryption status after performing the action.
", + "EnableEbsEncryptionByDefaultResult$EbsEncryptionByDefault": "The updated status of encryption by default.
", "EnableTransitGatewayRouteTablePropagationRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Returns true if the request succeeds; otherwise, it returns an error.
When set to true, acts as keystroke input and wakes up an instance that's in standby or \"sleep\" mode.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Indicates whether default encryption for EBS volumes is enabled or disabled.
", + "GetEbsEncryptionByDefaultResult$EbsEncryptionByDefault": "Indicates whether encryption by default is enabled.
", "GetLaunchTemplateDataRequest$DryRun": "Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Indicates whether VPC endpoint connection requests to the service must be accepted by the service owner.
", "ServiceDetail$ManagesVpcEndpoints": "Indicates whether the service manages it's VPC endpoints. Management of the service VPC endpoints using the VPC endpoint API is restricted.
", "Snapshot$Encrypted": "Indicates whether the snapshot is encrypted.
", - "SnapshotInfo$Encrypted": "Boolean that specifies whether or not this snapshot is encrypted.
", + "SnapshotInfo$Encrypted": "Indicates whether the snapshot is encrypted.
", "SnapshotTaskDetail$Encrypted": "Indicates whether the snapshot is encrypted.
", "SpotFleetLaunchSpecification$EbsOptimized": "Indicates whether the instances are optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance.
Default: false
Enables monitoring for the instance.
Default: false
Returns true if the request succeeds; otherwise, returns an error.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Returns true if the request succeeds; otherwise, returns an error.
Indicates whether the volume will be encrypted.
", + "Volume$Encrypted": "Indicates whether the volume is encrypted.
", "VolumeAttachment$DeleteOnTermination": "Indicates whether the EBS volume is deleted on instance termination.
", "Vpc$IsDefault": "Indicates whether the VPC is the default VPC.
", "VpcClassicLink$ClassicLinkEnabled": "Indicates whether the VPC is enabled for ClassicLink.
", @@ -4301,7 +4301,8 @@ "DnsEntrySet": { "base": null, "refs": { - "VpcEndpoint$DnsEntries": "(Interface endpoint) The DNS entries for the endpoint.
" + "VpcEndpoint$DnsEntries": "(Interface endpoint) The DNS entries for the endpoint.
", + "VpcEndpointConnection$DnsEntries": "The DNS entries for the VPC endpoint.
" } }, "DnsServersOptionsModifyStructure": { @@ -4701,12 +4702,12 @@ "DescribeHostReservationsRequest$Filter": "The filters.
instance-family - The instance family (for example, m4).
payment-option - The payment option (NoUpfront | PartialUpfront | AllUpfront).
state - The state of the reservation (payment-pending | payment-failed | active | retired).
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The filters.
auto-placement - Whether auto-placement is enabled or disabled (on | off).
availability-zone - The Availability Zone of the host.
client-token - The idempotency token that you provided when you allocated the host.
host-reservation-id - The ID of the reservation assigned to this host.
instance-type - The instance type size that the Dedicated Host is configured to support.
state - The allocation state of the Dedicated Host (available | under-assessment | permanent-failure | released | released-permanent-failure).
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The filters.
instance-id - The ID of the instance.
state - The state of the association (associating | associated | disassociating | disassociated).
The filters.
architecture - The image architecture (i386 | x86_64).
block-device-mapping.delete-on-termination - A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.
block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).
block-device-mapping.snapshot-id - The ID of the snapshot used for the EBS volume.
block-device-mapping.volume-size - The volume size of the EBS volume, in GiB.
block-device-mapping.volume-type - The volume type of the EBS volume (gp2 | io1 | st1 | sc1 | standard).
block-device-mapping.encrypted - A Boolean that indicates whether the EBS volume is encrypted.
description - The description of the image (provided during image creation).
ena-support - A Boolean that indicates whether enhanced networking with ENA is enabled.
hypervisor - The hypervisor type (ovm | xen).
image-id - The ID of the image.
image-type - The image type (machine | kernel | ramdisk).
is-public - A Boolean that indicates whether the image is public.
kernel-id - The kernel ID.
manifest-location - The location of the image manifest.
name - The name of the AMI (provided during image creation).
owner-alias - String value from an Amazon-maintained list (amazon | aws-marketplace | microsoft) of snapshot owners. Not to be confused with the user-configured AWS account alias, which is set from the IAM console.
owner-id - The AWS account ID of the image owner.
platform - The platform. To only list Windows-based AMIs, use windows.
product-code - The product code.
product-code.type - The type of the product code (devpay | marketplace).
ramdisk-id - The RAM disk ID.
root-device-name - The device name of the root device volume (for example, /dev/sda1).
root-device-type - The type of the root device volume (ebs | instance-store).
state - The state of the image (available | pending | failed).
state-reason-code - The reason code for the state change.
state-reason-message - The message for the state change.
sriov-net-support - A value of simple indicates that enhanced networking with the Intel 82599 VF interface is enabled.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
virtualization-type - The virtualization type (paravirtual | hvm).
