Amazon Elastic Compute Cloud (Amazon EC2) provides secure and resizable computing capacity in the Amazon Web Services Cloud. Using Amazon EC2 eliminates the need to invest in hardware up front, so you can develop and deploy applications faster. Amazon Virtual Private Cloud (Amazon VPC) enables you to provision a logically isolated section of the Amazon Web Services Cloud where you can launch Amazon Web Services resources in a virtual network that you\'ve defined. Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance and used like a hard drive.

To learn more, see the following resources:

• Amazon EC2: Amazon EC2 product page, Amazon EC2 documentation

• Amazon EBS: Amazon EBS product page, Amazon EBS documentation

• Amazon VPC: Amazon VPC product page, Amazon VPC documentation

• VPN: VPN product page, VPN documentation

Accepts an Elastic IP address transfer. For more information, see Accept a transferred Elastic IP address in the Amazon Virtual Private Cloud User Guide.

Accepts the Convertible Reserved Instance exchange quote described in the GetReservedInstancesExchangeQuote call.

Accepts a request to associate subnets with a transit gateway multicast domain.

Accepts a transit gateway peering attachment request. The peering attachment must be in the pendingAcceptance state.

Accepts a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment to reject a VPC attachment request.

Accepts connection requests to your VPC endpoint service.

Accept a VPC peering connection request. To accept a request, the VPC peering connection must be in the pending-acceptance state, and you must be the owner of the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC peering connection requests.

For an inter-Region VPC peering connection request, you must accept the VPC peering connection in the Region of the accepter VPC.

Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

We recommend that you stop advertising the BYOIP CIDR from other locations when you advertise it from Amazon Web Services. To minimize down time, you can configure your Amazon Web Services resources to use an address from a BYOIP CIDR before it is advertised, and then simultaneously stop advertising it from the current location and start advertising it through Amazon Web Services.

It can take a few minutes before traffic to the specified addresses starts routing to Amazon Web Services because of BGP propagation delays.

To stop advertising the BYOIP CIDR, use WithdrawByoipCidr.

Allocates an Elastic IP address to your Amazon Web Services account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different Amazon Web Services account.

You can allocate an Elastic IP address from an address pool owned by Amazon Web Services or from an address pool created from a public IPv4 address range that you have brought to Amazon Web Services for use with your Amazon Web Services resources using bring your own IP addresses (BYOIP). For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide.

If you release an Elastic IP address, you might be able to recover it. You cannot recover an Elastic IP address that you released after it is allocated to another Amazon Web Services account. To attempt to recover an Elastic IP address that you released, specify it in this operation.

For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

You can allocate a carrier IP address which is a public IP address from a telecommunication carrier, to a network interface which resides in a subnet in a Wavelength Zone (for example an EC2 instance).

Allocates a Dedicated Host to your account. At a minimum, specify the supported instance type or instance family, the Availability Zone in which to allocate the host, and the number of hosts to allocate.

Allocate a CIDR from an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations.

In IPAM, an allocation is a CIDR assignment from an IPAM pool to another IPAM pool or to a resource. For more information, see Allocate CIDRs in the Amazon VPC IPAM User Guide.

Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups.

Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet\'s IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type. For information, see IP Addresses Per Network Interface Per Instance Type in the Amazon Elastic Compute Cloud User Guide.

You must specify either the IPv6 addresses or the IPv6 address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.

Assigns one or more secondary private IP addresses to the specified network interface.

You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet\'s CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For information about instance types, see Instance Types in the Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.

Remapping an IP address is an asynchronous operation. When you move an IP address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that the remapping is complete.

You must specify either the IP addresses or the IP address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.

Assigns one or more private IPv4 addresses to a private NAT gateway. For more information, see Work with NAT gateways in the Amazon VPC User Guide.

Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account.

If the Elastic IP address is already associated with a different instance, it is disassociated from that instance and associated with the specified instance. If you associate an Elastic IP address with an instance that has an existing Elastic IP address, the existing address is disassociated from the instance, but remains allocated to your account.

[Subnets in Wavelength Zones] You can associate an IP address from the telecommunication carrier to the instance or network interface.

You cannot associate an Elastic IP address with an interface in a different network border group.

Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.

If you specified a VPC when you created the Client VPN endpoint or if you have previous subnet associations, the specified subnet must be in the same VPC. To specify a subnet that\'s in a different VPC, you must first modify the Client VPN endpoint (ModifyClientVpnEndpoint) and change the VPC that\'s associated with it.

Associates a set of DHCP options (that you\'ve previously created) with the specified VPC, or associates no DHCP options with the VPC.

After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don\'t need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operating system on the instance.

For more information, see DHCP options sets in the Amazon VPC User Guide.

Associates an Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the Amazon Web Services Nitro Enclaves User Guide.

When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 location that only the associated IAM role can access. The private key of the certificate is encrypted with an Amazon Web Services managed key that has an attached attestation-based key policy.

To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the Amazon Web Services Nitro Enclaves User Guide.

Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance.

Associates one or more targets with an event window. Only one type of target (instance IDs, Dedicated Host IDs, or tags) can be specified with an event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

Associates an IPAM resource discovery with an Amazon VPC IPAM. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.

Associates Elastic IP addresses (EIPs) and private IPv4 addresses with a public NAT gateway. For more information, see Work with NAT gateways in the Amazon VPC User Guide.

By default, you can associate up to 2 Elastic IP addresses per public NAT gateway. You can increase the limit by requesting a quota adjustment. For more information, see Elastic IP address quotas in the Amazon VPC User Guide.

Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC. This association causes traffic from the subnet or gateway to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table later. A route table can be associated with multiple subnets.

For more information, see Route tables in the Amazon VPC User Guide.

Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of /64.

Associates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain.

The transit gateway attachment must be in the available state before you can add a resource. Use DescribeTransitGatewayAttachments to see the state of the attachment.

Associates the specified transit gateway attachment with a transit gateway policy table.

Associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment.

Associates a branch network interface with a trunk network interface.

Before you create the association, run the create-network-interface command and set --interface-type to trunk. You must also create a network interface for each branch network interface that you want to associate with the trunk network interface.

Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). The IPv6 CIDR block size is fixed at /56.

You must specify one of the following in the request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR block.

For more information about associating CIDR blocks with your VPC and applicable restrictions, see IP addressing for your VPCs and subnets in the Amazon VPC User Guide.

Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that\'s in the running state. An instance is automatically unlinked from a VPC when it\'s stopped - you can link it to the VPC again when you restart it.

After you\'ve linked an instance, you cannot change the VPC security groups that are associated with it. To change the security groups, you must first unlink the instance, and then link it again.

Linking your instance to a VPC is sometimes referred to as attaching your instance.

Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC. For more information, see Internet gateways in the Amazon VPC User Guide.

Attaches a network interface to an instance.

Attaches the specified Amazon Web Services Verified Access trust provider to the specified Amazon Web Services Verified Access instance.

Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.

Encrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

After you attach an EBS volume, you must make it available. For more information, see Make an EBS volume available for use.

If a volume has an Amazon Web Services Marketplace product code:

• The volume can be attached only to a stopped instance.

• Amazon Web Services Marketplace product codes are copied from the volume to the instance.

• You must be subscribed to the product.

• The instance type and operating system of the instance must support the product. For example, you can\'t detach a volume from a Windows instance and attach it to a Linux instance.

For more information, see Attach an Amazon EBS volume to an instance in the Amazon Elastic Compute Cloud User Guide.

Attaches a virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in Amazon Web Services or on-premises networks.

Adds the specified outbound (egress) rules to a security group for use with a VPC.

An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified source security groups. When specifying an outbound rule for your security group in a VPC, the IpPermissions must include a destination for the traffic.

You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

For information about VPC security group quotas, see Amazon VPC quotas.

Adds the specified inbound (ingress) rules to a security group.

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups. When specifying an inbound rule for your security group in a VPC, the IpPermissions must include a source for the traffic.

You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

For more information about VPC security group quotas, see Amazon VPC quotas.

Bundles an Amazon instance store-backed Windows instance.

During bundling, only the root device volume (C:\\) is bundled. Data on other instance store volumes is not preserved.

Cancels a bundling operation for an instance store-backed Windows instance.

Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation\'s state to cancelled.

Instances running in the reserved capacity continue running until you stop them. Stopped instances that target the Capacity Reservation can no longer launch. Modify these instances to either target a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation that has matching attributes and sufficient capacity.

Cancels one or more Capacity Reservation Fleets. When you cancel a Capacity Reservation Fleet, the following happens:

• The Capacity Reservation Fleet\'s status changes to cancelled.

• The individual Capacity Reservations in the Fleet are cancelled. Instances running in the Capacity Reservations at the time of cancelling the Fleet continue to run in shared capacity.

• The Fleet stops creating new Capacity Reservations.

Cancels an active conversion task. The task can be the import of an instance or volume. The action removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is in the process of transferring the final disk image, the command fails and returns an exception.

For more information, see Importing a Virtual Machine Using the Amazon EC2 CLI.

Cancels an active export task. The request removes all artifacts of the export, including any partially-created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk image, the command fails and returns an error.

Removes your Amazon Web Services account from the launch permissions for the specified AMI. For more information, see Cancel having an AMI shared with your Amazon Web Services account in the Amazon EC2 User Guide.

Cancels an in-process import virtual machine or import snapshot task.

Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

Cancels the specified Spot Fleet requests.

After you cancel a Spot Fleet request, the Spot Fleet launches no new instances.

You must also specify whether a canceled Spot Fleet request should terminate its instances. If you choose to terminate the instances, the Spot Fleet request enters the cancelled_terminating state. Otherwise, the Spot Fleet request enters the cancelled_running state and the instances continue to run until they are interrupted or you terminate them manually.

Cancels one or more Spot Instance requests.

Determines whether a product code is associated with an instance. This action can only be used by the owner of the product code. It is useful when a product code owner must verify whether another user\'s instance is eligible for support.

Copies the specified Amazon FPGA Image (AFI) to the current Region.

Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can\'t copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.

To copy an AMI from one Region to another, specify the source Region using the SourceRegion parameter, and specify the destination Region using its endpoint. Copies of encrypted backing snapshots for the AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, unless you set Encrypted during the copy operation. You cannot create an unencrypted copy of an encrypted backing snapshot.

To copy an AMI from a Region to an Outpost, specify the source Region using the SourceRegion parameter, and specify the ARN of the destination Outpost using DestinationOutpostArn. Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon EC2 User Guide.

For more information about the prerequisites and limits when copying an AMI, see Copy an AMI in the Amazon EC2 User Guide.

Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a snapshot within the same Region, from one Region to another, or from a Region to an Outpost. You can\'t copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

You can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs).

When copying snapshots to a Region, copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted snapshots remain unencrypted, unless you enable encryption for the snapshot copy operation. By default, encrypted snapshot copies use the default Key Management Service (KMS) KMS key; however, you can specify a different KMS key. To copy an encrypted snapshot that has been shared from another account, you must have permissions for the KMS key used to encrypt the snapshot.

Snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.

Snapshots created by copying another snapshot have an arbitrary volume ID that should not be used for any purpose.

For more information, see Copy an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide.

Creates a new Capacity Reservation with the specified attributes.

Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. This gives you the flexibility to selectively add capacity reservations and still get the Regional RI discounts for that usage. By creating Capacity Reservations, you ensure that you always have access to Amazon EC2 capacity when you need it, for as long as you need it. For more information, see Capacity Reservations in the Amazon EC2 User Guide.

Your request to create a Capacity Reservation could fail if Amazon EC2 does not have sufficient capacity to fulfill the request. If your request fails due to Amazon EC2 capacity constraints, either try again at a later time, try in a different Availability Zone, or request a smaller capacity reservation. If your application is flexible across instance types and sizes, try to create a Capacity Reservation with different instance attributes.

Your request could also fail if the requested quantity exceeds your On-Demand Instance limit for the selected instance type. If your request fails due to limit constraints, increase your On-Demand Instance limit for the required instance type and try again. For more information about increasing your instance limits, see Amazon EC2 Service Quotas in the Amazon EC2 User Guide.

Creates a Capacity Reservation Fleet. For more information, see Create a Capacity Reservation Fleet in the Amazon EC2 User Guide.

Creates a carrier gateway. For more information about carrier gateways, see Carrier gateways in the Amazon Web Services Wavelength Developer Guide.

Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated.

Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks.

Creates a range of customer-owned IP addresses.

Creates a pool of customer-owned IP (CoIP) addresses.

Provides information to Amazon Web Services about your customer gateway device. The customer gateway device is the appliance at your end of the VPN connection. You must provide the IP address of the customer gateway device’s external interface. The IP address must be static and can be behind a device performing network address translation (NAT).

For devices that use Border Gateway Protocol (BGP), you can also provide the device\'s BGP Autonomous System Number (ASN). You can use an existing ASN assigned to your network. If you don\'t have an ASN already, you can use a private ASN. For more information, see Customer gateway options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.

To create more than one customer gateway with the same VPN type, IP address, and BGP ASN, specify a unique device name for each customer gateway. An identical request returns information about the existing customer gateway; it doesn\'t create a new customer gateway.

Creates a default subnet with a size /20 IPv4 CIDR block in the specified Availability Zone in your default VPC. You can have only one default subnet per Availability Zone. For more information, see Create a default subnet in the Amazon VPC User Guide.

Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPCs in the Amazon VPC User Guide. You cannot specify the components of the default VPC yourself.

If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region.

Creates a set of DHCP options for your VPC. After creating the set, you must associate it with the VPC, causing all existing and new instances that you launch in the VPC to use this set of DHCP options. The following are the individual DHCP options you can specify. For more information about the options, see RFC 2132.

• domain-name-servers - The IP addresses of up to four domain name servers, or AmazonProvidedDNS. The default DHCP option set specifies AmazonProvidedDNS. If specifying more than one domain name server, specify the IP addresses in a single parameter, separated by commas. To have your instance receive a custom DNS hostname as specified in domain-name, you must set domain-name-servers to a custom DNS server.

• domain-name - If you\'re using AmazonProvidedDNS in us-east-1, specify ec2.internal. If you\'re using AmazonProvidedDNS in another Region, specify region.compute.internal (for example, ap-northeast-1.compute.internal). Otherwise, specify a domain name (for example, ExampleCompany.com). This value is used to complete unqualified DNS hostnames. Important: Some Linux operating systems accept multiple domain names separated by spaces. However, Windows and other Linux operating systems treat the value as a single domain, which results in unexpected behavior. If your DHCP options set is associated with a VPC that has instances with multiple operating systems, specify only one domain name.

• ntp-servers - The IP addresses of up to four Network Time Protocol (NTP) servers.

• netbios-name-servers - The IP addresses of up to four NetBIOS name servers.

• netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We recommend that you specify 2 (broadcast and multicast are not currently supported). For more information about these node types, see RFC 2132.

Your VPC automatically starts out with a set of DHCP options that includes only a DNS server that we provide (AmazonProvidedDNS). If you create a set of options, and if your VPC has an internet gateway, make sure to set the domain-name-servers option either to AmazonProvidedDNS or to a domain name server of your choice. For more information, see DHCP options sets in the Amazon VPC User Guide.

[IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.

Creates an EC2 Fleet that contains the configuration information for On-Demand Instances and Spot Instances. Instances are launched immediately if there is available capacity.

A single EC2 Fleet can include multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.

For more information, see EC2 Fleet in the Amazon EC2 User Guide.

Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC.

Flow log data for a monitored network interface is recorded as flow log records, which are log events consisting of fields that describe the traffic flow. For more information, see Flow log records in the Amazon Virtual Private Cloud User Guide.

When publishing to CloudWatch Logs, flow log records are published to a log group, and each network interface has a unique log stream in the log group. When publishing to Amazon S3, flow log records for all of the monitored network interfaces are published to a single log file object that is stored in the specified bucket.

For more information, see VPC Flow Logs in the Amazon Virtual Private Cloud User Guide.

Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).

The create operation is asynchronous. To verify that the AFI is ready for use, check the output logs.

An AFI contains the FPGA bitstream that is ready to download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated instances. For more information, see the Amazon Web Services FPGA Hardware Development Kit.

Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.

If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes.

For more information, see Create an Amazon EBS-backed Linux AMI in the Amazon Elastic Compute Cloud User Guide.

Creates an EC2 Instance Connect Endpoint.

An EC2 Instance Connect Endpoint allows you to connect to an instance, without requiring the instance to have a public IPv4 address. For more information, see Connect to your instances without requiring a public IPv4 address using EC2 Instance Connect Endpoint in the Amazon EC2 User Guide.

Creates an event window in which scheduled events for the associated Amazon EC2 instances can run.

You can define either a set of time ranges or a cron expression when creating the event window, but not both. All event window times are in UTC.

You can create up to 200 event windows per Amazon Web Services Region.

When you create the event window, targets (instance IDs, Dedicated Host IDs, or tags) are not yet associated with it. To ensure that the event window can be used, you must associate one or more targets with it by using the AssociateInstanceEventWindow API.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

Exports a running or stopped instance to an Amazon S3 bucket.

For information about the prerequisites for your Amazon S3 bucket, supported operating systems, image formats, and known limitations for the types of instances you can export, see Exporting an instance as a VM Using VM Import/Export in the VM Import/Export User Guide.

Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway.

For more information, see Internet gateways in the Amazon VPC User Guide.

Create an IPAM. Amazon VPC IP Address Manager (IPAM) is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization.

For more information, see Create an IPAM in the Amazon VPC IPAM User Guide.

Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.

For more information, see Create a top-level pool in the Amazon VPC IPAM User Guide.

Creates an IPAM resource discovery. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.

Create an IPAM scope. In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.

For more information, see Add a scope in the Amazon VPC IPAM User Guide.

Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified PEM or PPK format. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.

The key pair returned to you is available only in the Amazon Web Services Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using ImportKeyPair.

You can have up to 5,000 key pairs per Amazon Web Services Region.

For more information, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

Creates a launch template.

A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify a launch template instead of providing the launch parameters in the request. For more information, see Launch an instance from a launch template in the Amazon Elastic Compute Cloud User Guide.

If you want to clone an existing launch template as the basis for creating a new launch template, you can use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more information, see Create a launch template from an existing launch template in the Amazon Elastic Compute Cloud User Guide.

Creates a new version of a launch template. You can specify an existing version of launch template from which to base the new version.

Launch template versions are numbered in the order in which they are created. You cannot specify, change, or replace the numbering of launch template versions.

Launch templates are immutable; after you create a launch template, you can\'t modify it. Instead, you can create a new version of the launch template that includes any changes you require.

For more information, see Modify a launch template (manage launch template versions) in the Amazon Elastic Compute Cloud User Guide.

Creates a static route for the specified local gateway route table. You must specify one of the following targets:

• LocalGatewayVirtualInterfaceGroupId

• NetworkInterfaceId

Creates a local gateway route table.

Creates a local gateway route table virtual interface group association.

Associates the specified VPC with the specified local gateway route table.

Creates a managed prefix list. You can specify one or more entries for the prefix list. Each entry consists of a CIDR block and an optional description.

Creates a NAT gateway in the specified subnet. This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. You can create either a public NAT gateway or a private NAT gateway.

With a public NAT gateway, internet-bound traffic from a private subnet can be routed to the NAT gateway, so that instances in a private subnet can connect to the internet.

With a private NAT gateway, private communication is routed across VPCs and on-premises networks through a transit gateway or virtual private gateway. Common use cases include running large workloads behind a small pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and communicating between overlapping networks.

For more information, see NAT gateways in the Amazon VPC User Guide.

Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC.

For more information, see Network ACLs in the Amazon VPC User Guide.

Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules.

We recommend that you leave room between the rule numbers (for example, 100, 110, 120, ...), and not number them one right after the other (for example, 101, 102, 103, ...). This makes it easier to add a rule between existing ones without having to renumber the rules.

After you add an entry, you can\'t modify it; you must either replace it, or create an entry and delete the old one.

For more information about network ACLs, see Network ACLs in the Amazon VPC User Guide.

Creates a Network Access Scope.

Amazon Web Services Network Access Analyzer enables cloud networking and cloud operations teams to verify that their networks on Amazon Web Services conform to their network security and governance objectives. For more information, see the Amazon Web Services Network Access Analyzer Guide.

Creates a path to analyze for reachability.

Reachability Analyzer enables you to analyze and debug network reachability between two resources in your virtual private cloud (VPC). For more information, see the Reachability Analyzer Guide.

Creates a network interface in the specified subnet.

The number of IP addresses you can assign to a network interface varies by instance type. For more information, see IP Addresses Per ENI Per Instance Type in the Amazon Virtual Private Cloud User Guide.

For more information about network interfaces, see Elastic network interfaces in the Amazon Elastic Compute Cloud User Guide.

Grants an Amazon Web Services-authorized account permission to attach the specified network interface to an instance in their account.

You can grant permission to a single Amazon Web Services account only, and only one account at a time.

Creates a placement group in which to launch instances. The strategy of the placement group determines how the instances are organized within the group.

A cluster placement group is a logical grouping of instances within a single Availability Zone that benefit from low network latency, high network throughput. A spread placement group places instances on distinct hardware. A partition placement group places groups of instances in different partitions, where instances in one partition do not share the same hardware with instances in another partition.

For more information, see Placement groups in the Amazon EC2 User Guide.

Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only. To monitor the status of pool creation, use DescribePublicIpv4Pools.

Replaces the EBS-backed root volume for a running instance with a new volume that is restored to the original root volume\'s launch state, that is restored to a specific snapshot taken from the original root volume, or that is restored from an AMI that has the same key characteristics as that of the instance.

For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.

Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace. You can submit one Standard Reserved Instance listing at a time. To get a list of your Standard Reserved Instances, you can use the DescribeReservedInstances operation.

The Reserved Instance Marketplace matches sellers who want to resell Standard Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.