The filters.
architecture - The image architecture (i386 | x86_64 | arm64).
block-device-mapping.delete-on-termination - A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.
block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).
block-device-mapping.snapshot-id - The ID of the snapshot used for the EBS volume.
block-device-mapping.volume-size - The volume size of the EBS volume, in GiB.
block-device-mapping.volume-type - The volume type of the EBS volume (gp2 | io1 | st1 | sc1 | standard).
block-device-mapping.encrypted - A Boolean that indicates whether the EBS volume is encrypted.
description - The description of the image (provided during image creation).
ena-support - A Boolean that indicates whether enhanced networking with ENA is enabled.
hypervisor - The hypervisor type (ovm | xen).
image-id - The ID of the image.
image-type - The image type (machine | kernel | ramdisk).
is-public - A Boolean that indicates whether the image is public.
kernel-id - The kernel ID.
manifest-location - The location of the image manifest.
name - The name of the AMI (provided during image creation).
owner-alias - String value from an Amazon-maintained list (amazon | aws-marketplace | microsoft) of snapshot owners. Not to be confused with the user-configured AWS account alias, which is set from the IAM console.
owner-id - The AWS account ID of the image owner.
platform - The platform. To only list Windows-based AMIs, use windows.
product-code - The product code.
product-code.type - The type of the product code (devpay | marketplace).
ramdisk-id - The RAM disk ID.
root-device-name - The device name of the root device volume (for example, /dev/sda1).
root-device-type - The type of the root device volume (ebs | instance-store).
state - The state of the image (available | pending | failed).
state-reason-code - The reason code for the state change.
state-reason-message - The message for the state change.
sriov-net-support - A value of simple indicates that enhanced networking with the Intel 82599 VF interface is enabled.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
virtualization-type - The virtualization type (paravirtual | hvm).
Filter tasks using the task-state filter and one of the following values: active, completed, deleting, deleted.
The filters.
", "DescribeInstanceCreditSpecificationsRequest$Filters": "The filters.
instance-id - The ID of the instance.
The filters.
availability-zone - The Availability Zone of the instance.
event.code - The code for the scheduled event (instance-reboot | system-reboot | system-maintenance | instance-retirement | instance-stop).
event.description - A description of the event.
event.instance-event-id - The ID of the event whose date and time you are modifying.
event.not-after - The latest end time for the scheduled event (for example, 2014-09-15T17:15:20.000Z).
event.not-before - The earliest start time for the scheduled event (for example, 2014-09-15T17:15:20.000Z).
event.not-before-deadline - The deadline for starting the event (for example, 2014-09-15T17:15:20.000Z).
instance-state-code - The code for the instance state, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).
instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).
instance-status.reachability - Filters on instance status where the name is reachability (passed | failed | initializing | insufficient-data).
instance-status.status - The status of the instance (ok | impaired | initializing | insufficient-data | not-applicable).
system-status.reachability - Filters on system status where the name is reachability (passed | failed | initializing | insufficient-data).
system-status.status - The system status of the instance (ok | impaired | initializing | insufficient-data | not-applicable).
The filters.
affinity - The affinity setting for an instance running on a Dedicated Host (default | host).
architecture - The instance architecture (i386 | x86_64).
availability-zone - The Availability Zone of the instance.
block-device-mapping.attach-time - The attach time for an EBS volume mapped to the instance, for example, 2010-09-15T17:15:20.000Z.
block-device-mapping.delete-on-termination - A Boolean that indicates whether the EBS volume is deleted on instance termination.
block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).
block-device-mapping.status - The status for the EBS volume (attaching | attached | detaching | detached).
block-device-mapping.volume-id - The volume ID of the EBS volume.
client-token - The idempotency token you provided when you launched the instance.
dns-name - The public DNS name of the instance.
group-id - The ID of the security group for the instance. EC2-Classic only.
group-name - The name of the security group for the instance. EC2-Classic only.
hibernation-options.configured - A Boolean that indicates whether the instance is enabled for hibernation. A value of true means that the instance is enabled for hibernation.
host-id - The ID of the Dedicated Host on which the instance is running, if applicable.
hypervisor - The hypervisor type of the instance (ovm | xen).
iam-instance-profile.arn - The instance profile associated with the instance. Specified as an ARN.
image-id - The ID of the image used to launch the instance.
instance-id - The ID of the instance.
instance-lifecycle - Indicates whether this is a Spot Instance or a Scheduled Instance (spot | scheduled).
instance-state-code - The state of the instance, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are: 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).
instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).
instance-type - The type of instance (for example, t2.micro).
instance.group-id - The ID of the security group for the instance.
instance.group-name - The name of the security group for the instance.
ip-address - The public IPv4 address of the instance.
kernel-id - The kernel ID.
key-name - The name of the key pair used when the instance was launched.
launch-index - When launching multiple instances, this is the index for the instance in the launch group (for example, 0, 1, 2, and so on).
launch-time - The time when the instance was launched.
monitoring-state - Indicates whether detailed monitoring is enabled (disabled | enabled).
network-interface.addresses.private-ip-address - The private IPv4 address associated with the network interface.
network-interface.addresses.primary - Specifies whether the IPv4 address of the network interface is the primary private IPv4 address.
network-interface.addresses.association.public-ip - The ID of the association of an Elastic IP address (IPv4) with a network interface.
network-interface.addresses.association.ip-owner-id - The owner ID of the private IPv4 address associated with the network interface.
network-interface.association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.
network-interface.association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.
network-interface.association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.
network-interface.association.association-id - The association ID returned when the network interface was associated with an IPv4 address.
network-interface.attachment.attachment-id - The ID of the interface attachment.
network-interface.attachment.instance-id - The ID of the instance to which the network interface is attached.
network-interface.attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.
network-interface.attachment.device-index - The device index to which the network interface is attached.
network-interface.attachment.status - The status of the attachment (attaching | attached | detaching | detached).
network-interface.attachment.attach-time - The time that the network interface was attached to an instance.
network-interface.attachment.delete-on-termination - Specifies whether the attachment is deleted when an instance is terminated.
network-interface.availability-zone - The Availability Zone for the network interface.
network-interface.description - The description of the network interface.
network-interface.group-id - The ID of a security group associated with the network interface.
network-interface.group-name - The name of a security group associated with the network interface.
network-interface.ipv6-addresses.ipv6-address - The IPv6 address associated with the network interface.
network-interface.mac-address - The MAC address of the network interface.
network-interface.network-interface-id - The ID of the network interface.
network-interface.owner-id - The ID of the owner of the network interface.
network-interface.private-dns-name - The private DNS name of the network interface.
network-interface.requester-id - The requester ID for the network interface.
network-interface.requester-managed - Indicates whether the network interface is being managed by AWS.
network-interface.status - The status of the network interface (available) | in-use).
network-interface.source-dest-check - Whether the network interface performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.
network-interface.subnet-id - The ID of the subnet for the network interface.
network-interface.vpc-id - The ID of the VPC for the network interface.
owner-id - The AWS account ID of the instance owner.
placement-group-name - The name of the placement group for the instance.
placement-partition-number - The partition in which the instance is located.
platform - The platform. To list only Windows instances, use windows.
private-dns-name - The private IPv4 DNS name of the instance.
private-ip-address - The private IPv4 address of the instance.
product-code - The product code associated with the AMI used to launch the instance.
product-code.type - The type of product code (devpay | marketplace).
ramdisk-id - The RAM disk ID.
reason - The reason for the current state of the instance (for example, shows \"User Initiated [date]\" when you stop or terminate the instance). Similar to the state-reason-code filter.
requester-id - The ID of the entity that launched the instance on your behalf (for example, AWS Management Console, Auto Scaling, and so on).
reservation-id - The ID of the instance's reservation. A reservation ID is created any time you launch an instance. A reservation ID has a one-to-one relationship with an instance launch request, but can be associated with more than one instance if you launch multiple instances using the same launch request. For example, if you launch one instance, you get one reservation ID. If you launch ten instances using the same launch request, you also get one reservation ID.
root-device-name - The device name of the root device volume (for example, /dev/sda1).
root-device-type - The type of the root device volume (ebs | instance-store).
source-dest-check - Indicates whether the instance performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the instance to perform network address translation (NAT) in your VPC.
spot-instance-request-id - The ID of the Spot Instance request.
state-reason-code - The reason code for the state change.
state-reason-message - A message that describes the state change.
subnet-id - The ID of the subnet for the instance.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.
tenancy - The tenancy of an instance (dedicated | default | host).
virtualization-type - The virtualization type of the instance (paravirtual | hvm).
vpc-id - The ID of the VPC that the instance is running in.
The filters.
affinity - The affinity setting for an instance running on a Dedicated Host (default | host).
architecture - The instance architecture (i386 | x86_64 | arm64).
availability-zone - The Availability Zone of the instance.
block-device-mapping.attach-time - The attach time for an EBS volume mapped to the instance, for example, 2010-09-15T17:15:20.000Z.
block-device-mapping.delete-on-termination - A Boolean that indicates whether the EBS volume is deleted on instance termination.
block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).
block-device-mapping.status - The status for the EBS volume (attaching | attached | detaching | detached).
block-device-mapping.volume-id - The volume ID of the EBS volume.
client-token - The idempotency token you provided when you launched the instance.
dns-name - The public DNS name of the instance.
group-id - The ID of the security group for the instance. EC2-Classic only.
group-name - The name of the security group for the instance. EC2-Classic only.
hibernation-options.configured - A Boolean that indicates whether the instance is enabled for hibernation. A value of true means that the instance is enabled for hibernation.
host-id - The ID of the Dedicated Host on which the instance is running, if applicable.
hypervisor - The hypervisor type of the instance (ovm | xen).
iam-instance-profile.arn - The instance profile associated with the instance. Specified as an ARN.
image-id - The ID of the image used to launch the instance.
instance-id - The ID of the instance.
instance-lifecycle - Indicates whether this is a Spot Instance or a Scheduled Instance (spot | scheduled).
instance-state-code - The state of the instance, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are: 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).
instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).
instance-type - The type of instance (for example, t2.micro).
instance.group-id - The ID of the security group for the instance.
instance.group-name - The name of the security group for the instance.
ip-address - The public IPv4 address of the instance.
kernel-id - The kernel ID.
key-name - The name of the key pair used when the instance was launched.
launch-index - When launching multiple instances, this is the index for the instance in the launch group (for example, 0, 1, 2, and so on).
launch-time - The time when the instance was launched.
monitoring-state - Indicates whether detailed monitoring is enabled (disabled | enabled).
network-interface.addresses.private-ip-address - The private IPv4 address associated with the network interface.
network-interface.addresses.primary - Specifies whether the IPv4 address of the network interface is the primary private IPv4 address.
network-interface.addresses.association.public-ip - The ID of the association of an Elastic IP address (IPv4) with a network interface.
network-interface.addresses.association.ip-owner-id - The owner ID of the private IPv4 address associated with the network interface.