To sell your Standard Reserved Instances, you must first register as a seller in the Reserved Instance Marketplace. After completing the registration process, you can create a Reserved Instance Marketplace listing of some or all of your Standard Reserved Instances, and specify the upfront price to receive for them. Your Standard Reserved Instance listings then become available for purchase. To view the details of your Standard Reserved Instance listing, you can use the DescribeReservedInstancesListings operation.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

Starts a task that restores an AMI from an Amazon S3 object that was previously created by using CreateStoreImageTask.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon EC2 User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon EC2 User Guide.

Creates a route in a route table within a VPC.

You must specify either a destination CIDR block or a prefix list ID. You must also specify exactly one of the resources from the parameter list.

When determining how to route traffic, we use the route with the most specific match. For example, traffic is destined for the IPv4 address 192.0.2.3, and the route table includes the following two IPv4 routes:

• 192.0.2.0/24 (goes to some target A)

• 192.0.2.0/28 (goes to some target B)

Both routes apply to the traffic destined for 192.0.2.3. However, the second route in the list covers a smaller number of IP addresses and is therefore more specific, so we use that route to determine where to target the traffic.

For more information about route tables, see Route tables in the Amazon VPC User Guide.

Creates a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet.

For more information, see Route tables in the Amazon VPC User Guide.

Creates a security group.

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide.

When you create a security group, you specify a friendly name of your choice. You can\'t have two security groups for the same VPC with the same name.

You have a default security group for use in your VPC. If you don\'t specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other.

You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress.

For more information about VPC security group limits, see Amazon VPC Limits.

Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance.

You can create snapshots of volumes in a Region and volumes on an Outpost. If you create a snapshot of a volume in a Region, the snapshot must be stored in the same Region as the volume. If you create a snapshot of a volume on an Outpost, the snapshot can be stored on the same Outpost as the volume, or in the Region for that Outpost.

When a snapshot is created, any Amazon Web Services Marketplace product codes that are associated with the source volume are propagated to the snapshot.

You can take a snapshot of an attached volume that is in use. However, snapshots only capture data that has been written to your Amazon EBS volume at the time the snapshot command is issued; this might exclude any data that has been cached by any applications or the operating system. If you can pause any file systems on the volume long enough to take a snapshot, your snapshot should be complete. However, if you cannot pause all file writes to the volume, you should unmount the volume from within the instance, issue the snapshot command, and then remount the volume to ensure a consistent and complete snapshot. You may remount and use your volume while the snapshot status is pending.

When you create a snapshot for an EBS volume that serves as a root device, we recommend that you stop the instance before taking the snapshot.

Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted. Your encrypted volumes and any associated snapshots always remain protected.

You can tag your snapshots during creation. For more information, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

For more information, see Amazon Elastic Block Store and Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

Creates crash-consistent snapshots of multiple EBS volumes and stores the data in S3. Volumes are chosen by specifying an instance. Any attached volumes will produce one snapshot each that is crash-consistent across the instance.

You can include all of the volumes currently attached to the instance, or you can exclude the root volume or specific data (non-root) volumes from the multi-volume snapshot set.

You can create multi-volume snapshots of instances in a Region and instances on an Outpost. If you create snapshots from an instance in a Region, the snapshots must be stored in the same Region as the instance. If you create snapshots from an instance on an Outpost, the snapshots can be stored on the same Outpost as the instance, or in the Region for that Outpost.

Creates a data feed for Spot Instances, enabling you to view Spot Instance usage logs. You can create one data feed per Amazon Web Services account. For more information, see Spot Instance data feed in the Amazon EC2 User Guide for Linux Instances.

Stores an AMI as a single object in an Amazon S3 bucket.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon EC2 User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon EC2 User Guide.

Creates a subnet in the specified VPC. For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block.

A subnet CIDR block must not overlap the CIDR block of an existing subnet in the VPC. After you create a subnet, you can\'t change its CIDR block.

The allowed size for an IPv4 subnet is between a /28 netmask (16 IP addresses) and a /16 netmask (65,536 IP addresses). Amazon Web Services reserves both the first four and the last IPv4 address in each subnet\'s CIDR block. They\'re not available for your use.

If you\'ve associated an IPv6 CIDR block with your VPC, you can associate an IPv6 CIDR block with a subnet when you create it. The allowed block size for an IPv6 subnet is a /64 netmask.

If you add more than one subnet to a VPC, they\'re set up in a star topology with a logical router in the middle.

When you stop an instance in a subnet, it retains its private IPv4 address. It\'s therefore possible to have a subnet with no running instances (they\'re all stopped), but no remaining IP addresses available.

For more information, see Subnets in the Amazon VPC User Guide.

Creates a subnet CIDR reservation. For information about subnet CIDR reservations, see Subnet CIDR reservations in the Amazon Virtual Private Cloud User Guide.

Adds or overwrites only the specified tags for the specified Amazon EC2 resource or resources. When you specify an existing tag key, the value is overwritten with the new value. Each resource can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique per resource.

For more information about tags, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide. For more information about creating IAM policies that control users\' access to resources based on tags, see Supported resource-level permissions for Amazon EC2 API actions in the Amazon Elastic Compute Cloud User Guide.

Creates a Traffic Mirror filter.

A Traffic Mirror filter is a set of rules that defines the traffic to mirror.

By default, no traffic is mirrored. To mirror traffic, use CreateTrafficMirrorFilterRule to add Traffic Mirror rules to the filter. The rules you add define what traffic gets mirrored. You can also use ModifyTrafficMirrorFilterNetworkServices to mirror supported network services.

Creates a Traffic Mirror filter rule.

A Traffic Mirror rule defines the Traffic Mirror source traffic to mirror.

You need the Traffic Mirror filter ID when you create the rule.

Creates a Traffic Mirror session.

A Traffic Mirror session actively copies packets from a Traffic Mirror source to a Traffic Mirror target. Create a filter, and then assign it to the session to define a subset of the traffic to mirror, for example all TCP traffic.

The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in a different VPC connected via VPC peering or a transit gateway.

By default, no traffic is mirrored. Use CreateTrafficMirrorFilter to create filter rules that specify the traffic to mirror.

Creates a target for your Traffic Mirror session.

A Traffic Mirror target is the destination for mirrored traffic. The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) can be in the same VPC, or in different VPCs connected via VPC peering or a transit gateway.

A Traffic Mirror target can be a network interface, a Network Load Balancer, or a Gateway Load Balancer endpoint.

To use the target in a Traffic Mirror session, use CreateTrafficMirrorSession.

Creates a transit gateway.

You can use a transit gateway to interconnect your virtual private clouds (VPC) and on-premises networks. After the transit gateway enters the available state, you can attach your VPCs and VPN connections to the transit gateway.

To attach your VPCs, use CreateTransitGatewayVpcAttachment.

To attach a VPN connection, use CreateCustomerGateway to create a customer gateway and specify the ID of the customer gateway and the ID of the transit gateway in a call to CreateVpnConnection.

When you create a transit gateway, we create a default transit gateway route table and use it as the default association route table and the default propagation route table. You can use CreateTransitGatewayRouteTable to create additional transit gateway route tables. If you disable automatic route propagation, we do not create a default transit gateway route table. You can use EnableTransitGatewayRouteTablePropagation to propagate routes from a resource attachment to a transit gateway route table. If you disable automatic associations, you can use AssociateTransitGatewayRouteTable to associate a resource attachment with a transit gateway route table.

Creates a Connect attachment from a specified transit gateway attachment. A Connect attachment is a GRE-based tunnel attachment that you can use to establish a connection between a transit gateway and an appliance.

A Connect attachment uses an existing VPC or Amazon Web Services Direct Connect attachment as the underlying transport mechanism.

Creates a Connect peer for a specified transit gateway Connect attachment between a transit gateway and an appliance.

The peer address and transit gateway address must be the same IP address family (IPv4 or IPv6).

For more information, see Connect peers in the Transit Gateways Guide.

Creates a multicast domain using the specified transit gateway.

The transit gateway must be in the available state before you create a domain. Use DescribeTransitGateways to see the state of transit gateway.

Requests a transit gateway peering attachment between the specified transit gateway (requester) and a peer transit gateway (accepter). The peer transit gateway can be in your account or a different Amazon Web Services account.

After you create the peering attachment, the owner of the accepter transit gateway must accept the attachment request.

Creates a transit gateway policy table.

Creates a reference (route) to a prefix list in a specified transit gateway route table.

Creates a static route for the specified transit gateway route table.

Creates a route table for the specified transit gateway.

Advertises a new transit gateway route table.

Attaches the specified VPC to the specified transit gateway.

If you attach a VPC with a CIDR range that overlaps the CIDR range of a VPC that is already attached, the new VPC CIDR range is not propagated to the default propagation route table.

To send VPC traffic to an attached transit gateway, add a route to the VPC route table using CreateRoute.

An Amazon Web Services Verified Access endpoint is where you define your application along with an optional endpoint-level access policy.

An Amazon Web Services Verified Access group is a collection of Amazon Web Services Verified Access endpoints who\'s associated applications have similar security requirements. Each instance within a Verified Access group shares an Verified Access policy. For example, you can group all Verified Access instances associated with "sales" applications together and use one common Verified Access policy.

An Amazon Web Services Verified Access instance is a regional entity that evaluates application requests and grants access only when your security requirements are met.

A trust provider is a third-party entity that creates, maintains, and manages identity information for users and devices. When an application request is made, the identity information sent by the trust provider is evaluated by Verified Access before allowing or denying the application request.

Creates an EBS volume that can be attached to an instance in the same Availability Zone.

You can create a new empty volume or restore a volume from an EBS snapshot. Any Amazon Web Services Marketplace product codes from the snapshot are propagated to the volume.

You can create encrypted volumes. Encrypted volumes must be attached to instances that support Amazon EBS encryption. Volumes that are created from encrypted snapshots are also automatically encrypted. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

You can tag your volumes during creation. For more information, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

For more information, see Create an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

Creates a VPC with the specified CIDR blocks. For more information, see IP addressing for your VPCs and subnets in the Amazon VPC User Guide.

You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon\'s pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).

By default, each instance that you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP option sets in the Amazon VPC User Guide.

You can specify the instance tenancy value for the VPC when you create it. You can\'t change this value for the VPC after you create it. For more information, see Dedicated Instances in the Amazon EC2 User Guide.

Creates a VPC endpoint. A VPC endpoint provides a private connection between the specified VPC and the specified endpoint service. You can use an endpoint service provided by Amazon Web Services, an Amazon Web Services Marketplace Partner, or another Amazon Web Services account. For more information, see the Amazon Web Services PrivateLink User Guide.

Creates a connection notification for a specified VPC endpoint or VPC endpoint service. A connection notification notifies you of specific endpoint events. You must create an SNS topic to receive notifications. For more information, see Create a Topic in the Amazon Simple Notification Service Developer Guide.

You can create a connection notification for interface endpoints only.

Creates a VPC endpoint service to which service consumers (Amazon Web Services accounts, users, and IAM roles) can connect.

Before you create an endpoint service, you must create one of the following for your service:

• A Network Load Balancer. Service consumers connect to your service using an interface endpoint.

• A Gateway Load Balancer. Service consumers connect to your service using a Gateway Load Balancer endpoint.

If you set the private DNS name, you must prove that you own the private DNS domain name.

For more information, see the Amazon Web Services PrivateLink Guide.

Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to another Amazon Web Services account and can be in a different Region to the requester VPC. The requester VPC and accepter VPC cannot have overlapping CIDR blocks.

The owner of the accepter VPC must accept the peering request to activate the peering connection. The VPC peering connection request expires after 7 days, after which it cannot be accepted or rejected.

If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of failed.

Creates a VPN connection between an existing virtual private gateway or transit gateway and a customer gateway. The supported connection type is ipsec.1.

The response includes information that you need to give to your network administrator to configure your customer gateway.

If you decide to shut down your VPN connection for any reason and later create a new VPN connection, you must reconfigure your customer gateway with the new information returned from this call.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn\'t return an error.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

Creates a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

Deletes a carrier gateway.

Deletes the specified Client VPN endpoint. You must disassociate all target networks before you can delete a Client VPN endpoint.

Deletes a route from a Client VPN endpoint. You can only delete routes that you manually added using the CreateClientVpnRoute action. You cannot delete routes that were automatically added when associating a subnet. To remove routes that have been automatically added, disassociate the target subnet from the Client VPN endpoint.

Deletes a range of customer-owned IP addresses.

Deletes a pool of customer-owned IP (CoIP) addresses.

Deletes the specified customer gateway. You must delete the VPN connection before you can delete the customer gateway.

Deletes the specified set of DHCP options. You must disassociate the set of DHCP options before you can delete it. You can disassociate the set of DHCP options by associating either a new set of options or the default set of options with the VPC.

Deletes an egress-only internet gateway.

Deletes the specified EC2 Fleets.

After you delete an EC2 Fleet, it launches no new instances.

You must also specify whether a deleted EC2 Fleet should terminate its instances. If you choose to terminate the instances, the EC2 Fleet enters the deleted_terminating state. Otherwise, the EC2 Fleet enters the deleted_running state, and the instances continue to run until they are interrupted or you terminate them manually.

For instant fleets, EC2 Fleet must terminate the instances when the fleet is deleted. A deleted instant fleet with running instances is not supported.

Restrictions

• You can delete up to 25 instant fleets in a single request. If you exceed this number, no instant fleets are deleted and an error is returned. There is no restriction on the number of fleets of type maintain or request that can be deleted in a single request.

• Up to 1000 instances can be terminated in a single request to delete instant fleets.

For more information, see Delete an EC2 Fleet in the Amazon EC2 User Guide.

Deletes one or more flow logs.

Deletes the specified Amazon FPGA Image (AFI).

Deletes the specified EC2 Instance Connect Endpoint.

Deletes the specified event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

Deletes the specified internet gateway. You must detach the internet gateway from the VPC before you can delete it.

Delete an IPAM. Deleting an IPAM removes all monitored data associated with the IPAM including the historical data for CIDRs.

For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide.

Delete an IPAM pool.

For more information, see Delete a pool in the Amazon VPC IPAM User Guide.

Deletes an IPAM resource discovery. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.

Delete the scope for an IPAM. You cannot delete the default scopes.

For more information, see Delete a scope in the Amazon VPC IPAM User Guide.

Deletes the specified key pair, by removing the public key from Amazon EC2.

Deletes a launch template. Deleting a launch template deletes all of its versions.

Deletes one or more versions of a launch template. You cannot delete the default version of a launch template; you must first assign a different version as the default. If the default version is the only version for the launch template, you must delete the entire launch template using DeleteLaunchTemplate.

Deletes the specified route from the specified local gateway route table.

Deletes a local gateway route table.

Deletes a local gateway route table virtual interface group association.

Deletes the specified association between a VPC and local gateway route table.

Deletes the specified managed prefix list. You must first remove all references to the prefix list in your resources.

Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates its Elastic IP address, but does not release the address from your account. Deleting a NAT gateway does not delete any NAT gateway routes in your route tables.

Deletes the specified network ACL. You can\'t delete the ACL if it\'s associated with any subnets. You can\'t delete the default network ACL.

Deletes the specified ingress or egress entry (rule) from the specified network ACL.

Deletes the specified Network Access Scope.

Deletes the specified Network Access Scope analysis.

Deletes the specified network insights analysis.

Deletes the specified path.

Deletes the specified network interface. You must detach the network interface before you can delete it.

Deletes a permission for a network interface. By default, you cannot delete the permission if the account for which you\'re removing the permission has attached the network interface to an instance. However, you can force delete the permission, regardless of any attachment.

Deletes the specified placement group. You must terminate all instances in the placement group before you can delete the placement group. For more information, see Placement groups in the Amazon EC2 User Guide.

Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only.

Deletes the queued purchases for the specified Reserved Instances.

Deletes the specified route from the specified route table.

Deletes the specified route table. You must disassociate the route table from any subnets before you can delete it. You can\'t delete the main route table.

Deletes a security group.

If you attempt to delete a security group that is associated with an instance or network interface or is referenced by another security group, the operation fails with DependencyViolation.

Deletes the specified snapshot.

When you make periodic snapshots of a volume, the snapshots are incremental, and only the blocks on the device that have changed since your last snapshot are saved in the new snapshot. When you delete a snapshot, only the data not needed for any other snapshot is removed. So regardless of which prior snapshots have been deleted, all active snapshots will have access to all the information needed to restore the volume.

You cannot delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first de-register the AMI before you can delete the snapshot.

For more information, see Delete an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide.

Deletes the data feed for Spot Instances.

Deletes the specified subnet. You must terminate all running instances in the subnet before you can delete the subnet.

Deletes a subnet CIDR reservation.

Deletes the specified set of tags from the specified set of resources.

To list the current tags, use DescribeTags. For more information about tags, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

Deletes the specified Traffic Mirror filter.

You cannot delete a Traffic Mirror filter that is in use by a Traffic Mirror session.

Deletes the specified Traffic Mirror rule.

Deletes the specified Traffic Mirror session.

Deletes the specified Traffic Mirror target.

You cannot delete a Traffic Mirror target that is in use by a Traffic Mirror session.

Deletes the specified transit gateway.

Deletes the specified Connect attachment. You must first delete any Connect peers for the attachment.

Deletes the specified Connect peer.

Deletes the specified transit gateway multicast domain.

Deletes a transit gateway peering attachment.

Deletes the specified transit gateway policy table.

Deletes a reference (route) to a prefix list in a specified transit gateway route table.

Deletes the specified route from the specified transit gateway route table.

Deletes the specified transit gateway route table. You must disassociate the route table from any transit gateway route tables before you can delete it.

Advertises to the transit gateway that a transit gateway route table is deleted.

Deletes the specified VPC attachment.

Delete an Amazon Web Services Verified Access endpoint.

Delete an Amazon Web Services Verified Access group.

Delete an Amazon Web Services Verified Access instance.

Delete an Amazon Web Services Verified Access trust provider.

Deletes the specified EBS volume. The volume must be in the available state (not attached to an instance).

The volume can remain in the deleting state for several minutes.

For more information, see Delete an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on.

Deletes the specified VPC endpoint connection notifications.

Deletes the specified VPC endpoint service configurations. Before you can delete an endpoint service configuration, you must reject any Available or PendingAcceptance interface endpoint connections that are attached to the service.

Deletes the specified VPC endpoints.

When you delete a gateway endpoint, we delete the endpoint routes in the route tables for the endpoint.

When you delete a Gateway Load Balancer endpoint, we delete its endpoint network interfaces. You can only delete Gateway Load Balancer endpoints when the routes that are associated with the endpoint are deleted.

When you delete an interface endpoint, we delete its endpoint network interfaces.

Deletes a VPC peering connection. Either the owner of the requester VPC or the owner of the accepter VPC can delete the VPC peering connection if it\'s in the active state. The owner of the requester VPC can delete a VPC peering connection in the pending-acceptance state. You cannot delete a VPC peering connection that\'s in the failed state.

Deletes the specified VPN connection.

If you\'re deleting the VPC and its associated components, we recommend that you detach the virtual private gateway from the VPC and delete the VPC before deleting the VPN connection. If you believe that the tunnel credentials for your VPN connection have been compromised, you can delete the VPN connection and create a new one that has new keys, without needing to delete the VPC or virtual private gateway. If you create a new VPN connection, you must reconfigure the customer gateway device using the new configuration information returned with the new VPN connection ID.

For certificate-based authentication, delete all Certificate Manager (ACM) private certificates used for the Amazon Web Services-side tunnel endpoints for the VPN connection before deleting the VPN connection.

Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.

Deletes the specified virtual private gateway. You must first detach the virtual private gateway from the VPC. Note that you don\'t need to delete the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and your network.

Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.

Before you can release an address range, you must stop advertising it using WithdrawByoipCidr and you must not have any IP addresses allocated from its address range.

Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from a pool that has a source pool, the CIDR is recycled back into the source pool. For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User Guide.

Deprovision a CIDR from a public IPv4 pool.

Deregisters the specified AMI. After you deregister an AMI, it can\'t be used to launch new instances.

If you deregister an AMI that matches a Recycle Bin retention rule, the AMI is retained in the Recycle Bin for the specified retention period. For more information, see Recycle Bin in the Amazon EC2 User Guide.

When you deregister an AMI, it doesn\'t affect any instances that you\'ve already launched from the AMI. You\'ll continue to incur usage costs for those instances until you terminate them.

When you deregister an Amazon EBS-backed AMI, it doesn\'t affect the snapshot that was created for the root volume of the instance during the AMI creation process. When you deregister an instance store-backed AMI, it doesn\'t affect the files that you uploaded to Amazon S3 when you created the AMI.

Deregisters tag keys to prevent tags that have the specified tag keys from being included in scheduled event notifications for resources in the Region.

Deregisters the specified members (network interfaces) from the transit gateway multicast group.

Deregisters the specified sources (network interfaces) from the transit gateway multicast group.

Describes attributes of your Amazon Web Services account. The following are the supported account attributes:

• default-vpc: The ID of the default VPC for your account, or none.

• max-instances: This attribute is no longer supported. The returned value does not reflect your actual vCPU limit for running On-Demand Instances. For more information, see On-Demand Instance Limits in the Amazon Elastic Compute Cloud User Guide.

• max-elastic-ips: The maximum number of Elastic IP addresses that you can allocate.

• supported-platforms: This attribute is deprecated.

• vpc-max-elastic-ips: The maximum number of Elastic IP addresses that you can allocate.

• vpc-max-security-groups-per-interface: The maximum number of security groups that you can assign to a network interface.

Describes an Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon Virtual Private Cloud User Guide.

When you transfer an Elastic IP address, there is a two-step handshake between the source and transfer Amazon Web Services accounts. When the source account starts the transfer, the transfer account has seven days to accept the Elastic IP address transfer. During those seven days, the source account can view the pending transfer by using this action. After seven days, the transfer expires and ownership of the Elastic IP address returns to the source account. Accepted transfers are visible to the source account for three days after the transfers have been accepted.

Describes the specified Elastic IP addresses or all of your Elastic IP addresses.

Describes the attributes of the specified Elastic IP addresses. For requirements, see Using reverse DNS for email applications.

Describes the longer ID format settings for all resource types in a specific Region. This request is useful for performing a quick audit to determine whether a specific Region is fully opted in for longer IDs (17-character IDs).

This request only returns information about resource types that support longer IDs.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to you. If there is an event impacting a zone, you can use this request to view the state and any provided messages for that zone.

For more information about Availability Zones, Local Zones, and Wavelength Zones, see Regions and zones in the Amazon Elastic Compute Cloud User Guide.

Describes the current Infrastructure Performance metric subscriptions.

Describes the specified bundle tasks or all of your bundle tasks.

Describes the IP address ranges that were specified in calls to ProvisionByoipCidr.

To describe the address pools that were created when you provisioned the address ranges, use DescribePublicIpv4Pools or DescribeIpv6Pools.

Describes one or more Capacity Reservation Fleets.

Describes one or more of your Capacity Reservations. The results describe only the Capacity Reservations in the Amazon Web Services Region that you\'re currently using.

Describes one or more of your carrier gateways.

Describes one or more of your linked EC2-Classic instances. This request only returns information about EC2-Classic instances linked to a VPC through ClassicLink. You cannot use this request to return information about other instances.

Describes the authorization rules for a specified Client VPN endpoint.

Describes active client connections and connections that have been terminated within the last 60 minutes for the specified Client VPN endpoint.

Describes one or more Client VPN endpoints in the account.

Describes the routes for the specified Client VPN endpoint.

Describes the target networks associated with the specified Client VPN endpoint.

Describes the specified customer-owned address pools or all of your customer-owned address pools.

Describes the specified conversion tasks or all your conversion tasks. For more information, see the VM Import/Export User Guide.

For information about the import manifest referenced by this API action, see VM Import Manifest.

Describes one or more of your VPN customer gateways.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

Describes one or more of your DHCP options sets.

For more information, see DHCP options sets in the Amazon VPC User Guide.

Describes one or more of your egress-only internet gateways.

Describes the Elastic Graphics accelerator associated with your instances. For more information about Elastic Graphics, see Amazon Elastic Graphics.

Describes the specified export image tasks or all of your export image tasks.

Describes the specified export instance tasks or all of your export instance tasks.

Describe details for Windows AMIs that are configured for faster launching.

Describes the state of fast snapshot restores for your snapshots.

Describes the events for the specified EC2 Fleet during the specified time.

EC2 Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. EC2 Fleet events are available for 48 hours.

For more information, see Monitor fleet events using Amazon EventBridge in the Amazon EC2 User Guide.

Describes the running instances for the specified EC2 Fleet.

For more information, see Monitor your EC2 Fleet in the Amazon EC2 User Guide.

Describes the specified EC2 Fleets or all of your EC2 Fleets.

For more information, see Monitor your EC2 Fleet in the Amazon EC2 User Guide.

Describes one or more flow logs.

To view the published flow log records, you must view the log destination. For example, the CloudWatch Logs log group, the Amazon S3 bucket, or the Kinesis Data Firehose delivery stream.

Describes the specified attribute of the specified Amazon FPGA Image (AFI).

Describes the Amazon FPGA Images (AFIs) available to you. These include public AFIs, private AFIs that you own, and AFIs owned by other Amazon Web Services accounts for which you have load permissions.

Describes the Dedicated Host reservations that are available to purchase.

The results describe all of the Dedicated Host reservation offerings, including offerings that might not match the instance family and Region of your Dedicated Hosts. When purchasing an offering, ensure that the instance family and Region of the offering matches that of the Dedicated Hosts with which it is to be associated. For more information about supported instance types, see Dedicated Hosts in the Amazon EC2 User Guide.

Describes reservations that are associated with Dedicated Hosts in your account.

Describes the specified Dedicated Hosts or all your Dedicated Hosts.

The results describe only the Dedicated Hosts in the Region you\'re currently using. All listed instances consume capacity on your Dedicated Host. Dedicated Hosts that have recently been released are listed with the state released.

Describes your IAM instance profile associations.

Describes the ID format settings for your resources on a per-Region basis, for example, to view which resource types are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

These settings apply to the IAM user who makes the request; they do not apply to the entire Amazon Web Services account. By default, an IAM user defaults to the same settings as the root user, unless they explicitly override the settings by running the ModifyIdFormat command. Resources created with longer IDs are visible to all IAM users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

Describes the ID format settings for resources for the specified IAM user, IAM role, or root user. For example, you can view the resource types that are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

These settings apply to the principal specified in the request. They do not apply to the principal that makes the request.

Describes the specified attribute of the specified AMI. You can specify only one attribute at a time.

Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.

The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions.

Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found.

Displays details about an import virtual machine or import snapshot tasks that are already created.

Describes your import snapshot tasks.

Describes the specified attribute of the specified instance. You can specify only one attribute at a time. Valid attribute values are: instanceType | kernel | ramdisk | userData | disableApiTermination | instanceInitiatedShutdownBehavior | rootDeviceName | blockDeviceMapping | productCodes | sourceDestCheck | groupSet | ebsOptimized | sriovNetSupport

Describes the specified EC2 Instance Connect Endpoints or all EC2 Instance Connect Endpoints.

Describes the credit option for CPU usage of the specified burstable performance instances. The credit options are standard and unlimited.

If you do not specify an instance ID, Amazon EC2 returns burstable performance instances with the unlimited credit option, as well as instances that were previously configured as T2, T3, and T3a with the unlimited credit option. For example, if you resize a T2 instance, while it is configured as unlimited, to an M4 instance, Amazon EC2 returns the M4 instance.

If you specify one or more instance IDs, Amazon EC2 returns the credit option (standard or unlimited) of those instances. If you specify an instance ID that is not valid, such as an instance that is not a burstable performance instance, an error is returned.

Recently terminated instances might appear in the returned results. This interval is usually less than one hour.

If an Availability Zone is experiencing a service disruption and you specify instance IDs in the affected zone, or do not specify any instance IDs at all, the call fails. If you specify only instance IDs in an unaffected zone, the call works normally.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

Describes the tag keys that are registered to appear in scheduled event notifications for resources in the current Region.

Describes the specified event windows or all event windows.

If you specify event window IDs, the output includes information for only the specified event windows. If you specify filters, the output includes information for only those event windows that meet the filter criteria. If you do not specify event windows IDs or filters, the output includes information for all event windows, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.

Instance status includes the following components:

• Status checks - Amazon EC2 performs status checks on running EC2 instances to identify hardware and software issues. For more information, see Status checks for your instances and Troubleshoot instances with failed status checks in the Amazon EC2 User Guide.

• Scheduled events - Amazon EC2 can schedule events (such as reboot, stop, or terminate) for your instances related to hardware issues, software updates, or system maintenance. For more information, see Scheduled events for your instances in the Amazon EC2 User Guide.

• Instance state - You can manage your instances from the moment you launch them through their termination. For more information, see Instance lifecycle in the Amazon EC2 User Guide.

Returns a list of all instance types offered. The results can be filtered by location (Region or Availability Zone). If no location is specified, the instance types offered in the current Region are returned.

Describes the details of the instance types that are offered in a location. The results can be filtered by the attributes of the instance types.

Describes the specified instances or all instances.

If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.

If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the output.

Recently terminated instances might appear in the returned results. This interval is usually less than one hour.

If you describe instances in the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected zone, or do not specify any instance IDs at all, the call fails. If you describe instances and specify only instance IDs that are in an unaffected zone, the call works normally.

Describes one or more of your internet gateways.

Get information about your IPAM pools.

Describes IPAM resource discoveries. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.

Describes resource discovery association with an Amazon VPC IPAM. An associated resource discovery is a resource discovery that has been associated with an IPAM..

Get information about your IPAM scopes.

Get information about your IPAM pools.

For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.

Describes your IPv6 address pools.

Describes the specified key pairs or all of your key pairs.

For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

Describes one or more versions of a specified launch template. You can describe all versions, individual versions, or a range of versions. You can also describe all the latest versions or all the default versions of all the launch templates in your account.

Describes one or more launch templates.

Describes the associations between virtual interface groups and local gateway route tables.

Describes the specified associations between VPCs and local gateway route tables.

Describes one or more local gateway route tables. By default, all local gateway route tables are described. Alternatively, you can filter the results.

Describes the specified local gateway virtual interface groups.

Describes the specified local gateway virtual interfaces.

Describes one or more local gateways. By default, all local gateways are described. Alternatively, you can filter the results.

Describes your managed prefix lists and any Amazon Web Services-managed prefix lists.

To view the entries for your prefix list, use GetManagedPrefixListEntries.

Describes your Elastic IP addresses that are being moved from or being restored to the EC2-Classic platform. This request does not return information about any other Elastic IP addresses in your account.

Describes one or more of your NAT gateways.

Describes one or more of your network ACLs.

For more information, see Network ACLs in the Amazon VPC User Guide.

Describes the specified Network Access Scope analyses.

Describes the specified Network Access Scopes.

Describes one or more of your network insights analyses.

Describes one or more of your paths.

Describes a network interface attribute. You can specify only one attribute at a time.

Describes the permissions for your network interfaces.

Describes one or more of your network interfaces.

Describes the specified placement groups or all of your placement groups. For more information, see Placement groups in the Amazon EC2 User Guide.

Describes available Amazon Web Services services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.

We recommend that you use DescribeManagedPrefixLists instead.

Describes the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference.

By default, all IAM roles and IAM users default to the same ID settings as the root user, unless they explicitly override the settings. This request is useful for identifying those IAM users and IAM roles that have overridden the default ID settings.

The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | instance | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | reservation | route-table | route-table-association | security-group | snapshot | subnet | subnet-cidr-block-association | volume | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

Describes the specified IPv4 address pools.

Describes the Regions that are enabled for your account, or all Regions.

For a list of the Regions supported by Amazon EC2, see Amazon Elastic Compute Cloud endpoints and quotas.

For information about enabling and disabling Regions for your account, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference.

Describes a root volume replacement task. For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.

Describes one or more of the Reserved Instances that you purchased.

For more information about Reserved Instances, see Reserved Instances in the Amazon EC2 User Guide.

Describes your account\'s Reserved Instance listings in the Reserved Instance Marketplace.

The Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.

As a seller, you choose to list some or all of your Reserved Instances, and you specify the upfront price to receive for them. Your Reserved Instances are then listed in the Reserved Instance Marketplace and are available for purchase.

As a buyer, you specify the configuration of the Reserved Instance to purchase, and the Marketplace matches what you\'re searching for with what\'s available. The Marketplace first sells the lowest priced Reserved Instances to you, and continues to sell available Reserved Instance listings to you until your demand is met. You are charged based on the total price of all of the listings that you purchase.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

Describes the modifications made to your Reserved Instances. If no parameter is specified, information about all your Reserved Instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned.

For more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.

Describes Reserved Instance offerings that are available for purchase. With Reserved Instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.

If you have listed your own Reserved Instances for sale in the Reserved Instance Marketplace, they will be excluded from these results. This is to ensure that you do not purchase your own Reserved Instances.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.

Describes one or more of your route tables.

Each subnet in your VPC must be associated with a route table. If a subnet is not explicitly associated with any route table, it is implicitly associated with the main route table. This command does not return the subnet ID for implicit associations.

For more information, see Route tables in the Amazon VPC User Guide.

Finds available schedules that meet the specified criteria.

You can search for an available schedule no more than 3 months in advance. You must meet the minimum required duration of 1,200 hours per year. For example, the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the minimum monthly schedule is 100 hours.

After you find a schedule that meets your needs, call PurchaseScheduledInstances to purchase Scheduled Instances with that schedule.

Describes the specified Scheduled Instances or all your Scheduled Instances.

Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you\'ve specified in this request.

Describes one or more of your security group rules.

Describes the specified security groups or all of your security groups.

Describes the specified attribute of the specified snapshot. You can specify only one attribute at a time.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

Describes the storage tier status of one or more Amazon EBS snapshots.

Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you.

The snapshots available to you include public snapshots, private snapshots that you own, and private snapshots owned by other Amazon Web Services accounts for which you have explicit create volume permissions.

The create volume permissions fall into the following categories:

• public: The owner of the snapshot granted create volume permissions for the snapshot to the all group. All Amazon Web Services accounts have create volume permissions for these snapshots.

• explicit: The owner of the snapshot granted create volume permissions to a specific Amazon Web Services account.

• implicit: An Amazon Web Services account has implicit create volume permissions for all snapshots it owns.

The list of snapshots returned can be filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services accounts with create volume permissions. If no options are specified, Amazon EC2 returns all snapshots for which you have create volume permissions.

If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not have access, it is not included in the returned results.

If you specify one or more snapshot owners using the OwnerIds option, only snapshots from the specified owners and for which you have access are returned. The results can include the Amazon Web Services account IDs of the specified owners, amazon for snapshots owned by Amazon, or self for snapshots that you own.

If you specify a list of restorable users, only snapshots with create snapshot permissions for those users are returned. You can specify Amazon Web Services account IDs (if you own the snapshots), self for snapshots for which you own or have explicit permissions, or all for public snapshots.

If you are describing a long list of snapshots, we recommend that you paginate the output to make the list more manageable. For more information, see Pagination.

To get the state of fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

Describes the data feed for Spot Instances. For more information, see Spot Instance data feed in the Amazon EC2 User Guide for Linux Instances.

Describes the running instances for the specified Spot Fleet.

Describes the events for the specified Spot Fleet request during the specified time.

Spot Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. Spot Fleet events are available for 48 hours.

For more information, see Monitor fleet events using Amazon EventBridge in the Amazon EC2 User Guide.

Describes your Spot Fleet requests.

Spot Fleet requests are deleted 48 hours after they are canceled and their instances are terminated.

Describes the specified Spot Instance requests.

You can use DescribeSpotInstanceRequests to find a running Spot Instance by examining the response. If the status of the Spot Instance is fulfilled, the instance ID appears in the response and contains the identifier of the instance. Alternatively, you can use DescribeInstances with a filter to look for instances where the instance lifecycle is spot.

We recommend that you set MaxResults to a value between 5 and 1000 to limit the number of items returned. This paginates the output, which makes the list more manageable and returns the items faster. If the list of items exceeds your MaxResults value, then that number of items is returned along with a NextToken value that can be passed to a subsequent DescribeSpotInstanceRequests request to retrieve the remaining items.

Spot Instance requests are deleted four hours after they are canceled and their instances are terminated.

Describes the Spot price history. For more information, see Spot Instance pricing history in the Amazon EC2 User Guide for Linux Instances.

When you specify a start and end time, the operation returns the prices of the instance types within that time range. It also returns the last price change before the start time, which is the effective price as of the start time.

Describes the stale security group rules for security groups in a specified VPC. Rules are stale when they reference a deleted security group in the same VPC or in a peer VPC, or if they reference a security group in a peer VPC for which the VPC peering connection has been deleted.

Describes the progress of the AMI store tasks. You can describe the store tasks for specified AMIs. If you don\'t specify the AMIs, you get a paginated list of store tasks from the last 31 days.

For each AMI task, the response indicates if the task is InProgress, Completed, or Failed. For tasks InProgress, the response shows the estimated progress as a percentage.

Tasks are listed in reverse chronological order. Currently, only tasks from the past 31 days can be viewed.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon EC2 User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon EC2 User Guide.

Describes one or more of your subnets.

For more information, see Subnets in the Amazon VPC User Guide.

Describes the specified tags for your EC2 resources.

For more information about tags, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

Describes one or more Traffic Mirror filters.

Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror sessions are described. Alternatively, you can filter the results.

Information about one or more Traffic Mirror targets.

Describes one or more attachments between resources and transit gateways. By default, all attachments are described. Alternatively, you can filter the results by attachment ID, attachment state, resource ID, or resource owner.

Describes one or more Connect peers.

Describes one or more Connect attachments.

Describes one or more transit gateway multicast domains.

Describes your transit gateway peering attachments.

Describes one or more transit gateway route policy tables.

Describes one or more transit gateway route table advertisements.

Describes one or more transit gateway route tables. By default, all transit gateway route tables are described. Alternatively, you can filter the results.

Describes one or more VPC attachments. By default, all VPC attachments are described. Alternatively, you can filter the results.

Describes one or more transit gateways. By default, all transit gateways are described. Alternatively, you can filter the results.

Describes one or more network interface trunk associations.

Describes the specified Amazon Web Services Verified Access endpoints.

Describes the specified Verified Access groups.

Describes the specified Amazon Web Services Verified Access instances.

Describes the specified Amazon Web Services Verified Access instances.

Describes the specified Amazon Web Services Verified Access trust providers.

Describes the specified attribute of the specified volume. You can specify only one attribute at a time.

For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.

Describes the status of the specified volumes. Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume\'s underlying host. If the volume\'s underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to be taken in response to the event.

The DescribeVolumeStatus operation provides the following information about the specified volumes:

Status: Reflects the current status of the volume. The possible values are ok, impaired , warning, or insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the overall status is impaired. If the status is insufficient-data, then the checks might still be taking place on your volume at the time. We recommend that you retry the request. For more information about volume status, see Monitor the status of your volumes in the Amazon Elastic Compute Cloud User Guide.

Events: Reflect the cause of a volume status and might require you to take action. For example, if your volume returns an impaired status, then the volume event might be potential-data-inconsistency. This means that your volume has been affected by an issue with the underlying host, has all I/O operations disabled, and might have inconsistent data.

Actions: Reflect the actions you might have to take in response to an event. For example, if the status of the volume is impaired and the volume event shows potential-data-inconsistency, then the action shows enable-volume-io. This means that you may want to enable the I/O operations for the volume by calling the EnableVolumeIO action and then check the volume for data consistency.

Volume status is based on the volume status checks, and does not reflect the volume state. Therefore, volume status does not indicate volumes in the error state (for example, when a volume is incapable of accepting I/O.)

Describes the specified EBS volumes or all of your EBS volumes.

If you are describing a long list of volumes, we recommend that you paginate the output to make the list more manageable. For more information, see Pagination.

For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.

Describes the most recent volume modification request for the specified EBS volumes.

If a volume has never been modified, some information in the output will be null. If a volume has been modified more than once, the output includes only the most recent modification request.

You can also use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. For more information, see Monitor the progress of volume modifications in the Amazon Elastic Compute Cloud User Guide.

Describes the specified attribute of the specified VPC. You can specify only one attribute at a time.

Describes the ClassicLink status of the specified VPCs.

Describes the ClassicLink DNS support status of one or more VPCs. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it\'s linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance.

Describes the connection notifications for VPC endpoints and VPC endpoint services.

Describes the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance.

Describes the VPC endpoint service configurations in your account (your services).

Describes the principals (service consumers) that are permitted to discover your VPC endpoint service.

Describes available services to which you can create a VPC endpoint.

When the service provider and the consumer have different accounts in multiple Availability Zones, and the consumer views the VPC endpoint service information, the response only includes the common Availability Zones. For example, when the service provider account uses us-east-1a and us-east-1c and the consumer uses us-east-1a and us-east-1b, the response includes the VPC endpoint services in the common Availability Zone, us-east-1a.

Describes your VPC endpoints.

Describes one or more of your VPC peering connections.

Describes one or more of your VPCs.

Describes one or more of your VPN connections.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

Describes one or more of your virtual private gateways.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance has been unlinked, the VPC security groups are no longer associated with it. An instance is automatically unlinked from a VPC when it\'s stopped.

Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC. The VPC must not contain any running instances with Elastic IP addresses or public IPv4 addresses.

Detaches a network interface from an instance.

Detaches the specified Amazon Web Services Verified Access trust provider from the specified Amazon Web Services Verified Access instance.

Detaches an EBS volume from an instance. Make sure to unmount any file systems on the device within your operating system before detaching the volume. Failure to do so can result in the volume becoming stuck in the busy state while detaching. If this happens, detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot the instance, or all three. If an EBS volume is the root device of an instance, it can\'t be detached while the instance is running. To detach the root volume, stop the instance first.

When a volume with an Amazon Web Services Marketplace product code is detached from an instance, the product code is no longer associated with the instance.

For more information, see Detach an Amazon EBS volume in the Amazon Elastic Compute Cloud User Guide.

Detaches a virtual private gateway from a VPC. You do this if you\'re planning to turn off the VPC and not use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by describing the virtual private gateway (any attachments to the virtual private gateway are also described).

You must wait for the attachment\'s state to switch to detached before you can delete the VPC or attach a different VPC to the virtual private gateway.

Disables Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon Virtual Private Cloud User Guide.

Disables Infrastructure Performance metric subscriptions.

Disables EBS encryption by default for your account in the current Region.

After you disable encryption by default, you can still create encrypted volumes by enabling encryption when you create each volume.

Disabling encryption by default does not change the encryption status of your existing volumes.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

Discontinue faster launching for a Windows AMI, and clean up existing pre-provisioned snapshots. When you disable faster launching, the AMI uses the standard launch process for each instance. All pre-provisioned snapshots must be removed before you can enable faster launching again.

Disables fast snapshot restores for the specified snapshots in the specified Availability Zones.

Cancels the deprecation of the specified AMI.

For more information, see Deprecate an AMI in the Amazon EC2 User Guide.

Disable the IPAM account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide.

Disables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.

Disables the specified resource attachment from propagating routes to the specified propagation route table.

Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC.

Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that has EC2-Classic instances linked to it.

Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve to public IP addresses when addressed between a linked EC2-Classic instance and instances in the VPC to which it\'s linked.

You must specify a VPC ID in the request.

Disassociates an Elastic IP address from the instance or network interface it\'s associated with.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn\'t return an error.

Disassociates a target network from the specified Client VPN endpoint. When you disassociate the last target network from a Client VPN, the following happens:

• The route that was automatically added for the VPC is deleted

• All active client connections are terminated

• New client connections are disallowed

• The Client VPN endpoint\'s status changes to pending-associate

Disassociates an IAM role from an Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role\'s permission to use the KMS key used to encrypt the private key. This effectively revokes the role\'s permission to use the certificate.