network-interface.association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.
network-interface.association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.
network-interface.association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.
network-interface.association.association-id - The association ID returned when the network interface was associated with an IPv4 address.
network-interface.attachment.attachment-id - The ID of the interface attachment.
network-interface.attachment.instance-id - The ID of the instance to which the network interface is attached.
network-interface.attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.
network-interface.attachment.device-index - The device index to which the network interface is attached.
network-interface.attachment.status - The status of the attachment (attaching | attached | detaching | detached).
network-interface.attachment.attach-time - The time that the network interface was attached to an instance.
network-interface.attachment.delete-on-termination - Specifies whether the attachment is deleted when an instance is terminated.
network-interface.availability-zone - The Availability Zone for the network interface.
network-interface.description - The description of the network interface.
network-interface.group-id - The ID of a security group associated with the network interface.
network-interface.group-name - The name of a security group associated with the network interface.
network-interface.ipv6-addresses.ipv6-address - The IPv6 address associated with the network interface.
network-interface.mac-address - The MAC address of the network interface.
network-interface.network-interface-id - The ID of the network interface.
network-interface.owner-id - The ID of the owner of the network interface.
network-interface.private-dns-name - The private DNS name of the network interface.
network-interface.requester-id - The requester ID for the network interface.
network-interface.requester-managed - Indicates whether the network interface is being managed by AWS.
network-interface.status - The status of the network interface (available) | in-use).
network-interface.source-dest-check - Whether the network interface performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.
network-interface.subnet-id - The ID of the subnet for the network interface.
network-interface.vpc-id - The ID of the VPC for the network interface.
owner-id - The AWS account ID of the instance owner.
placement-group-name - The name of the placement group for the instance.
placement-partition-number - The partition in which the instance is located.
platform - The platform. To list only Windows instances, use windows.
private-dns-name - The private IPv4 DNS name of the instance.
private-ip-address - The private IPv4 address of the instance.
product-code - The product code associated with the AMI used to launch the instance.
product-code.type - The type of product code (devpay | marketplace).
ramdisk-id - The RAM disk ID.
reason - The reason for the current state of the instance (for example, shows \"User Initiated [date]\" when you stop or terminate the instance). Similar to the state-reason-code filter.
requester-id - The ID of the entity that launched the instance on your behalf (for example, AWS Management Console, Auto Scaling, and so on).
reservation-id - The ID of the instance's reservation. A reservation ID is created any time you launch an instance. A reservation ID has a one-to-one relationship with an instance launch request, but can be associated with more than one instance if you launch multiple instances using the same launch request. For example, if you launch one instance, you get one reservation ID. If you launch ten instances using the same launch request, you also get one reservation ID.
root-device-name - The device name of the root device volume (for example, /dev/sda1).
root-device-type - The type of the root device volume (ebs | instance-store).
source-dest-check - Indicates whether the instance performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the instance to perform network address translation (NAT) in your VPC.
spot-instance-request-id - The ID of the Spot Instance request.
state-reason-code - The reason code for the state change.
state-reason-message - A message that describes the state change.
subnet-id - The ID of the subnet for the instance.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.
tenancy - The tenancy of an instance (dedicated | default | host).
virtualization-type - The virtualization type of the instance (paravirtual | hvm).
vpc-id - The ID of the VPC that the instance is running in.
One or more filters.
attachment.state - The current state of the attachment between the gateway and the VPC (available). Present only if a VPC is attached.
attachment.vpc-id - The ID of an attached VPC.
internet-gateway-id - The ID of the Internet gateway.
owner-id - The ID of the AWS account that owns the internet gateway.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The filters.
fingerprint - The fingerprint of the key pair.
key-name - The name of the key pair.
One or more filters.
create-time - The time the launch template version was created.
ebs-optimized - A boolean that indicates whether the instance is optimized for Amazon EBS I/O.
iam-instance-profile - The ARN of the IAM instance profile.
image-id - The ID of the AMI.
instance-type - The instance type.
is-default-version - A boolean that indicates whether the launch template version is the default version.
kernel-id - The kernel ID.
ram-disk-id - The RAM disk ID.
One or more filters.
cidr - The primary IPv4 CIDR block of the VPC. The CIDR block you specify must exactly match the VPC's CIDR block for information to be returned for the VPC. Must contain the slash followed by one or two digits (for example, /28).
cidr-block-association.cidr-block - An IPv4 CIDR block associated with the VPC.
cidr-block-association.association-id - The association ID for an IPv4 CIDR block associated with the VPC.
cidr-block-association.state - The state of an IPv4 CIDR block associated with the VPC.
dhcp-options-id - The ID of a set of DHCP options.
ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the VPC.
ipv6-cidr-block-association.association-id - The association ID for an IPv6 CIDR block associated with the VPC.
ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the VPC.
isDefault - Indicates whether the VPC is the default VPC.
owner-id - The ID of the AWS account that owns the VPC.
state - The state of the VPC (pending | available).
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC.
One or more filters.
customer-gateway-configuration - The configuration information for the customer gateway.
customer-gateway-id - The ID of a customer gateway associated with the VPN connection.
state - The state of the VPN connection (pending | available | deleting | deleted).
option.static-routes-only - Indicates whether the connection has static routes only. Used for devices that do not support Border Gateway Protocol (BGP).
route.destination-cidr-block - The destination CIDR block. This corresponds to the subnet used in a customer data center.
bgp-asn - The BGP Autonomous System Number (ASN) associated with a BGP device.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
type - The type of VPN connection. Currently the only supported type is ipsec.1.
vpn-connection-id - The ID of the VPN connection.
vpn-gateway-id - The ID of a virtual private gateway associated with the VPN connection.