Disassociates an IAM instance profile from a running or stopped instance.

Use DescribeIamInstanceProfileAssociations to get the association ID.

Disassociates one or more targets from an event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

Disassociates a resource discovery from an Amazon VPC IPAM. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.

Disassociates secondary Elastic IP addresses (EIPs) from a public NAT gateway. You cannot disassociate your primary EIP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide.

While disassociating is in progress, you cannot associate/disassociate additional EIPs while the connections are being drained. You are, however, allowed to delete the NAT gateway.

An EIP is released only at the end of MaxDrainDurationSeconds. It stays associated and supports the existing connections but does not support any new connections (new connections are distributed across the remaining associated EIPs). As the existing connections drain out, the EIPs (and the corresponding private IP addresses mapped to them) are released.

Disassociates a subnet or gateway from a route table.

After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the routes in the VPC\'s main route table. For more information about route tables, see Route tables in the Amazon VPC User Guide.

Disassociates a CIDR block from a subnet. Currently, you can disassociate an IPv6 CIDR block only. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.

Disassociates the specified subnets from the transit gateway multicast domain.

Removes the association between an an attachment and a policy table.

Disassociates a resource attachment from a transit gateway route table.

Removes an association between a branch network interface with a trunk network interface.

Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must specify its association ID. You can get the association ID by using DescribeVpcs. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.

You cannot disassociate the CIDR block with which you originally created the VPC (the primary CIDR block).

Enables Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon Virtual Private Cloud User Guide.

Enables Infrastructure Performance subscriptions.

Enables EBS encryption by default for your account in the current Region.

After you enable encryption by default, the EBS volumes that you create are always encrypted, either using the default KMS key or the KMS key that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

You can specify the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

Enabling encryption by default has no effect on the encryption status of your existing volumes.

After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.

When you enable faster launching for a Windows AMI, images are pre-provisioned, using snapshots to launch instances up to 65% faster. To create the optimized Windows image, Amazon EC2 launches an instance and runs through Sysprep steps, rebooting as required. Then it creates a set of reserved snapshots that are used for subsequent launches. The reserved snapshots are automatically replenished as they are used, depending on your settings for launch frequency.

Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.

You get the full benefit of fast snapshot restores after they enter the enabled state. To get the current state of fast snapshot restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores, use DisableFastSnapshotRestores.

For more information, see Amazon EBS fast snapshot restore in the Amazon Elastic Compute Cloud User Guide.

Enables deprecation of the specified AMI at the specified date and time.

For more information, see Deprecate an AMI in the Amazon EC2 User Guide.

Enable an Organizations member account as the IPAM admin account. You cannot select the Organizations management account as the IPAM admin account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide.

Establishes a trust relationship between Reachability Analyzer and Organizations. This operation must be performed by the management account for the organization.

After you establish a trust relationship, a user in the management account or a delegated administrator account can run a cross-account analysis using resources from the member accounts.

Enables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.

Enables the specified attachment to propagate routes to the specified propagation route table.

Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC.

Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent.

Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your ClassicLink-enabled VPC to allow communication over private IP addresses. You cannot enable your VPC for ClassicLink if any of your VPC route tables have existing routes for address ranges within the 10.0.0.0/8 IP address range, excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address ranges.

Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it\'s linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance.

You must specify a VPC ID in the request.

Downloads the client certificate revocation list for the specified Client VPN endpoint.

Downloads the contents of the Client VPN endpoint configuration file for the specified Client VPN endpoint. The Client VPN endpoint configuration file includes the Client VPN endpoint and certificate information clients need to establish a connection with the Client VPN endpoint.

Exports an Amazon Machine Image (AMI) to a VM file. For more information, see Exporting a VM directly from an Amazon Machine Image (AMI) in the VM Import/Export User Guide.

Exports routes from the specified transit gateway route table to the specified S3 bucket. By default, all routes are exported. Alternatively, you can filter by CIDR range.

The routes are saved to the specified bucket in a JSON file. For more information, see Export Route Tables to Amazon S3 in Transit Gateways.

Returns the IAM roles that are associated with the specified ACM (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the KMS key that\'s used to encrypt the private key.

Gets information about the IPv6 CIDR block associations for a specified IPv6 address pool.

Gets network performance data.

Gets usage information about a Capacity Reservation. If the Capacity Reservation is shared, it shows usage information for the Capacity Reservation owner and each Amazon Web Services account that is currently using the shared capacity. If the Capacity Reservation is not shared, it shows only the Capacity Reservation owner\'s usage.

Describes the allocations from the specified customer-owned address pool.

Gets the console output for the specified instance. For Linux instances, the instance console output displays the exact console output that would normally be displayed on a physical monitor attached to a computer. For Windows instances, the instance console output includes the last three system event log errors.

By default, the console output returns buffered information that was posted shortly after an instance transition state (start, stop, reboot, or terminate). This information is available for at least one hour after the most recent post. Only the most recent 64 KB of console output is available.

You can optionally retrieve the latest serial console output at any time during the instance lifecycle. This option is supported on instance types that use the Nitro hypervisor.

For more information, see Instance console output in the Amazon EC2 User Guide.

Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.

The returned content is Base64-encoded.

Describes the default credit option for CPU usage of a burstable performance instance family.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

Describes the default KMS key for EBS encryption by default for your account in this Region. You can change the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

Describes whether EBS encryption by default is enabled for your account in the current Region.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena. This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following:

• Create a table in Athena that maps fields to a custom log format

• Create a Lambda function that updates the table with new partitions on a daily, weekly, or monthly basis

• Create a table partitioned between two timestamps in the past

• Create a set of named queries in Athena that you can use to get started quickly

Lists the resource groups to which a Capacity Reservation has been added.

Preview a reservation purchase with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation.

This is a preview of the PurchaseHostReservation action and does not result in the offering being purchased.

Returns a list of instance types with the specified instance attributes. You can use the response to preview the instance types without launching instances. Note that the response does not consider capacity.

When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.

For more information, see Preview instance types with specified attributes, Attribute-based instance type selection for EC2 Fleet, Attribute-based instance type selection for Spot Fleet, and Spot placement score in the Amazon EC2 User Guide, and Creating an Auto Scaling group using attribute-based instance type selection in the Amazon EC2 Auto Scaling User Guide.

A binary representation of the UEFI variable store. Only non-volatile variables are stored. This is a base64 encoded and zlib compressed binary value that must be properly encoded.

When you use register-image to create an AMI, you can create an exact copy of your variable store by passing the UEFI data in the UefiData parameter. You can modify the UEFI data by using the python-uefivars tool on GitHub. You can use the tool to convert the UEFI data into a human-readable format (JSON), which you can inspect and modify, and then convert back into the binary format to use with register-image.

For more information, see UEFI Secure Boot in the Amazon EC2 User Guide.

Retrieve historical information about a CIDR within an IPAM scope. For more information, see View the history of IP addresses in the Amazon VPC IPAM User Guide.

Gets IPAM discovered accounts. A discovered account is an Amazon Web Services account that is monitored under a resource discovery. If you have integrated IPAM with Amazon Web Services Organizations, all accounts in the organization are discovered accounts. Only the IPAM account can get all discovered accounts in the organization.

Returns the resource CIDRs that are monitored as part of a resource discovery. A discovered resource is a resource CIDR monitored under a resource discovery. The following resources can be discovered: VPCs, Public IPv4 pools, VPC subnets, and Elastic IP addresses.

Get a list of all the CIDR allocations in an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations.

Get the CIDRs provisioned to an IPAM pool.

Returns resource CIDRs managed by IPAM in a given scope. If an IPAM is associated with more than one resource discovery, the resource CIDRs across all of the resource discoveries is returned. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.

Retrieves the configuration data of the specified instance. You can use this data to create a launch template.

This action calls on other describe actions to get instance information. Depending on your instance configuration, you may need to allow the following actions in your IAM policy: DescribeSpotInstanceRequests, DescribeInstanceCreditSpecifications, DescribeVolumes, DescribeInstanceAttribute, and DescribeElasticGpus. Or, you can allow describe* depending on your instance requirements.

Gets information about the resources that are associated with the specified managed prefix list.

Gets information about the entries for a specified managed prefix list.

Gets the findings for the specified Network Access Scope analysis.

Gets the content for the specified Network Access Scope.

Retrieves the encrypted administrator password for a running Windows instance.

The Windows password is generated at boot by the EC2Config service or EC2Launch scripts (Windows Server 2016 and later). This usually only happens the first time an instance is launched. For more information, see EC2Config and EC2Launch in the Amazon EC2 User Guide.

For the EC2Config service, the password is not generated for rebundled AMIs unless Ec2SetPassword is enabled before bundling.

The password is encrypted using the key pair that you specified when you launched the instance. You must provide the corresponding key pair file.

When you launch an instance, password generation and encryption may take a few minutes. If you try to retrieve the password before it\'s available, the output returns an empty string. We recommend that you wait up to 15 minutes after launching an instance before trying to retrieve the generated password.

Returns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance. If the exchange cannot be performed, the reason is returned in the response. Use AcceptReservedInstancesExchangeQuote to perform the exchange.

Retrieves the access status of your account to the EC2 serial console of all instances. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.

Calculates the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements.

You can specify your compute requirements either by using InstanceRequirementsWithMetadata and letting Amazon EC2 choose the optimal instance types to fulfill your Spot request, or you can specify the instance types by using InstanceTypes.

For more information, see Spot placement score in the Amazon EC2 User Guide.

Gets information about the subnet CIDR reservations.

Lists the route tables to which the specified resource attachment propagates routes.

Gets information about the associations for the transit gateway multicast domain.

Gets a list of the transit gateway policy table associations.

Returns a list of transit gateway policy table entries.

Gets information about the prefix list references in a specified transit gateway route table.

Gets information about the associations for the specified transit gateway route table.

Gets information about the route table propagations for the specified transit gateway route table.

Get the Verified Access policy associated with the endpoint.

Shows the contents of the Verified Access policy associated with the group.

Download an Amazon Web Services-provided sample configuration file to be used with the customer gateway device specified for your Site-to-Site VPN connection.

Obtain a list of customer gateway devices for which sample configuration files can be provided. The request has no additional parameters. You can also see the list of device types with sample configuration files available under Your customer gateway device in the Amazon Web Services Site-to-Site VPN User Guide.

Get details of available tunnel endpoint maintenance.

Uploads a client certificate revocation list to the specified Client VPN endpoint. Uploading a client certificate revocation list overwrites the existing client certificate revocation list.

Uploading a client certificate revocation list resets existing client connections.

Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI).

For more information, see Importing a VM as an image using VM Import/Export in the VM Import/Export User Guide.

Creates an import instance task using metadata from the specified disk image.

This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing a VM to Amazon EC2 in the Amazon EC2 CLI Reference PDF file.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead.

For information about the import manifest referenced by this API action, see VM Import Manifest.

Imports the public key from an RSA or ED25519 key pair that you created with a third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services creates the key pair and gives the keys to you (Amazon Web Services keeps a copy of the public key). With ImportKeyPair, you create the key pair and give Amazon Web Services just the public key. The private key is never transferred between you and Amazon Web Services.

For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

Imports a disk into an EBS snapshot.

For more information, see Importing a disk as a snapshot using VM Import/Export in the VM Import/Export User Guide.

Creates an import volume task using metadata from the specified disk image.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead.

This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing Disks to Amazon EBS in the Amazon EC2 CLI Reference PDF file.

For information about the import manifest referenced by this API action, see VM Import Manifest.

Lists one or more AMIs that are currently in the Recycle Bin. For more information, see Recycle Bin in the Amazon EC2 User Guide.

Lists one or more snapshots that are currently in the Recycle Bin.

Modifies an attribute of the specified Elastic IP address. For requirements, see Using reverse DNS for email applications.

Changes the opt-in status of the Local Zone and Wavelength Zone group for your account.

Use DescribeAvailabilityZones to view the value for GroupName.

Modifies a Capacity Reservation\'s capacity and the conditions under which it is to be released. You cannot change a Capacity Reservation\'s instance type, EBS optimization, instance store settings, platform, Availability Zone, or instance eligibility. If you need to modify any of these attributes, we recommend that you cancel the Capacity Reservation, and then create a new one with the required attributes.

Modifies a Capacity Reservation Fleet.

When you modify the total target capacity of a Capacity Reservation Fleet, the Fleet automatically creates new Capacity Reservations, or modifies or cancels existing Capacity Reservations in the Fleet to meet the new total target capacity. When you modify the end date for the Fleet, the end dates for all of the individual Capacity Reservations in the Fleet are updated accordingly.

Modifies the specified Client VPN endpoint. Modifying the DNS server resets existing client connections.

Modifies the default credit option for CPU usage of burstable performance instances. The default credit option is set at the account level per Amazon Web Services Region, and is specified per instance family. All new burstable performance instances in the account launch using the default credit option.

ModifyDefaultCreditSpecification is an asynchronous operation, which works at an Amazon Web Services Region level and modifies the credit option for each Availability Zone. All zones in a Region are updated within five minutes. But if instances are launched during this operation, they might not get the new credit option until the zone is updated. To verify whether the update has occurred, you can call GetDefaultCreditSpecification and check DefaultCreditSpecification for updates.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

Changes the default KMS key for EBS encryption by default for your account in this Region.

Amazon Web Services creates a unique Amazon Web Services managed KMS key in each Region for use with encryption by default. If you change the default KMS key to a symmetric customer managed KMS key, it is used instead of the Amazon Web Services managed KMS key. To reset the default KMS key to the Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon EBS does not support asymmetric KMS keys.

If you delete or disable the customer managed KMS key that you specified for use with encryption by default, your instances will fail to launch.

For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

Modifies the specified EC2 Fleet.

You can only modify an EC2 Fleet request of type maintain.

While the EC2 Fleet is being modified, it is in the modifying state.

To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet launches the additional Spot Instances according to the allocation strategy for the EC2 Fleet request. If the allocation strategy is lowest-price, the EC2 Fleet launches instances using the Spot Instance pool with the lowest price. If the allocation strategy is diversified, the EC2 Fleet distributes the instances across the Spot Instance pools. If the allocation strategy is capacity-optimized, EC2 Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching.

To scale down your EC2 Fleet, decrease its target capacity. First, the EC2 Fleet cancels any open requests that exceed the new target capacity. You can request that the EC2 Fleet terminate Spot Instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowest-price, the EC2 Fleet terminates the instances with the highest price per unit. If the allocation strategy is capacity-optimized, the EC2 Fleet terminates the instances in the Spot Instance pools that have the least available Spot Instance capacity. If the allocation strategy is diversified, the EC2 Fleet terminates instances across the Spot Instance pools. Alternatively, you can request that the EC2 Fleet keep the fleet at its current size, but not replace any Spot Instances that are interrupted or that you terminate manually.

If you are finished with your EC2 Fleet for now, but will use it again later, you can set the target capacity to 0.

Modifies the specified attribute of the specified Amazon FPGA Image (AFI).

Modify the auto-placement setting of a Dedicated Host. When auto-placement is enabled, any instances that you launch with a tenancy of host but without a specific host ID are placed onto any available Dedicated Host in your account that has auto-placement enabled. When auto-placement is disabled, you need to provide a host ID to have the instance launch onto a specific host. If no host ID is provided, the instance is launched onto a suitable host with auto-placement enabled.

You can also use this API action to modify a Dedicated Host to support either multiple instance types in an instance family, or to support a specific instance type only.

Modifies the ID format for the specified resource on a per-Region basis. You can specify that resources should receive longer IDs (17-character IDs) when they are created.

This request can only be used to modify longer ID settings for resource types that are within the opt-in period. Resources currently in their opt-in period include: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

This setting applies to the IAM user who makes the request; it does not apply to the entire Amazon Web Services account. By default, an IAM user defaults to the same settings as the root user. If you\'re using this action as the root user, then these settings apply to the entire account, unless an IAM user explicitly overrides these settings for themselves. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

Resources created with longer IDs are visible to all IAM roles and users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

Modifies the ID format of a resource for a specified IAM user, IAM role, or the root user for an account; or all IAM users, IAM roles, and the root user for an account. You can specify that resources should receive longer IDs (17-character IDs) when they are created.

This request can only be used to modify longer ID settings for resource types that are within the opt-in period. Resources currently in their opt-in period include: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image | import-task | internet-gateway | network-acl | network-acl-association | network-interface | network-interface-attachment | prefix-list | route-table | route-table-association | security-group | subnet | subnet-cidr-block-association | vpc | vpc-cidr-block-association | vpc-endpoint | vpc-peering-connection | vpn-connection | vpn-gateway.

For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.

This setting applies to the principal specified in the request; it does not apply to the principal that makes the request.

Resources created with longer IDs are visible to all IAM roles and users, regardless of these settings and provided that they have permission to use the relevant Describe command for the resource type.

Modifies the specified attribute of the specified AMI. You can specify only one attribute at a time.

To specify the attribute, you can use the Attribute parameter, or one of the following parameters: Description, ImdsSupport, or LaunchPermission.

Images with an Amazon Web Services Marketplace product code cannot be made public.

To enable the SriovNetSupport enhanced networking attribute of an image, enable SriovNetSupport on an instance and create an AMI from the instance.

Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.

Note: Using this action to change the security groups associated with an elastic network interface (ENI) attached to an instance can result in an error if the instance has more than one ENI. To change the security groups associated with an ENI attached to an instance that has multiple ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action.

To modify some attributes, the instance must be stopped. For more information, see Modify a stopped instance in the Amazon EC2 User Guide.

Modifies the Capacity Reservation settings for a stopped instance. Use this action to configure an instance to target a specific Capacity Reservation, run in any open Capacity Reservation with matching attributes, or run On-Demand Instance capacity.

Modifies the credit option for CPU usage on a running or stopped burstable performance instance. The credit options are standard and unlimited.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

Modifies the start time for a scheduled Amazon EC2 instance event.

Modifies the specified event window.

You can define either a set of time ranges or a cron expression when modifying the event window, but not both.

To modify the targets associated with the event window, use the AssociateInstanceEventWindow and DisassociateInstanceEventWindow API.

If Amazon Web Services has already scheduled an event, modifying an event window won\'t change the time of the scheduled event.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default. The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see Simplified automatic recovery.

Modify the instance metadata parameters on a running or stopped instance. When you modify the parameters on a stopped instance, they are applied when the instance is started. When you modify the parameters on a running instance, the API responds with a state of “pending”. After the parameter modifications are successfully applied to the instance, the state of the modifications changes from “pending” to “applied” in subsequent describe-instances API calls. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.

Modifies the placement attributes for a specified instance. You can do the following:

• Modify the affinity between an instance and a Dedicated Host. When affinity is set to host and the instance is not associated with a specific Dedicated Host, the next time the instance is launched, it is automatically associated with the host on which it lands. If the instance is restarted or rebooted, this relationship persists.

• Change the Dedicated Host with which an instance is associated.

• Change the instance tenancy of an instance.

• Move an instance to or from a placement group.

At least one attribute for affinity, host ID, tenancy, or placement group name must be specified in the request. Affinity and tenancy can be modified in the same request.

To modify the host ID, tenancy, placement group, or partition for an instance, the instance must be in the stopped state.

Modify the configurations of an IPAM.

Modify the configurations of an IPAM pool.

For more information, see Modify a pool in the Amazon VPC IPAM User Guide.

Modify a resource CIDR. You can use this action to transfer resource CIDRs between scopes and ignore resource CIDRs that you do not want to manage. If set to false, the resource will not be tracked for overlap, it cannot be auto-imported into a pool, and it will be removed from any pool it has an allocation in.

For more information, see Move resource CIDRs between scopes and Change the monitoring state of resource CIDRs in the Amazon VPC IPAM User Guide.

Modifies a resource discovery. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.

Modify an IPAM scope.

Modifies a launch template. You can specify which version of the launch template to set as the default version. When launching an instance, the default version applies when a launch template version is not specified.

Modifies the specified local gateway route.

Modifies the specified managed prefix list.

Adding or removing entries in a prefix list creates a new version of the prefix list. Changing the name of the prefix list does not affect the version.

If you specify a current version number that does not match the true current version number, the request fails.

Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance.

Modifies the options for instance hostnames for the specified instance.

Modifies the configuration of your Reserved Instances, such as the Availability Zone, instance count, or instance type. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.

For more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.

Modifies the rules of a security group.

Adds or removes permission settings for the specified snapshot. You may add or remove specified Amazon Web Services account IDs from a snapshot\'s list of create volume permissions, but you cannot do both in a single operation. If you need to both add and remove account IDs for a snapshot, you must use multiple operations. You can make up to 500 modifications to a snapshot in a single operation.

Encrypted snapshots and snapshots with Amazon Web Services Marketplace product codes cannot be made public. Snapshots encrypted with your default KMS key cannot be shared with other accounts.

For more information about modifying snapshot permissions, see Share a snapshot in the Amazon Elastic Compute Cloud User Guide.

Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to a full snapshot that includes all of the blocks of data that were written to the volume at the time the snapshot was created, and moved from the standard tier to the archive tier. For more information, see Archive Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

Modifies the specified Spot Fleet request.

You can only modify a Spot Fleet request of type maintain.

While the Spot Fleet request is being modified, it is in the modifying state.

To scale up your Spot Fleet, increase its target capacity. The Spot Fleet launches the additional Spot Instances according to the allocation strategy for the Spot Fleet request. If the allocation strategy is lowestPrice, the Spot Fleet launches instances using the Spot Instance pool with the lowest price. If the allocation strategy is diversified, the Spot Fleet distributes the instances across the Spot Instance pools. If the allocation strategy is capacityOptimized, Spot Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching.