One or more filters.
amazon-side-asn - The Autonomous System Number (ASN) for the Amazon side of the gateway.
attachment.state - The current state of the attachment between the gateway and the VPC (attaching | attached | detaching | detached).
attachment.vpc-id - The ID of an attached VPC.
availability-zone - The Availability Zone for the virtual private gateway (if applicable).
state - The state of the virtual private gateway (pending | available | deleting | deleted).
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
type - The type of virtual private gateway. Currently the only supported type is ipsec.1.
vpn-gateway-id - The ID of the virtual private gateway.
One or more filters. The possible values are:
attachment.transit-gateway-attachment-id- The id of the transit gateway attachment.
attachment.resource-id - The resource id of the transit gateway attachment.
route-search.exact-match - The exact match of the specified filter.
route-search.longest-prefix-match - The longest prefix that matches the route.
route-search.subnet-of-match - The routes with a subnet that match the specified CIDR filter.
route-search.supernet-of-match - The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.
state - The state of the attachment (available | deleted | deleting | failed | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting).
transit-gateway-route-destination-cidr-block - The CIDR range.
type - The type of roue (active | blackhole).
One or more filters. The possible values are:
attachment.transit-gateway-attachment-id - The id of the transit gateway attachment.
attachment.resource-id - The resource id of the transit gateway attachment.
route-search.exact-match - The exact match of the specified filter.
route-search.longest-prefix-match - The longest prefix that matches the route.
route-search.subnet-of-match - The routes with a subnet that match the specified CIDR filter.
route-search.supernet-of-match - The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.
state - The state of the attachment (available | deleted | deleting | failed | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting).
transit-gateway-route-destination-cidr-block - The CIDR range.
type - The type of route (active | blackhole).
One or more filters. The possible values are:
transit-gateway-route-table-id - The ID of the transit gateway route table.
One or more filters. The possible values are:
resource-id - The ID of the resource.
resource-type - The resource type (vpc | vpn).
transit-gateway-attachment-id - The ID of the attachment.
One or more filters. The possible values are:
resource-id - The ID of the resource.
resource-type - The resource type (vpc | vpn).
transit-gateway-attachment-id - The ID of the attachment.
One or more filters. The possible values are:
attachment.transit-gateway-attachment-id- The id of the transit gateway attachment.
attachment.resource-id - The resource id of the transit gateway attachment.
attachment.resource-type - The attachment resource type (vpc | vpn).
route-search.exact-match - The exact match of the specified filter.
route-search.longest-prefix-match - The longest prefix that matches the route.
route-search.subnet-of-match - The routes with a subnet that match the specified CIDR filter.
route-search.supernet-of-match - The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.
state - The state of the attachment (available | deleted | deleting | failed | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting).
type - The type of roue (active | blackhole).
One or more filters. The possible values are:
attachment.transit-gateway-attachment-id- The id of the transit gateway attachment.
attachment.resource-id - The resource id of the transit gateway attachment.
attachment.resource-type - The attachment resource type (vpc | vpn).
route-search.exact-match - The exact match of the specified filter.
route-search.longest-prefix-match - The longest prefix that matches the route.
route-search.subnet-of-match - The routes with a subnet that match the specified CIDR filter.
route-search.supernet-of-match - The routes with a CIDR that encompass the CIDR filter. For example, if you have 10.0.1.0/29 and 10.0.1.0/31 routes in your route table and you specify supernet-of-match as 10.0.1.0/30, then the result returns 10.0.1.0/29.
state - The state of the route (active | blackhole).
type - The type of roue (propagated | static).
Object that contains information about a snapshot.
", + "base": "Information about a snapshot.
", "refs": { "SnapshotSet$member": null } @@ -9072,7 +9073,7 @@ "CopyImageResult$ImageId": "The ID of the new AMI.
", "CopySnapshotRequest$Description": "A description for the EBS snapshot.
", "CopySnapshotRequest$DestinationRegion": "The destination Region to use in the PresignedUrl parameter of a snapshot copy operation. This parameter is only valid for specifying the destination Region in a PresignedUrl parameter, where it is required.
The snapshot copy is sent to the regional endpoint that you sent the HTTP request to (for example, ec2.us-east-1.amazonaws.com). With the AWS CLI, this is specified using the --region parameter or the default Region in your AWS configuration file.
An identifier for the AWS Key Management Service (AWS KMS) customer master key (CMK) to use to encrypt the volume. This parameter is only required if you want to use a customer-managed CMK; if this parameter is not specified, your AWS-managed CMK for the account is used. If a KmsKeyId is specified, the Encrypted flag must also be set.
The CMK identifier may be provided in any of the following formats:
Key ID: For example, key/1234abcd-12ab-34cd-56ef-1234567890ab.
Key alias: For example, alias/ExampleAlias.
Key ARN: The key ARN contains the arn:aws:kms namespace, followed by the Region of the CMK, the AWS account ID of the CMK owner, the key namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.