To scale down your Spot Fleet, decrease its target capacity. First, the Spot Fleet cancels any open requests that exceed the new target capacity. You can request that the Spot Fleet terminate Spot Instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowestPrice, the Spot Fleet terminates the instances with the highest price per unit. If the allocation strategy is capacityOptimized, the Spot Fleet terminates the instances in the Spot Instance pools that have the least available Spot Instance capacity. If the allocation strategy is diversified, the Spot Fleet terminates instances across the Spot Instance pools. Alternatively, you can request that the Spot Fleet keep the fleet at its current size, but not replace any Spot Instances that are interrupted or that you terminate manually.

If you are finished with your Spot Fleet for now, but will use it again later, you can set the target capacity to 0.

Modifies a subnet attribute. You can only modify one attribute at a time.

Use this action to modify subnets on Amazon Web Services Outposts.

• To modify a subnet on an Outpost rack, set both MapCustomerOwnedIpOnLaunch and CustomerOwnedIpv4Pool. These two parameters act as a single attribute.

• To modify a subnet on an Outpost server, set either EnableLniAtDeviceIndex or DisableLniAtDeviceIndex.

For more information about Amazon Web Services Outposts, see the following:

• Outpost servers

• Outpost racks

Allows or restricts mirroring network services.

By default, Amazon DNS network services are not eligible for Traffic Mirror. Use AddNetworkServices to add network services to a Traffic Mirror filter. When a network service is added to the Traffic Mirror filter, all traffic related to that network service will be mirrored. When you no longer want to mirror network services, use RemoveNetworkServices to remove the network services from the Traffic Mirror filter.

Modifies the specified Traffic Mirror rule.

DestinationCidrBlock and SourceCidrBlock must both be an IPv4 range or an IPv6 range.

Modifies a Traffic Mirror session.

Modifies the specified transit gateway. When you modify a transit gateway, the modified options are applied to new transit gateway attachments only. Your existing transit gateway attachments are not modified.

Modifies a reference (route) to a prefix list in a specified transit gateway route table.

Modifies the specified VPC attachment.

Modifies the configuration of the specified Amazon Web Services Verified Access endpoint.

Modifies the specified Amazon Web Services Verified Access endpoint policy.

Modifies the specified Amazon Web Services Verified Access group configuration.

Modifies the specified Amazon Web Services Verified Access group policy.

Modifies the configuration of the specified Amazon Web Services Verified Access instance.

Modifies the logging configuration for the specified Amazon Web Services Verified Access instance.

Modifies the configuration of the specified Amazon Web Services Verified Access trust provider.

You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance type, you might be able to apply these changes without stopping the instance or detaching the volume from it. For more information about modifying EBS volumes, see Amazon EBS Elastic Volumes (Linux instances) or Amazon EBS Elastic Volumes (Windows instances).

When you complete a resize operation on your volume, you need to extend the volume\'s file-system size to take advantage of the new storage capacity. For more information, see Extend a Linux file system or Extend a Windows file system.

You can use CloudWatch Events to check the status of a modification to an EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. You can also track the status of a modification using DescribeVolumesModifications. For information about tracking status changes using either method, see Monitor the progress of volume modifications.

With previous-generation instance types, resizing an EBS volume might require detaching and reattaching the volume or stopping and restarting the instance.

After modifying a volume, you must wait at least six hours and ensure that the volume is in the in-use or available state before you can modify the same volume. This is sometimes referred to as a cooldown period.

Modifies a volume attribute.

By default, all I/O operations for the volume are suspended when the data on the volume is determined to be potentially inconsistent, to prevent undetectable, latent data corruption. The I/O access to the volume can be resumed by first enabling I/O access and then checking the data consistency on your volume.

You can change the default behavior to resume I/O operations. We recommend that you change this only for boot volumes or for volumes that are stateless or disposable.

Modifies the specified attribute of the specified VPC.

Modifies attributes of a specified VPC endpoint. The attributes that you can modify depend on the type of VPC endpoint (interface, gateway, or Gateway Load Balancer). For more information, see the Amazon Web Services PrivateLink Guide.

Modifies a connection notification for VPC endpoint or VPC endpoint service. You can change the SNS topic for the notification, or the events for which to be notified.

Modifies the attributes of your VPC endpoint service configuration. You can change the Network Load Balancers or Gateway Load Balancers for your service, and you can specify whether acceptance is required for requests to connect to your endpoint service through an interface VPC endpoint.

If you set or modify the private DNS name, you must prove that you own the private DNS domain name.

Modifies the payer responsibility for your VPC endpoint service.

Modifies the permissions for your VPC endpoint service. You can add or remove permissions for service consumers (Amazon Web Services accounts, users, and IAM roles) to connect to your endpoint service.

If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.

Modifies the VPC peering connection options on one side of a VPC peering connection.

If the peered VPCs are in the same Amazon Web Services account, you can enable DNS resolution for queries from the local VPC. This ensures that queries from the local VPC resolve to private IP addresses in the peer VPC. This option is not available if the peered VPCs are in different Amazon Web Services accounts or different Regions. For peered VPCs in different Amazon Web Services accounts, each Amazon Web Services account owner must initiate a separate request to modify the peering connection options. For inter-region peering connections, you must use the Region for the requester VPC to modify the requester VPC peering options and the Region for the accepter VPC to modify the accepter VPC peering options. To verify which VPCs are the accepter and the requester for a VPC peering connection, use the DescribeVpcPeeringConnections command.

Modifies the instance tenancy attribute of the specified VPC. You can change the instance tenancy attribute of a VPC to default only. You cannot change the instance tenancy attribute to dedicated.

After you modify the tenancy of the VPC, any new instances that you launch into the VPC have a tenancy of default, unless you specify otherwise during launch. The tenancy of any existing instances in the VPC is not affected.

For more information, see Dedicated Instances in the Amazon EC2 User Guide.

Modifies the customer gateway or the target gateway of an Amazon Web Services Site-to-Site VPN connection. To modify the target gateway, the following migration options are available:

• An existing virtual private gateway to a new virtual private gateway

• An existing virtual private gateway to a transit gateway

• An existing transit gateway to a new transit gateway

• An existing transit gateway to a virtual private gateway

Before you perform the migration to the new gateway, you must configure the new gateway. Use CreateVpnGateway to create a virtual private gateway, or CreateTransitGateway to create a transit gateway.

This step is required when you migrate from a virtual private gateway with static routes to a transit gateway.

You must delete the static routes before you migrate to the new gateway.

Keep a copy of the static route before you delete it. You will need to add back these routes to the transit gateway after the VPN connection migration is complete.

After you migrate to the new gateway, you might need to modify your VPC route table. Use CreateRoute and DeleteRoute to make the changes described in Update VPC route tables in the Amazon Web Services Site-to-Site VPN User Guide.

When the new gateway is a transit gateway, modify the transit gateway route table to allow traffic between the VPC and the Amazon Web Services Site-to-Site VPN connection. Use CreateTransitGatewayRoute to add the routes.

If you deleted VPN static routes, you must add the static routes to the transit gateway route table.

After you perform this operation, the VPN endpoint\'s IP addresses on the Amazon Web Services side and the tunnel options remain intact. Your Amazon Web Services Site-to-Site VPN connection will be temporarily unavailable for a brief period while we provision the new endpoints.

Modifies the connection options for your Site-to-Site VPN connection.

When you modify the VPN connection options, the VPN endpoint IP addresses on the Amazon Web Services side do not change, and the tunnel options do not change. Your VPN connection will be temporarily unavailable for a brief period while the VPN connection is updated.

Modifies the VPN tunnel endpoint certificate.

Modifies the options for a VPN tunnel in an Amazon Web Services Site-to-Site VPN connection. You can modify multiple options for a tunnel in a single request, but you can only modify one tunnel at a time. For more information, see Site-to-Site VPN tunnel options for your Site-to-Site VPN connection in the Amazon Web Services Site-to-Site VPN User Guide.

Enables detailed monitoring for a running instance. Otherwise, basic monitoring is enabled. For more information, see Monitor your instances using CloudWatch in the Amazon EC2 User Guide.

To disable detailed monitoring, see UnmonitorInstances.

Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform. The Elastic IP address must be allocated to your account for more than 24 hours, and it must not be associated with an instance. After the Elastic IP address is moved, it is no longer available for use in the EC2-Classic platform, unless you move it back using the RestoreAddressToClassic request. You cannot move an Elastic IP address that was originally allocated for use in the EC2-VPC platform to the EC2-Classic platform.

Move a BYOIPv4 CIDR to IPAM from a public IPv4 pool.

If you already have a BYOIPv4 CIDR with Amazon Web Services, you can move the CIDR to IPAM from a public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If you are bringing a new IP address to Amazon Web Services for the first time, complete the steps in Tutorial: BYOIP address CIDRs to IPAM.

Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr.

Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring your own IP addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide.

Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned. To monitor the status of an address range, use DescribeByoipCidrs. To allocate an Elastic IP address from your IPv4 address pool, use AllocateAddress with either the specific address from the address pool or the ID of the address pool.

Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs to a top-level pool or to transfer a CIDR from a top-level pool to a pool within it.

For more information, see Provision CIDRs to pools in the Amazon VPC IPAM User Guide.

Provision a CIDR to a public IPv4 pool.

For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.

Purchase a reservation with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation. This action results in the specified reservation being purchased and charged to your account.

Purchases a Reserved Instance for use with your account. With Reserved Instances, you pay a lower hourly rate compared to On-Demand instance pricing.

Use DescribeReservedInstancesOfferings to get a list of Reserved Instance offerings that match your specifications. After you\'ve purchased a Reserved Instance, you can check for your new Reserved Instance with DescribeReservedInstances.

To queue a purchase for a future date and time, specify a purchase time. If you do not specify a purchase time, the default is the current time.

For more information, see Reserved Instances and Reserved Instance Marketplace in the Amazon EC2 User Guide.

Purchases the Scheduled Instances with the specified schedule.

Scheduled Instances enable you to purchase Amazon EC2 compute capacity by the hour for a one-year term. Before you can purchase a Scheduled Instance, you must call DescribeScheduledInstanceAvailability to check for available schedules and obtain a purchase token. After you purchase a Scheduled Instance, you must call RunScheduledInstances during each scheduled time period.

After you purchase a Scheduled Instance, you can\'t cancel, modify, or resell your purchase.

Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.

If an instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard reboot.

For more information about troubleshooting, see Troubleshoot an unreachable instance in the Amazon EC2 User Guide.

Registers an AMI. When you\'re creating an AMI, this is the final step you must complete before you can launch an instance from the AMI. For more information about creating AMIs, see Create your own AMI in the Amazon Elastic Compute Cloud User Guide.

If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. If you make changes to an image, deregister the previous image and register the new image.

Register a snapshot of a root device volume

You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a snapshot of a root device volume. You specify the snapshot using a block device mapping. You can\'t set the encryption state of the volume using the block device mapping. If the snapshot is encrypted, or encryption by default is enabled, the root volume of an instance launched from the AMI is encrypted.

For more information, see Create a Linux AMI from a snapshot and Use encryption with Amazon EBS-backed AMIs in the Amazon Elastic Compute Cloud User Guide.

Amazon Web Services Marketplace product codes

If any snapshots have Amazon Web Services Marketplace product codes, they are copied to the new AMI.

Windows and some Linux distributions, such as Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the Amazon EC2 billing product code associated with an AMI to verify the subscription status for package updates. To create a new AMI for operating systems that require a billing product code, instead of registering the AMI, do the following to preserve the billing product code association:

1. Launch an instance from an existing AMI with that billing product code.

2. Customize the instance.

3. Create an AMI from the instance using CreateImage.

If you purchase a Reserved Instance to apply to an On-Demand Instance that was launched from an AMI with a billing product code, make sure that the Reserved Instance has the matching billing product code. If you purchase a Reserved Instance without the matching billing product code, the Reserved Instance will not be applied to the On-Demand Instance. For information about how to obtain the platform details and billing information of an AMI, see Understand AMI billing information in the Amazon EC2 User Guide.

Registers a set of tag keys to include in scheduled event notifications for your resources.

To remove tags, use DeregisterInstanceEventNotificationAttributes.

Registers members (network interfaces) with the transit gateway multicast group. A member is a network interface associated with a supported EC2 instance that receives multicast traffic. For information about supported instances, see Multicast Consideration in Amazon VPC Transit Gateways.

After you add the members, use SearchTransitGatewayMulticastGroups to verify that the members were added to the transit gateway multicast group.

Registers sources (network interfaces) with the specified transit gateway multicast group.

A multicast source is a network interface attached to a supported instance that sends multicast traffic. For information about supported instances, see Multicast Considerations in Amazon VPC Transit Gateways.

After you add the source, use SearchTransitGatewayMulticastGroups to verify that the source was added to the multicast group.

Rejects a request to associate cross-account subnets with a transit gateway multicast domain.

Rejects a transit gateway peering attachment request.

Rejects a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachment to accept a VPC attachment request.

Rejects VPC endpoint connection requests to your VPC endpoint service.

Rejects a VPC peering connection request. The VPC peering connection must be in the pending-acceptance state. Use the DescribeVpcPeeringConnections request to view your outstanding VPC peering connection requests. To delete an active VPC peering connection, or to delete a VPC peering connection request that you initiated, use DeleteVpcPeeringConnection.

Releases the specified Elastic IP address.

[Default VPC] Releasing an Elastic IP address automatically disassociates it from any instance that it\'s associated with. To disassociate an Elastic IP address without releasing it, use DisassociateAddress.

[Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic IP address before you can release it. Otherwise, Amazon EC2 returns an error (InvalidIPAddress.InUse).

After releasing an Elastic IP address, it is released to the IP address pool. Be sure to update your DNS records and any servers or devices that communicate with the address. If you attempt to release an Elastic IP address that you already released, you\'ll get an AuthFailure error if the address is already allocated to another Amazon Web Services account.

After you release an Elastic IP address, you might be able to recover it. For more information, see AllocateAddress.

When you no longer want to use an On-Demand Dedicated Host it can be released. On-Demand billing is stopped and the host goes into released state. The host ID of Dedicated Hosts that have been released can no longer be specified in another request, for example, to modify the host. You must stop or terminate all instances on a host before it can be released.

When Dedicated Hosts are released, it may take some time for them to stop counting toward your limit and you may receive capacity errors when trying to allocate new Dedicated Hosts. Wait a few minutes and then try again.

Released hosts still appear in a DescribeHosts response.

Release an allocation within an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations. You can only use this action to release manual allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using ModifyIpamResourceCidr. For more information, see Release an allocation in the Amazon VPC IPAM User Guide.

Replaces an IAM instance profile for the specified running instance. You can use this action to change the IAM instance profile that\'s associated with an instance without having to disassociate the existing IAM instance profile first.

Use DescribeIamInstanceProfileAssociations to get the association ID.

Changes which network ACL a subnet is associated with. By default when you create a subnet, it\'s automatically associated with the default network ACL. For more information, see Network ACLs in the Amazon VPC User Guide.

This is an idempotent operation.

Replaces an entry (rule) in a network ACL. For more information, see Network ACLs in the Amazon VPC User Guide.

Replaces an existing route within a route table in a VPC.

You must specify either a destination CIDR block or a prefix list ID. You must also specify exactly one of the resources from the parameter list, or reset the local route to its default target.

For more information, see Route tables in the Amazon VPC User Guide.

Changes the route table associated with a given subnet, internet gateway, or virtual private gateway in a VPC. After the operation completes, the subnet or gateway uses the routes in the new route table. For more information about route tables, see Route tables in the Amazon VPC User Guide.

You can also use this operation to change which table is the main route table in the VPC. Specify the main route table\'s association ID and the route table ID of the new main route table.

Replaces the specified route in the specified transit gateway route table.

Trigger replacement of specified VPN tunnel.

Submits feedback about the status of an instance. The instance must be in the running state. If your experience with the instance differs from the instance status returned by DescribeInstanceStatus, use ReportInstanceStatus to report your experience with the instance. Amazon EC2 collects this information to improve the accuracy of status checks.

Use of this action does not change the value returned by DescribeInstanceStatus.

Creates a Spot Fleet request.

The Spot Fleet request specifies the total target capacity and the On-Demand target capacity. Amazon EC2 calculates the difference between the total capacity and On-Demand capacity, and launches the difference as Spot capacity.

You can submit a single request that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.

By default, the Spot Fleet requests Spot Instances in the Spot Instance pool where the price per unit is the lowest. Each launch specification can include its own instance weighting that reflects the value of the instance type to your application workload.

Alternatively, you can specify that the Spot Fleet distribute the target capacity across the Spot pools included in its launch specifications. By ensuring that the Spot Instances in your Spot Fleet are in different Spot pools, you can improve the availability of your fleet.

You can specify tags for the Spot Fleet request and instances launched by the fleet. You cannot tag other resource types in a Spot Fleet request because only the spot-fleet-request and instance resource types are supported.

For more information, see Spot Fleet requests in the Amazon EC2 User Guide.

Creates a Spot Instance request.

For more information, see Spot Instance requests in the Amazon EC2 User Guide for Linux Instances.

Resets the attribute of the specified IP address. For requirements, see Using reverse DNS for email applications.

Resets the default KMS key for EBS encryption for your account in this Region to the Amazon Web Services managed KMS key for EBS.

After resetting the default KMS key to the Amazon Web Services managed KMS key, you can continue to encrypt by a customer managed KMS key by specifying it when you create the volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its default value. You can only reset the load permission attribute.

Resets an attribute of an AMI to its default value.

Resets an attribute of an instance to its default value. To reset the kernel or ramdisk, the instance must be in a stopped state. To reset the sourceDestCheck, the instance can be either running or stopped.

The sourceDestCheck attribute controls whether source/destination checking is enabled. The default value is true, which means checking is enabled. This value must be false for a NAT instance to perform NAT. For more information, see NAT Instances in the Amazon VPC User Guide.

Resets a network interface attribute. You can specify only one attribute at a time.

Resets permission settings for the specified snapshot.

For more information about modifying snapshot permissions, see Share a snapshot in the Amazon Elastic Compute Cloud User Guide.

Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform. You cannot move an Elastic IP address that was originally allocated for use in EC2-VPC. The Elastic IP address must not be associated with an instance or network interface.

Restores an AMI from the Recycle Bin. For more information, see Recycle Bin in the Amazon EC2 User Guide.

Restores the entries from a previous version of a managed prefix list to a new version of the prefix list.

Restores a snapshot from the Recycle Bin. For more information, see Restore snapshots from the Recycle Bin in the Amazon Elastic Compute Cloud User Guide.

Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore period or restore type for a snapshot that was previously temporarily restored.

For more information see Restore an archived snapshot and modify the restore period or restore type for a temporarily restored snapshot in the Amazon Elastic Compute Cloud User Guide.

Removes an ingress authorization rule from a Client VPN endpoint.

Removes the specified outbound (egress) rules from the specified security group.

You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule\'s values exactly. Each rule has a protocol, from and to ports, and destination (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.

For a default VPC, if the values you specify do not match the existing rule\'s values, no error is returned, and the output describes the security group rules that were not revoked.

Amazon Web Services recommends that you describe the security group to verify that the rules were removed.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

Removes the specified inbound (ingress) rules from a security group.

You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule\'s values exactly. Each rule has a protocol, from and to ports, and source (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.

For a default VPC, if the values you specify do not match the existing rule\'s values, no error is returned, and the output describes the security group rules that were not revoked.

Amazon Web Services recommends that you describe the security group to verify that the rules were removed.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

Launches the specified number of instances using an AMI for which you have permissions.

You can specify a number of options, or leave the default options. The following rules apply:

• If you don\'t specify a subnet ID, we choose a default subnet from your default VPC for you. If you don\'t have a default VPC, you must specify a subnet ID in the request.

• All instances have a network interface with a primary private IPv4 address. If you don\'t specify this address, we choose one from the IPv4 range of your subnet.

• Not all instance types support IPv6 addresses. For more information, see Instance types.

• If you don\'t specify a security group ID, we use the default security group. For more information, see Security groups.

• If any of the AMIs have a product code attached for which the user has not subscribed, the request fails.

You can create a launch template, which is a resource that contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify the launch template instead of specifying the launch parameters.

To ensure faster instance launches, break up large requests into smaller batches. For example, create five separate launch requests for 100 instances each instead of one launch request for 500 instances.

An instance is ready for you to use when it\'s in the running state. You can check the state of your instance using DescribeInstances. You can tag instances and EBS volumes during launch, after launch, or both. For more information, see CreateTags and Tagging your Amazon EC2 resources.

Linux instances have access to the public key of the key pair at boot. You can use this key to provide secure access to the instance. Amazon EC2 public images use this feature to provide secure access without passwords. For more information, see Key pairs.

For troubleshooting, see What to do if an instance immediately terminates, and Troubleshooting connecting to your instance.

Launches the specified Scheduled Instances.

Before you can launch a Scheduled Instance, you must purchase it and obtain an identifier using PurchaseScheduledInstances.

You must launch a Scheduled Instance during its scheduled time period. You can\'t stop or reboot a Scheduled Instance, but you can terminate it as needed. If you terminate a Scheduled Instance before the current scheduled time period ends, you can launch it again after a few minutes. For more information, see Scheduled Instances in the Amazon EC2 User Guide.

Searches for routes in the specified local gateway route table.

Searches one or more transit gateway multicast groups and returns the group membership information.

Searches for routes in the specified transit gateway route table.

Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a kernel panic (on Linux instances), or a blue screen/stop error (on Windows instances). For instances based on Intel and AMD processors, the interrupt is received as a non-maskable interrupt (NMI).

In general, the operating system crashes and reboots when a kernel panic or stop error is triggered. The operating system can also be configured to perform diagnostic tasks, such as generating a memory dump file, loading a secondary kernel, or obtaining a call trace.

Before sending a diagnostic interrupt to your instance, ensure that its operating system is configured to perform the required diagnostic tasks.

For more information about configuring your operating system to generate a crash dump when a kernel panic or stop error occurs, see Send a diagnostic interrupt (for advanced users) (Linux instances) or Send a diagnostic interrupt (for advanced users) (Windows instances).

Starts an Amazon EBS-backed instance that you\'ve previously stopped.

Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for instance usage. However, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM.

Performing this operation on an instance that uses an instance store as its root device returns an error.

If you attempt to start a T3 instance with host tenancy and the unlimted CPU credit option, the request fails. The unlimited CPU credit option is not supported on Dedicated Hosts. Before you start the instance, either change its CPU credit option to standard, or change its tenancy to default or dedicated.

For more information, see Stop and start your instance in the Amazon EC2 User Guide.

Starts analyzing the specified Network Access Scope.

Starts analyzing the specified path. If the path is reachable, the operation returns the shortest feasible path.

Initiates the verification process to prove that the service provider owns the private DNS name domain for the endpoint service.

The service provider must successfully perform the verification before the consumer can use the name to access the service.

Before the service provider runs this command, they must add a record to the DNS server.

Stops an Amazon EBS-backed instance. For more information, see Stop and start your instance in the Amazon EC2 User Guide.

You can use the Stop action to hibernate an instance if the instance is enabled for hibernation and it meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

We don\'t charge usage for a stopped instance, or data transfer fees; however, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

You can\'t stop or hibernate instance store-backed instances. You can\'t use the Stop action to hibernate Spot Instances, but you can specify that Amazon EC2 should hibernate Spot Instances when they are interrupted. For more information, see Hibernating interrupted Spot Instances in the Amazon EC2 User Guide.

When you stop or hibernate an instance, we shut it down. You can restart your instance at any time. Before stopping or hibernating an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM, but hibernating an instance does preserve data stored in RAM. If an instance cannot hibernate successfully, a normal shutdown occurs.

Stopping and hibernating an instance is different to rebooting or terminating it. For example, when you stop or hibernate an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, the root device and any other devices attached during the instance launch are automatically deleted. For more information about the differences between rebooting, stopping, hibernating, and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

When you stop an instance, we attempt to shut it down forcibly after a short while. If your instance appears stuck in the stopping state after a period of time, there may be an issue with the underlying host computer. For more information, see Troubleshoot stopping your instance in the Amazon EC2 User Guide.

Terminates active Client VPN endpoint connections. This action can be used to terminate a specific client connection, or up to five connections established by a specific user.

Shuts down the specified instances. This operation is idempotent; if you terminate an instance more than once, each call succeeds.

If you specify multiple instances and the request fails (for example, because of a single incorrect instance ID), none of the instances are terminated.

If you terminate multiple instances across multiple Availability Zones, and one or more of the specified instances are enabled for termination protection, the request fails with the following results:

• The specified instances that are in the same Availability Zone as the protected instance are not terminated.

• The specified instances that are in different Availability Zones, where no other specified instances are protected, are successfully terminated.

For example, say you have the following instances:

• Instance A: us-east-1a; Not protected

• Instance B: us-east-1a; Not protected

• Instance C: us-east-1b; Protected

• Instance D: us-east-1b; not protected

If you attempt to terminate all of these instances in the same request, the request reports failure with the following results:

• Instance A and Instance B are successfully terminated because none of the specified instances in us-east-1a are enabled for termination protection.

• Instance C and Instance D fail to terminate because at least one of the specified instances in us-east-1b (Instance C) is enabled for termination protection.

Terminated instances remain visible after termination (for approximately one hour).

By default, Amazon EC2 deletes all EBS volumes that were attached when the instance launched. Volumes attached after instance launch continue running.

You can stop, start, and terminate EBS-backed instances. You can only terminate instance store-backed instances. What happens to an instance differs if you stop it or terminate it. For example, when you stop an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, any attached EBS volumes with the DeleteOnTermination block device mapping parameter set to true are automatically deleted. For more information about the differences between stopping and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

For more information about troubleshooting, see Troubleshooting terminating your instance in the Amazon EC2 User Guide.

Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a network interface.

Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation prefixes from a network interface.

Unassigns secondary private IPv4 addresses from a private NAT gateway. You cannot unassign your primary private IP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide.

While unassigning is in progress, you cannot assign/unassign additional IP addresses while the connections are being drained. You are, however, allowed to delete the NAT gateway.

A private IP address will only be released at the end of MaxDrainDurationSeconds. The private IP addresses stay associated and support the existing connections, but do not support any new connections (new connections are distributed across the remaining assigned private IP address). After the existing connections drain out, the private IP addresses are released.

', 'UnmonitorInstances' => '

Disables detailed monitoring for a running instance. For more information, see Monitoring your instances and volumes in the Amazon EC2 User Guide.

Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.

Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.

Stops advertising an address range that is provisioned as an address pool.

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

It can take a few minutes before traffic to the specified addresses stops routing to Amazon Web Services because of BGP propagation delays.

The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance.

The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance.

To exclude accelerator-enabled instance types, set Max to 0.

Default: No minimum or maximum limits

The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance. To exclude accelerator-enabled instance types, set Max to 0.

The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance.

To exclude accelerator-enabled instance types, set Max to 0.

Default: No minimum or maximum limits

Indicates whether instance types must have accelerators by specific manufacturers.

• For instance types with NVIDIA devices, specify nvidia.

• For instance types with AMD devices, specify amd.

• For instance types with Amazon Web Services devices, specify amazon-web-services.

• For instance types with Xilinx devices, specify xilinx.

Default: Any manufacturer

Indicates whether instance types must have accelerators by specific manufacturers.

• For instance types with NVIDIA devices, specify nvidia.

• For instance types with AMD devices, specify amd.

• For instance types with Amazon Web Services devices, specify amazon-web-services.

• For instance types with Xilinx devices, specify xilinx.

Default: Any manufacturer

The accelerators that must be on the instance type.

• For instance types with NVIDIA A100 GPUs, specify a100.

• For instance types with NVIDIA V100 GPUs, specify v100.

• For instance types with NVIDIA K80 GPUs, specify k80.

• For instance types with NVIDIA T4 GPUs, specify t4.

• For instance types with NVIDIA M60 GPUs, specify m60.

• For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520.

• For instance types with Xilinx VU9P FPGAs, specify vu9p.

• For instance types with Amazon Web Services Inferentia chips, specify inferentia.

• For instance types with NVIDIA GRID K520 GPUs, specify k520.

Default: Any accelerator

The accelerators that must be on the instance type.

• For instance types with NVIDIA A100 GPUs, specify a100.

• For instance types with NVIDIA V100 GPUs, specify v100.

• For instance types with NVIDIA K80 GPUs, specify k80.

• For instance types with NVIDIA T4 GPUs, specify t4.

• For instance types with NVIDIA M60 GPUs, specify m60.

• For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520.

• For instance types with Xilinx VU9P FPGAs, specify vu9p.

• For instance types with Amazon Web Services Inferentia chips, specify inferentia.

• For instance types with NVIDIA GRID K520 GPUs, specify k520.

Default: Any accelerator

The minimum and maximum amount of total accelerator memory, in MiB.

The minimum and maximum amount of total accelerator memory, in MiB.

Default: No minimum or maximum limits

The minimum and maximum amount of total accelerator memory, in MiB.

The minimum and maximum amount of total accelerator memory, in MiB.

Default: No minimum or maximum limits

The accelerator types that must be on the instance type.

• For instance types with GPU accelerators, specify gpu.

• For instance types with FPGA accelerators, specify fpga.

• For instance types with inference accelerators, specify inference.

Default: Any accelerator type

The accelerator types that must be on the instance type.

• To include instance types with GPU hardware, specify gpu.

• To include instance types with FPGA hardware, specify fpga.

• To include instance types with inference hardware, specify inference.

Default: Any accelerator type

Contains the parameters for accepting the quote.

The result of the exchange and whether it was successful.

Describes a finding for a Network Access Scope.

The findings associated with Network Access Scope Analysis.

Describes a path.

The paths to match.

The paths to exclude.

The paths to match.

The paths to exclude.

Describes a path.

Describes an account attribute.

Information about the account attributes.

The account attribute names.

Describes a value of an account attribute.

The values for the account attribute.

Describes a running instance in a Spot Fleet.

The running instances. This list is refreshed periodically and might be out of date.

The running instances. This list is refreshed periodically and might be out of date.

The progress of the Spot Fleet request. If there is an error, the status is error. After all requests are placed, the status is pending_fulfillment. If the size of the fleet is equal to or greater than its target capacity, the status is fulfilled. If the size of the fleet is decreased, the status is pending_termination while Spot Instances are terminating.

Add an operating Region to an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

The operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

Operating Regions for the IPAM resource discovery. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

Choose the operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.

Add operating Regions to the resource discovery. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.

One or more entries for the prefix list.

One or more entries to add to the prefix list.

An entry for a prefix list.

Describes a principal.

Information about the added principals.

Describes an additional detail for a path analysis. For more information, see Reachability Analyzer additional detail codes.

The additional details.

Describes an Elastic IP address, or a carrier IP address.

The attributes associated with an Elastic IP address.

Information about the Elastic IP address.

Information about the IP address.

The attribute of the IP address.

The attribute of the IP address.

The IP protocol assigned to this IPAM pool. You must choose either IPv4 or IPv6 protocol for a pool.

The address family of the pool.

Information about the Elastic IP addresses.

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

Information about the IP addresses.

Details on the Elastic IP address transfer. For more information, see Transfer Elastic IP addresses in the Amazon Virtual Private Cloud User Guide.

An Elastic IP address transfer.

An Elastic IP address transfer.

An Elastic IP address transfer.

The Elastic IP address transfer.

The Elastic IP address transfer status.

The affinity setting for the instance.

Contains the output of AllocateHosts.

[EC2-VPC] The allocation ID.

The allocation ID. This is required.

[Public NAT gateways only] The allocation ID of an Elastic IP address to associate with the NAT gateway. You cannot specify an Elastic IP address with a private NAT gateway. If the Elastic IP address is associated with another resource, you must first disassociate it.

The allocation ID of an Elastic IP address.

The allocation ID of an Elastic IP address.

[EC2-VPC] The allocation ID.

The allocation ID. This parameter is required.

[EC2-VPC] The allocation ID.

The allocation IDs of EIPs that you want to associate with your NAT gateway.

Secondary EIP allocation IDs. For more information, see Create a NAT gateway in the Amazon VPC User Guide.

The allocation IDs of Elastic IP addresses.

Information about the allocation IDs.

[EC2-VPC] The allocation IDs.

The Dedicated Host\'s state.

The strategy that determines how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the Spot Fleet launch configuration. For more information, see Allocation strategies for Spot Instances in the Amazon EC2 User Guide.

priceCapacityOptimized (recommended)

Spot Fleet identifies the pools with the highest capacity availability for the number of instances that are launching. This means that we will request Spot Instances from the pools that we believe have the lowest chance of interruption in the near term. Spot Fleet then requests Spot Instances from the lowest priced of these pools.

capacityOptimized

Spot Fleet identifies the pools with the highest capacity availability for the number of instances that are launching. This means that we will request Spot Instances from the pools that we believe have the lowest chance of interruption in the near term. To give certain instance types a higher chance of launching first, use capacityOptimizedPrioritized. Set a priority for each instance type by using the Priority parameter for LaunchTemplateOverrides. You can assign the same priority to different LaunchTemplateOverrides. EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. capacityOptimizedPrioritized is supported only if your Spot Fleet uses a launch template. Note that if the OnDemandAllocationStrategy is set to prioritized, the same priority is applied when fulfilling On-Demand capacity.

diversified

Spot Fleet requests instances from all of the Spot Instance pools that you specify.

lowestPrice

Spot Fleet requests instances from the lowest priced Spot Instance pool that has available capacity. If the lowest priced pool doesn\'t have available capacity, the Spot Instances come from the next lowest priced pool that has available capacity. If a pool runs out of capacity before fulfilling your desired capacity, Spot Fleet will continue to fulfill your request by drawing from the next lowest priced pool. To ensure that your desired capacity is met, you might receive Spot Instances from several pools. Because this strategy only considers instance price and not capacity availability, it might lead to high interruption rates.

Default: lowestPrice

The usage type. used indicates that the instance capacity is in use by instances that are running in the Capacity Reservation.

The instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes.

You can use strings with one or more wild cards, represented by an asterisk (*), to allow an instance type, size, or generation. The following are examples: m5.8xlarge, c5*.*, m5a.*, r*, *3*.

For example, if you specify c5*,Amazon EC2 will allow the entire C5 instance family, which includes all C5a and C5n instance types. If you specify m5a.*, Amazon EC2 will allow all the M5a instance types, but not the M5n instance types.

Default: All instance types

The instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes.

You can use strings with one or more wild cards, represented by an asterisk (*), to allow an instance type, size, or generation. The following are examples: m5.8xlarge, c5*.*, m5a.*, r*, *3*.

For example, if you specify c5*,Amazon EC2 will allow the entire C5 instance family, which includes all C5a and C5n instance types. If you specify m5a.*, Amazon EC2 will allow all the M5a instance types, but not the M5n instance types.

Default: All instance types

Describes a principal.

Information about the allowed principals.

Indicates whether the Dedicated Host supports multiple instance types of the same instance family. If the value is on, the Dedicated Host supports multiple instance types in the instance family. If the value is off, the Dedicated Host supports a single instance type only.

Describes an potential intermediate component of a feasible path.

Potential intermediate components.

Indicates whether the instance is enabled for AMD SEV-SNP. For more information, see AMD SEV-SNP.

Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see AMD SEV-SNP.

Indicates whether the instance is enabled for AMD SEV-SNP. For more information, see AMD SEV-SNP.

Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see AMD SEV-SNP.

Describes a network access control (ACL) rule.

The network ACL rule.

The network ACL rule.

Describes a path component.

The path component.

The VPC endpoint service.

Information about the instance.

The network ACL.

The resource to which the component is attached.

The component.

The customer gateway.

The destination.

The destination VPC.

The route table.

The internet gateway.

The target group.

The load balancer listener.

The NAT gateway.

The network interface.

The VPC peering connection.

The prefix list.

The route table.

The security group.

The source VPC.

The subnet.

The route table for the subnet.

The component VPC.

The VPC endpoint.

The VPN connection.

The VPN gateway.

The transit gateway.

The transit gateway route table.

The transit gateway attachment.

The resource to which the path component is attached.

The component.

The destination VPC.

The source VPC.

The subnet.

The component VPC.

The transit gateway.

The load balancer listener.

The load balancers.

The target groups.

The security groups.

Describes a load balancer listener.

The listener for a Classic Load Balancer.

Describes a load balancer target.

The target.

Describes a header. Reflects any changes made by a component as traffic passes through. The fields of an inbound header are null except for the first component of a path.

The outbound header.

The inbound header.

Describes a route table route.

The route table route.

The route table route.

Describes a security group rule.

The security group rule.

The security group rule.

The status of Network Access Scope Analysis.

The status.

The status of the network insights analysis.

Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable.

Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable.

Indicates whether appliance mode support is enabled.

The architectures supported by the instance type.

The processor architecture type.

The architecture type.

The architecture of the image.

The architecture of the instance.

The architecture of the image.

The architecture of the AMI.

Default: For Amazon EBS-backed AMIs, i386. For instance store-backed AMIs, the architecture specified in the manifest file.

The Amazon Resource Names (ARN) of the resources that the path must traverse.

The Amazon Resource Names (ARN) of the resources that the path must traverse.

The ID of the Outpost hardware asset on which the Dedicated Host is allocated.

The IDs of the Outpost hardware assets on which to allocate the Dedicated Hosts. Targeting specific hardware assets on an Outpost can help to minimize latency between your workloads. This parameter is supported only if you specify OutpostArn. If you are allocating the Dedicated Hosts in a Region, omit this parameter.

• If you specify this parameter, you can omit Quantity. In this case, Amazon EC2 allocates a Dedicated Host on each specified hardware asset.

• If you specify both AssetIds and Quantity, then the value for Quantity must be equal to the number of asset IDs specified.

Contains the parameters for AssignPrivateIpAddresses.

Describes the private IP addresses assigned to a network interface.

The private IP addresses assigned to the network interface.

The target network type.

Information about the associated IAM roles.

Information about the associated IAM roles.

Describes a target network that is associated with a Client VPN endpoint. A target network is a subnet in a VPC.

Information about the associated target networks. A target network is a subnet in a VPC.

The IAM instance profile associations.

Describes the state of a target network association.

The current state of the target network association.

The current state of the target network association.

The current state of the target network association.

The state of the target network association.

Describes integration options for Amazon Athena.

Information about the integration with Amazon Athena.

Contains the parameters for AttachNetworkInterface.

Contains the output of AttachNetworkInterface.

Contains the parameters for AttachVpnGateway.

Contains the output of AttachVpnGateway.

Describes the ENA Express configuration for the network interface that\'s attached to the instance.

Configures ENA Express for the network interface that this action attaches to the instance.

Describes the ENA Express configuration for UDP traffic on the network interface that\'s attached to the instance.

ENA Express configuration for UDP network traffic.

The attachment state.

The attachment state.

The current state of the attachment. For an internet gateway, the state is available when attached to a VPC; otherwise, this value is not returned.

The attachment state.

The current state of the attachment.

Describes a value for a resource attribute that is a Boolean value.

Indicates whether source/destination checking is enabled.

The state of autoEnableIO attribute.

Indicates whether the instances launched in the VPC get DNS hostnames. If this attribute is true, instances in the VPC get DNS hostnames; otherwise, they do not.

Indicates whether DNS resolution is enabled for the VPC. If this attribute is true, the Amazon DNS server resolves DNS hostnames for your instances to their corresponding IP addresses; otherwise, it does not.

Indicates whether Network Address Usage metrics are enabled for your VPC.

If the value is true, you can\'t terminate the instance through the Amazon EC2 console, CLI, or API; otherwise, you can.

Indicates whether enhanced networking with ENA is enabled.

Indicates whether the instance is optimized for Amazon EBS I/O.

Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.

To enable the instance for Amazon Web Services Stop Protection, set this parameter to true; otherwise, set it to false.

Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.

If the value is true, you can\'t terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. You cannot use this parameter for Spot Instances.

Specifies whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn\'t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Set to true to enable enhanced networking with ENA for the instance.

This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.

Indicates whether an instance is enabled for stop protection. For more information, see Stop Protection.

', 'ModifyNetworkInterfaceAttributeRequest$SourceDestCheck' => '

Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.

Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. This includes a network interface that\'s created when launching an instance into the subnet (the instance therefore receives an IPv6 address).

If you enable the IPv6 addressing feature for your subnet, your network interface or instance only receives an IPv6 address if it\'s created using version 2016-11-15 or later of the Amazon EC2 API.

Specify true to indicate that network interfaces attached to instances created in the specified subnet should be assigned a public IPv4 address.

Specify true to indicate that network interfaces attached to instances created in the specified subnet should be assigned a customer-owned IPv4 address.

When this value is true, you must specify the customer-owned IP pool using CustomerOwnedIpv4Pool.

Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations.

Indicates whether to respond to DNS queries for instance hostnames with DNS A records.

Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.

Specify true to indicate that local network interfaces at the current position should be disabled.

Indicates whether the volume should be auto-enabled for I/O operations.

Indicates whether the instances launched in the VPC get DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do not.

You cannot modify the DNS resolution and DNS hostnames attributes in the same request. Use separate requests for each attribute. You can only enable DNS hostnames if you\'ve enabled DNS support.

Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled.

You cannot modify the DNS resolution and DNS hostnames attributes in the same request. Use separate requests for each attribute.

Indicates whether Network Address Usage metrics are enabled for your VPC.

Describes a value for a resource attribute that is a String.

The description of the network interface.

A description for the AMI.

The kernel ID.

The RAM disk ID.

Indicates whether enhanced networking with the Intel 82599 Virtual Function interface is enabled.

The boot mode.

If the image is configured for NitroTPM support, the value is v2.0.

Base64 representation of the non-volatile UEFI variable store. To retrieve the UEFI data, use the GetInstanceUefiData command. You can inspect and modify the UEFI data by using the python-uefivars tool on GitHub. For more information, see UEFI Secure Boot in the Amazon EC2 User Guide.

The date and time, in ISO 8601 date-time format, when the AMI was last used to launch an EC2 instance. When the AMI is used to launch an instance, there is a 24-hour delay before that usage is reported.

If v2.0, it indicates that IMDSv2 is specified in the AMI. Instances launched from this AMI will have HttpTokens automatically set to required so that, by default, the instance requires that IMDSv2 is used when requesting instance metadata. In addition, HttpPutResponseHopLimit is set to 2. For more information, see Configure the AMI in the Amazon EC2 User Guide.

Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).

The instance type.

The kernel ID.

The RAM disk ID.

The device name of the root device volume (for example, /dev/sda1).

Indicates whether enhanced networking with the Intel 82599 Virtual Function interface is enabled.

The user data.

A new description for the AMI.

Set to v2.0 to indicate that IMDSv2 is specified in the AMI. Instances launched from this AMI will have HttpTokens automatically set to required so that, by default, the instance requires that IMDSv2 is used when requesting instance metadata. In addition, HttpPutResponseHopLimit is set to 2. For more information, see Configure the AMI in the Amazon EC2 User Guide.

Specifies whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).

Changes the instance type to the specified value. For more information, see Instance types in the Amazon EC2 User Guide. If the instance type is not valid, the error returned is InvalidInstanceAttributeValue.

Changes the instance\'s kernel to the specified value. We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.

Changes the instance\'s RAM disk to the specified value. We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB.

Set to simple to enable enhanced networking with the Intel 82599 Virtual Function interface for the instance.

There is no way to disable enhanced networking with the Intel 82599 Virtual Function interface at this time.

This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.

A description for the network interface.

Information about an authorization rule.

Information about the authorization rules.

Indicates whether to automatically accept cross-account subnet associations that are associated with the transit gateway multicast domain.

Indicates whether to automatically cross-account subnet associations that are associated with the transit gateway multicast domain.

Enable or disable automatic acceptance of attachment requests.