Alias ARN: The alias ARN contains the arn:aws:kms namespace, followed by the Region of the CMK, the AWS account ID of the CMK owner, the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
AWS authenticates KmsKeyId asynchronously, meaning that the action you call may appear to complete even though you provided an invalid identifier. The action will eventually fail.
The identifier of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use for Amazon EBS encryption. If this parameter is not specified, your AWS managed CMK for EBS is used. If KmsKeyId is specified, the encrypted state must be true.
You can specify the CMK using any of the following:
Key ID. For example, key/1234abcd-12ab-34cd-56ef-1234567890ab.
Key alias. For example, alias/ExampleAlias.
Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.
Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.
", "CopySnapshotRequest$PresignedUrl": "When you copy an encrypted source snapshot using the Amazon EC2 Query API, you must supply a pre-signed URL. This parameter is optional for unencrypted snapshots. For more information, see Query Requests.
The PresignedUrl should use the snapshot source endpoint, the CopySnapshot action, and include the SourceRegion, SourceSnapshotId, and DestinationRegion parameters. The PresignedUrl must be signed using AWS Signature Version 4. Because EBS snapshots are stored in Amazon S3, the signing algorithm for this parameter uses the same logic that is described in Authenticating Requests by Using Query Parameters (AWS Signature Version 4) in the Amazon Simple Storage Service API Reference. An invalid or improperly signed PresignedUrl will cause the copy operation to fail asynchronously, and the snapshot will move to an error state.
The ID of the Region that contains the snapshot to be copied.
", "CopySnapshotRequest$SourceSnapshotId": "The ID of the EBS snapshot to copy.
", @@ -9172,7 +9173,7 @@ "CreateTransitGatewayVpcAttachmentRequest$VpcId": "The ID of the VPC.
", "CreateVolumePermission$UserId": "The AWS account ID to be added or removed.
", "CreateVolumeRequest$AvailabilityZone": "The Availability Zone in which to create the volume.
", - "CreateVolumeRequest$KmsKeyId": "An identifier for the AWS Key Management Service (AWS KMS) customer master key (CMK) to use to encrypt the volume. This parameter is only required if you want to use a customer-managed CMK; if this parameter is not specified, your AWS-managed CMK for the account is used. If a KmsKeyId is specified, the Encrypted flag must also be set.
The CMK identifier may be provided in any of the following formats:
Key ID: For example, key/1234abcd-12ab-34cd-56ef-1234567890ab.
Key alias: For example, alias/ExampleAlias.
Key ARN: The key ARN contains the arn:aws:kms namespace, followed by the Region of the CMK, the AWS account ID of the CMK owner, the key namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.
Alias ARN: The alias ARN contains the arn:aws:kms namespace, followed by the Region of the CMK, the AWS account ID of the CMK owner, the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
AWS authenticates KmsKeyId asynchronously, meaning that the action you call may appear to complete even though you provided an invalid identifier. The action will eventually fail.
The identifier of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use for Amazon EBS encryption. If this parameter is not specified, your AWS managed CMK for EBS is used. If KmsKeyId is specified, the encrypted state must be true.
You can specify the CMK using any of the following:
Key ID. For example, key/1234abcd-12ab-34cd-56ef-1234567890ab.
Key alias. For example, alias/ExampleAlias.
Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.
Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.
", "CreateVolumeRequest$SnapshotId": "The snapshot from which to create the volume.
At least one of Size or SnapshotId are required.
The ID of the endpoint service.
", "CreateVpcEndpointConnectionNotificationRequest$VpcEndpointId": "The ID of the endpoint.
", @@ -9499,7 +9500,7 @@ "FleetLaunchTemplateSpecification$LaunchTemplateId": "The ID of the launch template. You must specify either a template ID or a template name.
", "FleetLaunchTemplateSpecification$Version": "The version number of the launch template. You must specify a version number.
", "FleetLaunchTemplateSpecificationRequest$LaunchTemplateId": "The ID of the launch template.
", - "FleetLaunchTemplateSpecificationRequest$Version": "The version number of the launch template.
", + "FleetLaunchTemplateSpecificationRequest$Version": "The version number of the launch template. Note: This is a required parameter and will be updated soon.
", "FlowLog$DeliverLogsErrorMessage": "Information about the error that occurred. Rate limited indicates that CloudWatch Logs throttling has been applied for one or more network interfaces, or that you've reached the limit on the number of log groups that you can create. Access error indicates that the IAM role associated with the flow log does not have sufficient permissions to publish to CloudWatch Logs. Unknown error indicates an internal error.
The ARN of the IAM role that posts logs to CloudWatch Logs.
", "FlowLog$DeliverLogsStatus": "The status of the logs delivery (SUCCESS | FAILED).
The ID of the instance.
", "GetConsoleScreenshotResult$ImageData": "The data that comprises the image.
", "GetConsoleScreenshotResult$InstanceId": "The ID of the instance.
", - "GetEbsDefaultKmsKeyIdResult$KmsKeyId": "The full ARN of the default CMK that your account uses to encrypt an EBS volume when no CMK is specified in the API call that creates the volume.
", + "GetEbsDefaultKmsKeyIdResult$KmsKeyId": "The Amazon Resource Name (ARN) of the default CMK for encryption by default.
", "GetHostReservationPurchasePreviewRequest$OfferingId": "The offering ID of the reservation.
", "GetHostReservationPurchasePreviewResult$TotalHourlyPrice": "The potential total hourly price of the reservation per hour.
", "GetHostReservationPurchasePreviewResult$TotalUpfrontPrice": "The potential total upfront price. This is billed immediately.
", @@ -9595,7 +9596,7 @@ "ImageIdStringList$member": null, "ImportClientVpnClientCertificateRevocationListRequest$ClientVpnEndpointId": "The ID of the Client VPN endpoint to which the client certificate revocation list applies.
", "ImportClientVpnClientCertificateRevocationListRequest$CertificateRevocationList": "The client certificate revocation list file. For more information, see Generate a Client Certificate Revocation List in the AWS Client VPN Administrator Guide.
", - "ImportImageRequest$Architecture": "The architecture of the virtual machine.
Valid values: i386 | x86_64
The architecture of the virtual machine.
Valid values: i386 | x86_64 | arm64
The token to enable idempotency for VM import requests.
", "ImportImageRequest$Description": "A description string for the import image task.
", "ImportImageRequest$Hypervisor": "The target hypervisor platform.
Valid values: xen
The progress of the task.
", "ImportImageResult$Status": "A brief status of the task.
", "ImportImageResult$StatusMessage": "A detailed status message of the import task.
", - "ImportImageTask$Architecture": "The architecture of the virtual machine.
Valid values: i386 | x86_64
The architecture of the virtual machine.
Valid values: i386 | x86_64 | arm64
A description of the import task.
", "ImportImageTask$Hypervisor": "The target hypervisor for the import task.
Valid values: xen
The ID of the Amazon Machine Image (AMI) of the imported virtual machine.
", @@ -9792,8 +9793,8 @@ "ModifyClientVpnEndpointRequest$ClientVpnEndpointId": "The ID of the Client VPN endpoint to modify.
", "ModifyClientVpnEndpointRequest$ServerCertificateArn": "The ARN of the server certificate to be used. The server certificate must be provisioned in AWS Certificate Manager (ACM).
", "ModifyClientVpnEndpointRequest$Description": "A brief description of the Client VPN endpoint.
", - "ModifyEbsDefaultKmsKeyIdRequest$KmsKeyId": "An identifier for the AWS Key Management Service (AWS KMS) customer master key (CMK) to use to encrypt the volume. This parameter is only required if you want to use a customer-managed CMK; if this parameter is not specified, your AWS-managed CMK for the account is used. If a KmsKeyId is specified, the Encrypted flag must also be set.
The CMK identifier may be provided in any of the following formats:
Key ID: For example, key/1234abcd-12ab-34cd-56ef-1234567890ab.
Key alias: For example, alias/ExampleAlias.
Key ARN: The key ARN contains the arn:aws:kms namespace, followed by the Region of the CMK, the AWS account ID of the CMK owner, the key namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.
Alias ARN: The alias ARN contains the arn:aws:kms namespace, followed by the Region of the CMK, the AWS account ID of the CMK owner, the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
AWS authenticates KmsKeyId asynchronously, meaning that the action you call may appear to complete even though you provided an invalid identifier. The action will eventually fail.
The full ARN of the default CMK that your account uses to encrypt an EBS volume when no CMK is specified in the API call that creates the volume.
", + "ModifyEbsDefaultKmsKeyIdRequest$KmsKeyId": "The identifier of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use for Amazon EBS encryption. If this parameter is not specified, your AWS managed CMK for EBS is used. If KmsKeyId is specified, the encrypted state must be true.
You can specify the CMK using any of the following:
Key ID. For example, key/1234abcd-12ab-34cd-56ef-1234567890ab.
Key alias. For example, alias/ExampleAlias.
Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.
Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.
", + "ModifyEbsDefaultKmsKeyIdResult$KmsKeyId": "The Amazon Resource Name (ARN) of the default CMK for encryption by default.
", "ModifyFpgaImageAttributeRequest$FpgaImageId": "The ID of the AFI.
", "ModifyFpgaImageAttributeRequest$Description": "A description for the AFI.
", "ModifyFpgaImageAttributeRequest$Name": "A name for the AFI.
", @@ -10024,7 +10025,7 @@ "ReservedInstancesOffering$AvailabilityZone": "The Availability Zone in which the Reserved Instance can be used.
", "ReservedInstancesOffering$ReservedInstancesOfferingId": "The ID of the Reserved Instance offering. This is the offering ID used in GetReservedInstancesExchangeQuote to confirm that an exchange can be made.
", "ReservedInstancesOfferingIdStringList$member": null, - "ResetEbsDefaultKmsKeyIdResult$KmsKeyId": "The full ARN of the default CMK that your account uses to encrypt an EBS volume when no CMK is specified in the API call that creates the volume.
", + "ResetEbsDefaultKmsKeyIdResult$KmsKeyId": "The Amazon Resource Name (ARN) of the default CMK for EBS encryption by default.
", "ResetFpgaImageAttributeRequest$FpgaImageId": "The ID of the AFI.
", "ResetImageAttributeRequest$ImageId": "The ID of the AMI.
", "ResetInstanceAttributeRequest$InstanceId": "The ID of the instance.
", @@ -10149,13 +10150,13 @@ "ServiceDetail$ServiceId": "The ID of the endpoint service.
", "ServiceDetail$Owner": "The AWS account ID of the service owner.
", "ServiceDetail$PrivateDnsName": "The private DNS name for the service.