Indicates whether attachment requests are automatically accepted.

Enable or disable automatic acceptance of attachment requests. Disabled by default.

Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID. For more information, see Understanding auto-placement and affinity in the Amazon EC2 User Guide.

Default: on

Whether auto-placement is on or off.

Specify whether to enable or disable auto-placement.

Indicates whether Amazon CloudWatch action based recovery is supported.

Describes Availability Zones, Local Zones, and Wavelength Zones.

The ID of the Availability Zone in which to create the Capacity Reservation.

Information about the Availability Zones, Local Zones, and Wavelength Zones.

Describes a message about an Availability Zone, Local Zone, or Wavelength Zone.

Any messages about the Availability Zone, Local Zone, or Wavelength Zone.

The Availability Zone in which to create the Capacity Reservation.

The ID of the Availability Zone in which to create the volume. For example, us-east-1a.

For Availability Zones, this parameter always has the value of opt-in-not-required.

For Local Zones and Wavelength Zones, this parameter is the opt-in status. The possible values are opted-in, and not-opted-in.

The state of the Availability Zone, Local Zone, or Wavelength Zone. This value is always available.

One or more Availability Zones. For example, us-east-2a.

One or more Availability Zones. For example, us-east-2a.

The capacity information for instances that can be launched onto the Dedicated Host.

Information about the instances running on the Dedicated Host.

The number of instances that can be launched onto the Dedicated Host depending on the host\'s available capacity. For Dedicated Hosts that support multiple instance types, this parameter represents the number of instances for each instance size that is supported on the host.

Indicates whether bare metal instance types must be included, excluded, or required.

• To include bare metal instance types, specify included.

• To require only bare metal instance types, specify required.

• To exclude bare metal instance types, specify excluded.

Default: excluded

Indicates whether bare metal instance types must be included, excluded, or required.

• To include bare metal instance types, specify included.

• To require only bare metal instance types, specify required.

• To exclude bare metal instance types, specify excluded.

Default: excluded

Indicates whether the instance is a bare metal instance type.

The baseline network performance of the network card, in Gbps.

The baseline bandwidth performance for an EBS-optimized instance type, in Mbps.

The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.

The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.

Default: No minimum or maximum limits

The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.

The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.

Default: No minimum or maximum limits

The baseline input/output storage operations per seconds for an EBS-optimized instance type.

The baseline throughput performance for an EBS-optimized instance type, in MB/s.

The current state of the Spot Fleet request.

The previous state of the Spot Fleet request.

The state of the Spot Fleet request.

The BGP status.

The billing product codes. Your account must be authorized to specify billing product codes.

If your account is not authorized to specify billing product codes, you can publish AMIs that include billable software and list them on the Amazon Web Services Marketplace. You must first register as a seller on the Amazon Web Services Marketplace. For more information, see Getting started as a seller and AMI-based products in the Amazon Web Services Marketplace Seller Guide.

The public key. For API calls, the text must be base64-encoded. For command line tools, base64 encoding is performed for you.

An Amazon S3 upload policy that gives Amazon EC2 permission to upload items into Amazon S3 on your behalf.

Changes the instance\'s user data to the specified value. If you are using an Amazon Web Services SDK or command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text.

Describes a block device mapping, which defines the EBS volumes and instance store volumes to attach to an instance at launch.

Any block device mapping entries.

The block device mapping entries.

The block device mapping entries.

The block device mapping entries. You can\'t specify both a snapshot ID and an encryption value. This is because only blank volumes can be encrypted on creation. If a snapshot is the basis for a volume, it is not blank and its encryption status is used for the volume encryption status.

One or more block devices that are mapped to the Spot Instances. You can\'t specify both a snapshot ID and an encryption value. This is because only blank volumes can be encrypted on creation. If a snapshot is the basis for a volume, it is not blank and its encryption status is used for the volume encryption status.

The block device mappings. This parameter cannot be used to modify the encryption status of existing volumes or snapshots. To create an AMI with encrypted snapshots, use the CopyImage action.

The block device mapping entries.

If you specify an Amazon EBS volume using the ID of an Amazon EBS snapshot, you can\'t specify the encryption state of the volume.

If you create an AMI on an Outpost, then all backing snapshots must be on the same Outpost or in the Region of that Outpost. AMIs on an Outpost that include local snapshots can be used to launch instances on the same Outpost only. For more information, Amazon EBS local snapshots on Outposts in the Amazon EC2 User Guide.

The block device mapping, which defines the EBS volumes and instance store volumes to attach to the instance at launch. For more information, see Block device mappings in the Amazon EC2 User Guide.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A preview of the next available CIDR in a pool.

Indicates whether the rule is an outbound rule.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to allow an IP address that is already assigned to another network interface or instance to be reassigned to the specified network interface.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Reassociation is automatic, but you can specify false to ensure the operation fails if the Elastic IP address is already associated with another resource.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses, or the size of the CIDR block.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether ENA Express is enabled for the network interface that\'s attached to the instance.

Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting, you must first enable ENA Express.

The attribute value. The valid values are true or false.

Indicates whether the authorization rule grants access to all clients.

Indicates whether to grant access to all clients. Specify true to grant all clients who successfully establish a VPN connection access to the network. Must be set to true if AccessGroupId is not specified.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to terminate the associated instances when the Spot Fleet request is canceled. The default is to terminate the instances.

To let the instances continue to run after the Spot Fleet request is canceled, specify no-terminate-instances.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn\'t available with all instance types. Additional usage charges apply when using an EBS- optimized instance.

Deprecated.

Indicates whether ClassicLink DNS support is enabled for the VPC.

Indicates whether client connect options are enabled. The default is false (not enabled).

Indicates whether client connect options are enabled.

Enable or disable a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

Valid values: true | false

Default value: false

Current state of text banner feature.

Valid values: true | false

Indicates whether split-tunnel is enabled in the Client VPN endpoint.

For information about split-tunnel VPN endpoints, see Split-Tunnel Client VPN endpoint in the Client VPN Administrator Guide.

Status of VPN tunnel logging feature. Default value is False.

Valid values: True | False

Enable or disable VPN tunnel logging feature. Default value is False.

Valid values: True | False

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

The return value of the request. Returns true if the specified product code is owned by the requester and associated with the specified instance.

Indicates whether connection logging is enabled.

Indicates whether client connection logging is enabled for the Client VPN endpoint.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Amazon EBS encryption in the Amazon EC2 User Guide.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to include your user-defined AMI tags when copying the AMI.

The following tags will not be copied:

• System tags (prefixed with aws:)

• For public and shared AMIs, user-defined tags that are attached by other Amazon Web Services accounts

Default: Your user-defined AMI tags are not copied.

To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Otherwise, omit this parameter. Encrypted snapshots are encrypted, even if you omit this parameter and encryption by default is not enabled. You cannot set this parameter to false. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn\'t available with all instance types. Additional usage charges apply when using an EBS- optimized instance.

Deprecated.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether split-tunnel is enabled on the Client VPN endpoint.

By default, split-tunnel on a VPN endpoint is disabled.

For information about split-tunnel VPN endpoints, see Split-tunnel Client VPN endpoint in the Client VPN Administrator Guide.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to create an IPv6 only subnet. If you already have a default subnet for this Availability Zone, you must delete it before you can create an IPv6 only subnet.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether running instances should be terminated when the EC2 Fleet expires.

Indicates whether EC2 Fleet should replace unhealthy Spot Instances. Supported only for fleets of type maintain. For more information, see EC2 Fleet health checks in the Amazon EC2 User Guide.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether or not the instance should be automatically rebooted before creating the image. Specify one of the following values:

• true - The instance is not rebooted before creating the image. This creates crash-consistent snapshots that include only the data that has been written to the volumes at the time the snapshots are created. Buffered data and data in memory that has not yet been written to the volumes is not included in the snapshots.

• false - The instance is rebooted before creating the image. This ensures that all buffered data and data in memory is written to the volumes before the snapshots are created.

Default: false

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether your client\'s IP address is preserved as the source. The value is true or false.

• If true, your client\'s IP address is used when you connect to a resource.

• If false, the elastic network interface IP address is used when you connect to a resource.

Default: true

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool\'s allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.

A locale must be set on the pool for this feature to work.

Determines if the pool is publicly advertisable. This option is not available for pools with AddressFamily set to ipv4.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

If true, and if a Systems Manager parameter is specified for ImageId, the AMI ID is displayed in the response for imageID. For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon Elastic Compute Cloud User Guide.

Default: false

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet).

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to automatically delete the original root volume after the root volume replacement task completes. To delete the original root volume, specify true. If you choose to keep the original root volume after the replacement task completes, you must manually delete it when you no longer need it.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to create an IPv6 only subnet.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to drop traffic that matches this route.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to drop traffic that matches this route.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the volume should be encrypted. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Encryption by default in the Amazon Elastic Compute Cloud User Guide.

Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Supported instance types.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the volume to up to 16 Instances built on the Nitro System in the same Availability Zone. This parameter is supported with io1 and io2 volumes only. For more information, see Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

(Interface endpoint) Indicates whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.

To use a private hosted zone, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to set the VPC attributes.

Default: true

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether requests from service consumers to create an endpoint to your service must be accepted manually.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to terminate the associated instances when the EC2 Fleet is deleted. The default is to terminate the instances.

To let the instances continue to run after the EC2 Fleet is deleted, specify no-terminate-instances. Supported only for fleets of type maintain and request.

For instant fleets, you cannot specify NoTerminateInstances. A deleted instant fleet with running instances is not supported.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Is true if the request succeeds, and an error otherwise.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Specify true to force delete the event window. Use the force delete parameter if the event window is currently associated with targets.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Enables you to quickly delete an IPAM, private scopes, pools in private scopes, and any allocations in the pools in private scopes. You cannot delete the IPAM with this option if there is a pool in your public scope. If you use this option, IPAM does the following:

• Deallocates any CIDRs allocated to VPC resources (such as VPCs) in pools in private scopes.

  No VPC resources are deleted as a result of enabling this option. The CIDR associated with the resource will no longer be allocated from an IPAM pool, but the CIDR itself will remain unchanged.

• Deprovisions all IPv4 CIDRs provisioned to IPAM pools in private scopes.

• Deletes all IPAM pools in private scopes.

• Deletes all non-default private scopes in the IPAM.

• Deletes the default public and private scopes and the IPAM.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the rule is an egress rule.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Specify true to remove the permission even if the network interface is attached to an instance.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds, otherwise returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Information about the result of deleting the public IPv4 pool.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to deregister all tag keys in the current Region. Specify false to deregister all tag keys.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether all resource types in the Region are configured to use longer IDs. This value is only true if all users are configured to use longer IDs for all resources types in the Region.

Include all Availability Zones, Local Zones, and Wavelength Zones regardless of your opt-in status.

If you do not use this parameter, the results include only the zones for the Regions where you have chosen the option to opt in.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Specifies whether to include deprecated AMIs.

Default: No deprecated AMIs are included in the response.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

When true, includes the health status for all instances. When false, includes the health status for running instances only.

Default: false

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

If true, the public key material is included in the response.

Default: false

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

If true, and if a Systems Manager parameter is specified for ImageId, the AMI ID is displayed in the response for imageId.

If false, and if a Systems Manager parameter is specified for ImageId, the parameter is displayed in the response for imageId.

For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon Elastic Compute Cloud User Guide.

Default: false

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to display all Regions, including Regions that are disabled for your account.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Include Reserved Instance Marketplace offerings in the response.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. The default is false.

Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. The default is false.

Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3.

Indicates whether to partition the flow log per hour.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Specifies whether to force a detachment.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Forces detachment if the previous detachment attempt did not occur cleanly (for example, logging into an instance, unmounting the volume, and detaching normally). This option can lead to data loss or a corrupted file system. Use this option only as a last resort to detach a volume from a failed instance. The instance won\'t have an opportunity to flush file system caches or file system metadata. If you use this option, you must perform file system check and repair procedures.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the unsubscribe action was successful.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

The updated status of encryption by default.

Forces the image settings to turn off faster launching for your Windows AMI. This parameter overrides any errors that are encountered while cleaning up resources in your account.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

The result of disabling the IPAM account.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Indicates whether to enable private DNS only for inbound endpoints.

Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint.

Indicates whether DNS servers should be used. Specify False to delete the existing DNS servers.

Indicates whether the EBS volume is deleted on instance termination. For more information, see Preserving Amazon EBS volumes on instance termination in the Amazon EC2 User Guide.

Indicates whether the encryption state of an EBS volume is changed while being restored from a backing snapshot. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Amazon EBS encryption in the Amazon EC2 User Guide.

In no case can you remove encryption from an encrypted volume.

Encrypted volumes can only be attached to instances that support Amazon EBS encryption. For more information, see Supported instance types.

This parameter is not returned by DescribeImageAttribute.

For CreateImage and RegisterImage, whether you can include this parameter, and the allowed values differ depending on the type of block device mapping you are creating.

• If you are creating a block device mapping for a new (empty) volume, you can include this parameter, and specify either true for an encrypted volume, or false for an unencrypted volume. If you omit this parameter, it defaults to false (unencrypted).

• If you are creating a block device mapping from an existing encrypted or unencrypted snapshot, you must omit this parameter. If you include this parameter, the request will fail, regardless of the value that you specify.

• If you are creating a block device mapping from an existing unencrypted volume, you can include this parameter, but you must specify false. If you specify true, the request will fail. In this case, we recommend that you omit the parameter.

• If you are creating a block device mapping from an existing encrypted volume, you can include this parameter, and specify either true or false. However, if you specify false, the parameter is ignored and the block device mapping is always encrypted. In this case, we recommend that you omit the parameter.

Indicates whether the volume is deleted on instance termination.

Indicates whether the volume is deleted on instance termination.

Indicates whether your client\'s IP address is preserved as the source. The value is true or false.

• If true, your client\'s IP address is used when you connect to a resource.

• If false, the elastic network interface IP address is used when you connect to a resource.

Default: true

Indicates whether ENA Express is enabled for the network interface.

Indicates whether UDP traffic uses ENA Express. To specify this setting, you must first enable ENA Express.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the subscribe action was successful.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

The updated status of encryption by default.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

The result of enabling the IPAM account.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

If this parameter is set to true, the instance is enabled for Amazon Web Services Nitro Enclaves; otherwise, it is not enabled for Amazon Web Services Nitro Enclaves.

To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the Capacity Reservation reserves capacity for EBS-optimized instance types.

Indicates whether running instances should be terminated when the EC2 Fleet expires.

Indicates whether EC2 Fleet should replace unhealthy Spot Instances. Supported only for fleets of type maintain. For more information, see EC2 Fleet health checks in the Amazon EC2 User Guide.

Indicates whether the AFI is public.

Indicates whether data retention support is enabled for the AFI.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

When enabled, retrieves the latest console output for the instance.

Default: disabled (false)

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

When set to true, acts as keystroke input and wakes up an instance that\'s in standby or "sleep" mode.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether encryption by default is enabled.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

If true, the exchange is valid. If false, the exchange cannot be completed.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.

Specify true so that the response returns a list of scored Availability Zones. Otherwise, the response returns a list of scored Regions.

A list of scored Availability Zones is useful if you want to launch all of your Spot capacity into a single Availability Zone.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

The status of the Verified Access policy.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

The status of the Verified Access policy.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

If true, your instance is enabled for hibernation; otherwise, it is not enabled for hibernation.

Set to true to enable your instance for hibernation.

Default: false

Indicates whether the Dedicated Host is in a host resource group. If memberOfServiceLinkedResourceGroup is true, the host is in a host resource group; otherwise, it is not.

Indicates whether longer IDs (17-character IDs) are enabled for the resource.

Indicates whether the image has public launch permissions. The value is true if this image has public launch permissions or false if it has only implicit and explicit launch permissions.

Specifies whether enhanced networking with ENA is enabled.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Specifies whether the destination AMI of the imported image should be encrypted. The default KMS key for EBS is used unless you specify a non-default KMS key using KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.

Indicates whether the AMI is encrypted.

Indicates whether the image is encrypted.

Indicates whether monitoring is enabled.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Specifies whether the destination snapshot of the imported image should be encrypted. The default KMS key for EBS is used unless you specify a non-default KMS key using KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn\'t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Specifies whether enhanced networking with ENA is enabled.

Indicates whether source/destination checking is enabled.

Indicates whether source/destination checking is enabled.

Indicates whether the network interface is deleted when the instance is terminated.

Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The public IP address can only be assigned to a network interface for eth0, and can only be assigned to a new network interface, not an existing one. You cannot specify more than one network interface in the request. If launching into a default subnet, the default value is true.

If set to true, the interface is deleted when the instance is terminated. You can specify true only if creating a new network interface when launching an instance.

Indicates whether to assign a carrier IP address to the network interface.

You can only assign a carrier IP address to a network interface that is in a subnet in a Wavelength Zone. For more information about carrier IP addresses, see Carrier IP address in the Amazon Web Services Wavelength Developer Guide.

Indicates whether this IPv4 address is the primary private IP address of the network interface.

Indicates whether instance types must support hibernation for On-Demand Instances.

This parameter is not supported for GetSpotPlacementScores.

Default: false

Indicates whether instance types must support hibernation for On-Demand Instances.

This parameter is not supported for GetSpotPlacementScores.

Default: false

Excludes the root volume from being snapshotted.

Indicates wheter all tag keys in the current Region are registered to appear in scheduled event notifications. true indicates that all tag keys in the current Region are registered.

If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool\'s allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.

A locale must be set on the pool for this feature to work.

Determines if a pool is publicly advertisable. This option is not available for pools with AddressFamily set to ipv4.

Defines if the resource discovery is the default. The default resource discovery is the resource discovery automatically created when you create an IPAM.

Defines if the resource discovery is the default. When you create an IPAM, a default resource discovery is created for your IPAM and it\'s associated with your IPAM.

Defines if the scope is the default scope or not.

Indicates whether the instance is optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn\'t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Default: false

Indicates whether the EBS volume is encrypted.

Indicates whether the EBS volume is deleted on instance termination.

Indicates whether the EBS volume is encrypted. Encrypted volumes can only be attached to instances that support Amazon EBS encryption. If you are creating a volume from a snapshot, you can\'t specify an encryption value.

Indicates whether the EBS volume is deleted on instance termination.

If this parameter is set to true, the instance is enabled for Amazon Web Services Nitro Enclaves; otherwise, it is not enabled for Amazon Web Services Nitro Enclaves.

To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true.

If this parameter is set to true, the instance is enabled for hibernation; otherwise, it is not enabled for hibernation.

If you set this parameter to true, the instance is enabled for hibernation.

Default: false

Indicates whether to associate a Carrier IP address with eth0 for a new network interface.

Use this option when you launch an instance in a Wavelength Zone and want to associate a Carrier IP address with the network interface. For more information about Carrier IP addresses, see Carrier IP addresses in the Wavelength Developer Guide.

Indicates whether to associate a public IPv4 address with eth0 for a new network interface.

Indicates whether the network interface is deleted when the instance is terminated.

Associates a Carrier IP address with eth0 for a new network interface.

Use this option when you launch an instance in a Wavelength Zone and want to associate a Carrier IP address with the network interface. For more information about Carrier IP addresses, see Carrier IP addresses in the Wavelength Developer Guide.

Associates a public IPv4 address with eth0 for a new network interface.

Indicates whether the network interface is deleted when the instance is terminated.

Indicates whether to respond to DNS queries for instance hostnames with DNS A records.

Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.

Indicates whether to respond to DNS queries for instance hostnames with DNS A records.

Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.

Indicates whether the version is the default version.

Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.

Specify true to enable detailed monitoring. Otherwise, basic monitoring is enabled.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Is true if the request succeeds, and an error otherwise.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to remove the end date from the Capacity Reservation Fleet. If you remove the end date, the Capacity Reservation Fleet does not expire and it remains active until you explicitly cancel it using the CancelCapacityReservationFleet action.

You can\'t specify RemoveEndDate and EndDate in the same request.

Returns true if the request succeeds; otherwise, it returns an error.

Reserved. Capacity Reservations you have created are accepted by default.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Indicates whether the VPN is split-tunnel.

For information about split-tunnel VPN endpoints, see Split-tunnel Client VPN endpoint in the Client VPN Administrator Guide.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

If the request succeeds, the response returns true. If the request fails, no response is returned, and instead an error message is returned.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicate whether the resource should use longer IDs (17-character IDs).

Indicates whether the resource should use longer IDs (17-character IDs)

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Is true if the request succeeds, and an error otherwise.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

If true, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool\'s allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.

A locale must be set on the pool for this feature to work.

Clear the default netmask length allocation rule for this pool.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Determines if the resource is monitored by IPAM. If a resource is monitored, the resource is discovered by IPAM and you can view details about the resource’s CIDR.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to respond to DNS queries for instance hostnames with DNS A records.

Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

If the request succeeds, the response returns true. If the request fails, no response is returned, and instead an error message is returned.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to drop traffic that matches this route.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

The status of the Verified Access policy.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

The status of the Verified Access policy.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

The status of the Verified Access policy.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

The status of the Verified Access policy.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the volume to up to 16 Nitro-based instances in the same Availability Zone. This parameter is supported with io1 and io2 volumes only. For more information, see Amazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

(Gateway endpoint) Specify true to reset the policy document to the default policy. The default policy allows full access to the service.

(Interface endpoint) Indicates whether a private hosted zone is associated with the VPC.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

(Interface endpoint configuration) Removes the private DNS name of the endpoint service.

Indicates whether requests to create an endpoint to your service must be accepted.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Choose whether or not to trigger immediate tunnel replacement.

Valid values: True | False

Turn on or off tunnel endpoint lifecycle control feature.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Defines if the IP address is the primary address.

Indicates whether this is the default network ACL for the VPC.

Indicates whether the rule is an egress rule (applied to traffic leaving the subnet).

Indicates whether the destination is reachable from the source.

Indicates whether the network interface is being managed by Amazon Web Services.