", - "Snapshot$DataEncryptionKeyId": "The data encryption key identifier for the snapshot. This value is a unique identifier that corresponds to the data encryption key that was used to encrypt the original volume or snapshot copy. Because data encryption keys are inherited by volumes created from snapshots, and vice versa, if snapshots share the same data encryption key identifier, then they belong to the same volume/snapshot lineage. This parameter is only returned by the DescribeSnapshots API operation.
", + "Snapshot$DataEncryptionKeyId": "The data encryption key identifier for the snapshot. This value is a unique identifier that corresponds to the data encryption key that was used to encrypt the original volume or snapshot copy. Because data encryption keys are inherited by volumes created from snapshots, and vice versa, if snapshots share the same data encryption key identifier, then they belong to the same volume/snapshot lineage. This parameter is only returned by DescribeSnapshots.
", "Snapshot$Description": "The description for the snapshot.
", - "Snapshot$KmsKeyId": "The full ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to protect the volume encryption key for the parent volume.
", + "Snapshot$KmsKeyId": "The Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to protect the volume encryption key for the parent volume.
", "Snapshot$OwnerId": "The AWS account ID of the EBS snapshot owner.
", "Snapshot$Progress": "The progress of the snapshot, as a percentage.
", "Snapshot$SnapshotId": "The ID of the snapshot. Each snapshot receives a unique identifier when it is created.
", - "Snapshot$StateMessage": "Encrypted Amazon EBS snapshots are copied asynchronously. If a snapshot copy operation fails (for example, if the proper AWS Key Management Service (AWS KMS) permissions are not obtained) this field displays error state details to help you diagnose why the error occurred. This parameter is only returned by the DescribeSnapshots API operation.
", + "Snapshot$StateMessage": "Encrypted Amazon EBS snapshots are copied asynchronously. If a snapshot copy operation fails (for example, if the proper AWS Key Management Service (AWS KMS) permissions are not obtained) this field displays error state details to help you diagnose why the error occurred. This parameter is only returned by DescribeSnapshots.
", "Snapshot$VolumeId": "The ID of the volume that was used to create the snapshot. Snapshots created by the CopySnapshot action have an arbitrary volume ID that should not be used for any purpose.
", "Snapshot$OwnerAlias": " Value from an Amazon-maintained list (amazon | self | all | aws-marketplace | microsoft) of snapshot owners. Not to be confused with the user-configured AWS account alias, which is set from the IAM console.
A description for the snapshot.
", @@ -10321,7 +10322,7 @@ "VgwTelemetry$OutsideIpAddress": "The Internet-routable IP address of the virtual private gateway's outside interface.
", "VgwTelemetry$StatusMessage": "If an error occurs, a description of the error.
", "Volume$AvailabilityZone": "The Availability Zone for the volume.
", - "Volume$KmsKeyId": "The full ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to protect the volume encryption key for the volume.
", + "Volume$KmsKeyId": "The Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to protect the volume encryption key for the volume.
", "Volume$SnapshotId": "The snapshot from which the volume was created, if applicable.
", "Volume$VolumeId": "The ID of the volume.
", "VolumeAttachment$Device": "The device name.
", @@ -10354,6 +10355,7 @@ "VpcEndpoint$VpcId": "The ID of the VPC to which the endpoint is associated.
", "VpcEndpoint$ServiceName": "The name of the service to which the endpoint is associated.
", "VpcEndpoint$PolicyDocument": "The policy document associated with the endpoint, if applicable.
", + "VpcEndpoint$OwnerId": "The ID of the AWS account that owns the VPC endpoint.
", "VpcEndpointConnection$ServiceId": "The ID of the service to which the endpoint is connected.
", "VpcEndpointConnection$VpcEndpointId": "The ID of the VPC endpoint.
", "VpcEndpointConnection$VpcEndpointOwner": "The AWS account ID of the owner of the VPC endpoint.
", @@ -11161,7 +11163,8 @@ "TransitGatewayVpcAttachment$SubnetIds": "The IDs of the subnets.
", "VpcEndpoint$RouteTableIds": "(Gateway endpoint) One or more route tables associated with the endpoint.
", "VpcEndpoint$SubnetIds": "(Interface endpoint) One or more subnets in which the endpoint is located.
", - "VpcEndpoint$NetworkInterfaceIds": "(Interface endpoint) One or more network interfaces for the endpoint.
" + "VpcEndpoint$NetworkInterfaceIds": "(Interface endpoint) One or more network interfaces for the endpoint.
", + "VpcEndpointConnection$NetworkLoadBalancerArns": "The Amazon Resource Names (ARNs) of the network load balancers for the service.
" } }, "VersionDescription": { diff --git a/aws-sdk-core/endpoints.json b/aws-sdk-core/endpoints.json index 96f0a15ab78..941f14c1bfd 100644 --- a/aws-sdk-core/endpoints.json +++ b/aws-sdk-core/endpoints.json @@ -2964,7 +2964,7 @@ }, "support" : { "endpoints" : { - "us-east-1" : { } + "aws-global" : { } } }, "swf" : { @@ -3400,6 +3400,18 @@ "cn-northwest-1" : { } } }, + "kms" : { + "endpoints" : { + "ProdFips" : { + "credentialScope" : { + "region" : "cn-northwest-1" + }, + "hostname" : "kms-fips.cn-northwest-1.amazonaws.com.cn" + }, + "cn-north-1" : { }, + "cn-northwest-1" : { } + } + }, "lambda" : { "endpoints" : { "cn-north-1" : { },