Indicates whether source/destination checking is enabled.

Indicates whether a network interface with an IPv6 address is unreachable from the public internet. If the value is true, inbound traffic from the internet is dropped and you cannot assign an elastic IP address to the network interface. The network interface is reachable from peered VPCs and resources connected through a transit gateway, including on-premises networks.

Indicates whether this is an IPv6 only network interface.

Indicates whether the network interface is deleted when the instance is terminated.

Indicates whether the network interface is deleted when the instance is terminated.

Indicates whether this IPv4 address is the primary private IPv4 address of the network interface.

Indicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet.

Supported only for fleets of type instant.

Indicates that the fleet launches all On-Demand Instances into a single Availability Zone.

Supported only for fleets of type instant.

Indicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet.

Supported only for fleets of type instant.

Indicates that the fleet launches all On-Demand Instances into a single Availability Zone.

Supported only for fleets of type instant.

If true, the public DNS hostnames of instances in the specified VPC resolve to private IP addresses when queried from instances in the peer VPC.

Deprecated.

Deprecated.

If true, enables a local VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC.

Deprecated.

Deprecated.

The current price schedule, as determined by the term remaining for the Reserved Instance in the listing.

A specific price schedule is always in effect, but only one price schedule can be active at any time. Take, for example, a Reserved Instance listing that has five months remaining in its term. When you specify price schedules for five months and two months, this means that schedule 1, covering the first three months of the remaining term, will be active during months 5, 4, and 3. Then schedule 2, covering the last two months of the term, will be active for months 2 and 1.

Indicates whether to respond to DNS queries for instance hostnames with DNS A records.

Indicates whether to respond to DNS queries for instance hostname with DNS AAAA records.

Indicates whether to respond to DNS queries for instance hostnames with DNS A records.

Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.

Indicates whether to respond to DNS queries for instance hostnames with DNS A records.

Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.

Indicates whether the private IPv4 address is the primary private IPv4 address. Only one IPv4 address can be designated as primary.

(IPv6 only) Indicate whether the address range will be publicly advertised to the internet.

Default: true

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Reserved.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Set to true to enable enhanced networking with ENA for the AMI and any instances that you launch from the AMI.

This option is supported only for HVM AMIs. Specifying this option with a PV AMI can make instances launched from the AMI unreachable.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to register all tag keys in the current Region. Specify true to register all tag keys.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates if the release was successful.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether to replace the egress rule.

Default: If no value is specified, we replace the ingress rule.

Indicates whether the original root volume is to be deleted after the root volume replacement task completes.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Specifies whether to reset the local route to its default target (local).

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether traffic matching this route is to be dropped.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Trigger pending tunnel endpoint maintenance.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Confirmation of replace tunnel operation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn\'t available with all instance types. Additional usage charges apply when using an EBS-optimized instance.

If you set this parameter to true, you can\'t terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use ModifyInstanceAttribute. Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance by running the shutdown command from the instance.

Indicates whether to enable the instance for stop protection. For more information, see Stop protection in the Amazon Elastic Compute Cloud User Guide.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the instance is optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn\'t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Default: false

Indicates whether the Capacity Reservation Fleet supports EBS-optimized instances types. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn\'t available with all instance types. Additional usage charges apply when using EBS-optimized instance types.

Indicates whether the offering is available through the Reserved Instance Marketplace (resale) or Amazon Web Services. If it\'s a Reserved Instance Marketplace offering, this is true.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Is true if the request succeeds, and an error otherwise.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the instance is optimized for Amazon EBS I/O.

If set to true, indicates that the instance cannot be terminated using the Amazon EC2 console, command line tool, or API.

Indicates whether the instance is enabled for stop protection. For more information, see Stop protection in the Amazon Elastic Compute Cloud User Guide.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the snapshot is encrypted.

Indicates whether to permanently restore an archived snapshot. To permanently restore an archived snapshot, specify true and omit the RestoreSnapshotTierRequest$TemporaryRestoreDays parameter.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the snapshot is permanently restored. true indicates a permanent restore. false indicates a temporary restore.

Indicates whether access should be revoked for all clients.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, returns an error.

Indicates whether this is the main route table.

Indicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.

If you set this parameter to true, you can\'t terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use ModifyInstanceAttribute. Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance by running the shutdown command from the instance.

Default: false

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn\'t available with all instance types. Additional usage charges apply when using an EBS-optimized instance.

Default: false

Indicates whether an instance is enabled for stop protection. For more information, see Stop protection.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether the occurrence is relative to the end of the specified week or month.

Indicates whether the occurrence is relative to the end of the specified week or month. You can\'t specify this value with a daily schedule.

Indicates whether the volume is deleted on instance termination.

Indicates whether the volume is encrypted. You can attached encrypted volumes only to instances that support them.

Indicates whether the instances are optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn\'t available with all instance types. Additional usage charges apply when using an EBS-optimized instance.

Default: false

Indicates whether monitoring is enabled.

Indicates whether to assign a public IPv4 address to instances launched in a VPC. The public IPv4 address can only be assigned to a network interface for eth0, and can only be assigned to a new network interface, not an existing one. You cannot specify more than one network interface in the request. If launching into a default subnet, the default value is true.

Indicates whether to delete the interface when the instance is terminated.

Indicates whether this is a primary IPv4 address. Otherwise, this is a secondary IPv4 address.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether there are additional routes available.

Indicates whether the security group rule is an outbound rule.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates whether requests from other Amazon Web Services accounts to create an endpoint to the service must first be accepted.

Indicates whether the service manages its VPC endpoints. Management of the service VPC endpoints using the VPC endpoint API is restricted.

Indicates whether the service supports endpoint policies.

Indicates whether VPC endpoint connection requests to the service must be accepted by the service owner.

Indicates whether the service manages its VPC endpoints. Management of the service VPC endpoints using the VPC endpoint API is restricted.

Indicates whether the snapshot is encrypted.

Indicates whether the snapshot is encrypted.

Indicates whether the snapshot is encrypted.

Indicates whether the instances are optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn\'t available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Default: false

Enables monitoring for the instance.

Default: false

Indicates whether running Spot Instances are terminated when the Spot Fleet request expires.

Indicates whether Spot Fleet should replace unhealthy instances.

Indicates that the fleet uses a single instance type to launch all Spot Instances in the fleet.

Supported only for fleets of type instant.

Indicates that the fleet launches all Spot Instances into a single Availability Zone.

Supported only for fleets of type instant.

Indicates that the fleet uses a single instance type to launch all Spot Instances in the fleet.

Supported only for fleets of type instant.

Indicates that the fleet launches all Spot Instances into a single Availability Zone.

Supported only for fleets of type instant.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, it returns an error.

Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

Default: false

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Forces the instances to stop. The instances do not have an opportunity to flush file system caches or file system metadata. If you use this option, you must perform file system check and repair procedures. This option is not recommended for Windows instances.

Default: false

Indicates whether this is the default subnet for the Availability Zone.

Indicates whether instances launched in this subnet receive a public IPv4 address.

Indicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives a customer-owned IPv4 address.

Indicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives an IPv6 address.

Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations.

Indicates whether this is an IPv6 only subnet.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Indicates that the resource is a transit gateway multicast group member.

Indicates that the resource is a transit gateway multicast group member.

Indicates whether traffic that matches this route is dropped.

Indicates whether this is the default association route table for the transit gateway.

Indicates whether this is the default propagation route table for the transit gateway.

Status of tunnel endpoint lifecycle control feature.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, returns an error.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns true if the request succeeds; otherwise, returns an error.

Indicates whether logging is enabled.

Indicates whether logging is enabled.

Indicates whether logging is enabled.

Indicates whether logging is enabled.

Include trust data sent by trust providers into the logs.

Indicates whether logging is enabled.

Indicates whether logging is enabled.

Describes current setting for including trust data into the logs.

Indicates whether the volume is encrypted.

Indicates whether the volume was created using fast snapshot restore.

Indicates whether Amazon EBS Multi-Attach is enabled.

Indicates whether the EBS volume is deleted on instance termination.

The target setting for Amazon EBS Multi-Attach.

The original setting for Amazon EBS Multi-Attach.

Indicates whether the VPC is the default VPC.

Indicates whether the VPC is enabled for ClassicLink.

(Interface endpoint) Indicates whether the VPC is associated with a private hosted zone.

Indicates whether the endpoint is being managed by its service.

Indicates whether a local VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC.

Deprecated.

Deprecated.

Indicates whether acceleration is enabled for the VPN connection.

Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don\'t support BGP.

Indicate whether to enable acceleration for the VPN connection.

Default: false

Indicate whether the VPN connection uses static routes only. If you are creating a VPN connection for a device that does not support BGP, you must specify true. Use CreateVpnConnectionRoute to create a static route.

Default: false

Turn on or off tunnel endpoint lifecycle control feature.

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

The supported boot modes. For more information, see Boot modes in the Amazon EC2 User Guide.

The boot mode of the image. For more information, see Boot modes in the Amazon EC2 User Guide.

The boot mode of the virtual machine.

The boot mode of the virtual machine.

The boot mode that was specified by the AMI. If the value is uefi-preferred, the AMI supports both UEFI and Legacy BIOS. The currentInstanceBootMode parameter is the boot mode that is used to boot the instance at launch or start.

For more information, see Boot modes in the Amazon EC2 User Guide.

The boot mode of the AMI. A value of uefi-preferred indicates that the AMI supports both UEFI and Legacy BIOS.

For more information, see Boot modes in the Amazon EC2 User Guide.

The percentage of IP address space in use. To convert the decimal to a percentage, multiply the decimal by 100. Note the following:

• For resources that are VPCs, this is the percentage of IP address space in the VPC that\'s taken up by subnet CIDRs.

• For resources that are subnets, if the subnet has an IPv4 CIDR provisioned to it, this is the percentage of IPv4 address space in the subnet that\'s in use. If the subnet has an IPv6 CIDR provisioned to it, the percentage of IPv6 address space in use is not represented. The percentage of IPv6 address space in use cannot currently be calculated.

• For resources that are public IPv4 pools, this is the percentage of IP address space in the pool that\'s been allocated to Elastic IP addresses (EIPs).

The percentage of IP address space in use. To convert the decimal to a percentage, multiply the decimal by 100. Note the following:

• For resources that are VPCs, this is the percentage of IP address space in the VPC that\'s taken up by subnet CIDRs.

• For resources that are subnets, if the subnet has an IPv4 CIDR provisioned to it, this is the percentage of IPv4 address space in the subnet that\'s in use. If the subnet has an IPv6 CIDR provisioned to it, the percentage of IPv6 address space in use is not represented. The percentage of IPv6 address space in use cannot currently be calculated.

• For resources that are public IPv4 pools, this is the percentage of IP address space in the pool that\'s been allocated to Elastic IP addresses (EIPs).

The ID of the bundle task.

The bundle task IDs.

Default: Describes all your bundle tasks.

Contains the parameters for BundleInstance.

Contains the output of BundleInstance.

Describes a bundle task.

Information about the bundle task.

Information about the bundle task.

Describes an error for BundleInstance.

If the task fails, a description of the error.

Information about the bundle tasks.

The state of the task.

Indicates whether burstable performance T instance types are included, excluded, or required. For more information, see Burstable performance instances.

• To include burstable performance instance types, specify included.

• To require only burstable performance instance types, specify required.

• To exclude burstable performance instance types, specify excluded.

Default: excluded

Indicates whether burstable performance T instance types are included, excluded, or required. For more information, see Burstable performance instances.

• To include burstable performance instance types, specify included.

• To require only burstable performance instance types, specify required.

• To exclude burstable performance instance types, specify excluded.

Default: excluded

Indicates whether the instance type is a burstable performance T instance type. For more information, see Burstable performance instances.

Information about an address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).

Information about the address range.

Information about the address range.

The BYOIP CIDR.

Information about the address range.

Information about the address pool.

Information about your address ranges.

The state of the address pool.

The error code.

Contains the parameters for CancelBundleTask.

Contains the output of CancelBundleTask.

Describes a Capacity Reservation Fleet cancellation error.

Information about the Capacity Reservation Fleet cancellation error.

The error code.

The error message.

Contains the parameters for CancelReservedInstancesListing.

Contains the output of CancelReservedInstancesListing.

Describes a Spot Fleet error.

The error.

Describes a Spot Fleet request that was not successfully canceled.

Information about the Spot Fleet requests that are not successfully canceled.

Contains the parameters for CancelSpotFleetRequests.

Contains the output of CancelSpotFleetRequests.

Describes a Spot Fleet request that was successfully canceled.

Information about the Spot Fleet requests that are successfully canceled.

The state of the Spot Instance request.

Contains the parameters for CancelSpotInstanceRequests.

Contains the output of CancelSpotInstanceRequests.

Describes a request to cancel a Spot Instance.

The Spot Instance requests.

Information about instance capacity usage for a Capacity Reservation.

Information about instance capacity usage.

Describes a Capacity Reservation.

Information about the Capacity Reservation.

Information about a Capacity Reservation Fleet.

Describes a Capacity Reservation Fleet that was successfully cancelled.

Information about the Capacity Reservation Fleets that were successfully cancelled.

The ID of the Capacity Reservation Fleet.

The ID of the Capacity Reservation Fleet that was successfully cancelled.

The ID of the Capacity Reservation Fleet.

The ID of the Capacity Reservation Fleet that could not be cancelled.

The ID of the Capacity Reservation Fleet to modify.

The IDs of the Capacity Reservation Fleets to cancel.

The IDs of the Capacity Reservation Fleets to describe.

Information about the Capacity Reservation Fleets.

The state of the Capacity Reservation Fleet. Possible states include:

• submitted - The Capacity Reservation Fleet request has been submitted and Amazon Elastic Compute Cloud is preparing to create the Capacity Reservations.

• modifying - The Capacity Reservation Fleet is being modified. The Fleet remains in this state until the modification is complete.

• active - The Capacity Reservation Fleet has fulfilled its total target capacity and it is attempting to maintain this capacity. The Fleet remains in this state until it is modified or deleted.

• partially_fulfilled - The Capacity Reservation Fleet has partially fulfilled its total target capacity. There is insufficient Amazon EC2 to fulfill the total target capacity. The Fleet is attempting to asynchronously fulfill its total target capacity.

• expiring - The Capacity Reservation Fleet has reach its end date and it is in the process of expiring. One or more of its Capacity reservations might still be active.

• expired - The Capacity Reservation Fleet has reach its end date. The Fleet and its Capacity Reservations are expired. The Fleet can\'t create new Capacity Reservations.

• cancelling - The Capacity Reservation Fleet is in the process of being cancelled. One or more of its Capacity reservations might still be active.

• cancelled - The Capacity Reservation Fleet has been manually cancelled. The Fleet and its Capacity Reservations are cancelled and the Fleet can\'t create new Capacity Reservations.

• failed - The Capacity Reservation Fleet failed to reserve capacity for the specified instance types.

The current state of the Capacity Reservation Fleet.

The previous state of the Capacity Reservation Fleet.

The status of the Capacity Reservation Fleet.

Describes a resource group to which a Capacity Reservation has been added.

Information about the resource groups to which the Capacity Reservation has been added.

The ID of the Capacity Reservation to be cancelled.

The ID of the Capacity Reservation in which to run the instance.

The ID of the Capacity Reservation.

The ID of the Capacity Reservation.

The ID of the Capacity Reservation. If you specify a Capacity Reservation that is shared with you, the operation returns only Capacity Reservation groups that you own.

The ID of the Capacity Reservation.

The ID of the Capacity Reservation.

The type of operating system for which the Capacity Reservation reserves capacity.

The type of operating system for which to reserve capacity.

The type of operating system for which the Capacity Reservation reserves capacity.

The type of operating system for which the Capacity Reservation Fleet reserves capacity.

Describes the strategy for using unused Capacity Reservations for fulfilling On-Demand capacity.

For more information about Capacity Reservations, see On-Demand Capacity Reservations in the Amazon EC2 User Guide. For examples of using Capacity Reservations in an EC2 Fleet, see EC2 Fleet example configurations in the Amazon EC2 User Guide.

The strategy for using unused Capacity Reservations for fulfilling On-Demand capacity.

Supported only for fleets of type instant.

Describes the strategy for using unused Capacity Reservations for fulfilling On-Demand capacity.

For more information about Capacity Reservations, see On-Demand Capacity Reservations in the Amazon EC2 User Guide. For examples of using Capacity Reservations in an EC2 Fleet, see EC2 Fleet example configurations in the Amazon EC2 User Guide.

The strategy for using unused Capacity Reservations for fulfilling On-Demand capacity.

Supported only for fleets of type instant.

Indicates the instance\'s Capacity Reservation preferences. Possible preferences include:

• open - The instance can run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).

• none - The instance avoids running in a Capacity Reservation even if one is available. The instance runs as an On-Demand Instance.

Describes the instance\'s Capacity Reservation preferences. Possible preferences include:

• open - The instance can run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).

• none - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.

Indicates the instance\'s Capacity Reservation preferences. Possible preferences include:

• open - The instance can run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).

• none - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.

Indicates the instance\'s Capacity Reservation preferences. Possible preferences include:

• open - The instance can run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).

• none - The instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.

Information about the Capacity Reservations.

Describes an instance\'s Capacity Reservation targeting option. You can specify only one parameter at a time. If you specify CapacityReservationPreference and CapacityReservationTarget, the request fails.

Use the CapacityReservationPreference parameter to configure the instance to run as an On-Demand Instance or to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). Use the CapacityReservationTarget parameter to explicitly target a specific Capacity Reservation or a Capacity Reservation group.

Information about the Capacity Reservation targeting option.

Information about the Capacity Reservation targeting option. If you do not specify this parameter, the instance\'s Capacity Reservation preference defaults to open, which enables it to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).

Describes the instance\'s Capacity Reservation targeting preferences. The action returns the capacityReservationPreference response element if the instance is configured to run in On-Demand capacity, or if it is configured in run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). The action returns the capacityReservationTarget response element if the instance explicily targets a specific Capacity Reservation or Capacity Reservation group.

Information about the Capacity Reservation targeting option.

The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

• active - The Capacity Reservation is active and the capacity is available for your use.

• expired - The Capacity Reservation expired automatically at the date and time specified in your request. The reserved capacity is no longer available for your use.

• cancelled - The Capacity Reservation was cancelled. The reserved capacity is no longer available for your use.

• pending - The Capacity Reservation request was successful but the capacity provisioning is still pending.

• failed - The Capacity Reservation request has failed. A request might fail due to invalid request parameters, capacity constraints, or instance limit constraints. Failed requests are retained for 60 minutes.

The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

• active - The Capacity Reservation is active and the capacity is available for your use.

• expired - The Capacity Reservation expired automatically at the date and time specified in your request. The reserved capacity is no longer available for your use.

• cancelled - The Capacity Reservation was cancelled. The reserved capacity is no longer available for your use.

• pending - The Capacity Reservation request was successful but the capacity provisioning is still pending.

• failed - The Capacity Reservation request has failed. A request might fail due to invalid request parameters, capacity constraints, or instance limit constraints. Failed requests are retained for 60 minutes.

Describes a target Capacity Reservation or Capacity Reservation group.

Information about the target Capacity Reservation or Capacity Reservation group.

Information about the target Capacity Reservation or Capacity Reservation group.

Describes a target Capacity Reservation or Capacity Reservation group.

Information about the targeted Capacity Reservation or Capacity Reservation group.

Information about the target Capacity Reservation or Capacity Reservation group.

Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:

• default - The Capacity Reservation is created on hardware that is shared with other Amazon Web Services accounts.

• dedicated - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single Amazon Web Services account.

Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:

• default - The Capacity Reservation is created on hardware that is shared with other Amazon Web Services accounts.

• dedicated - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single Amazon Web Services account.

Describes a carrier gateway.

Information about the carrier gateway.

Information about the carrier gateway.

The ID of the carrier gateway.

The ID of the carrier gateway.

You can only use this option when the VPC contains a subnet which is associated with a Wavelength Zone.

The ID of the carrier gateway.

[IPv4 traffic only] The ID of a carrier gateway.

The ID of the carrier gateway.

One or more carrier gateway IDs.

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

Information about the carrier gateway.

The state of the carrier gateway.

The ARN of the public TLS/SSL certificate in Amazon Web Services Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application.

Information about the client certificate used for authentication.

Information about the authentication certificates, if applicable.

Information about the client certificate to be used for authentication.

Information about the authentication certificates to be used, if applicable. You must provide this information if Type is certificate-authentication.

The ARN of the ACM certificate with which to associate the IAM role.

The ARN of the ACM certificate from which to disassociate the IAM role.

The ARN of the ACM certificate for which to view the associated IAM roles, encryption keys, and Amazon S3 object information.

Provides authorization for Amazon to bring a specific IP address range to a specific Amazon Web Services account using bring your own IP addresses (BYOIP). For more information, see Configuring your BYOIP address range in the Amazon Elastic Compute Cloud User Guide.

A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP.

Describes an IPv4 CIDR block.

Information about the IPv4 CIDR blocks for the VPC.

Describes the ClassicLink DNS support status of a VPC.

Information about the ClassicLink DNS support status of the VPCs.

Describes a linked EC2-Classic instance.

Information about one or more linked EC2-Classic instances.

Describes a Classic Load Balancer.

One or more Classic Load Balancers.

Describes the Classic Load Balancers to attach to a Spot Fleet. Spot Fleet registers the running Spot Instances with these Classic Load Balancers.

The Classic Load Balancers.

Describes the state of a client certificate revocation list.

The current state of the client certificate revocation list.

The state of the client certificate revocation list.

The options for managing connection authorization for new client connections.

The options for managing connection authorization for new client connections.

The options for managing connection authorization for new client connections.

The options for managing connection authorization for new client connections.

The options for managing connection authorization for new client connections.

Describes the client-specific data.

The client-specific data.

The client-specific data.

Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

Current state of options for customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

The client secret.

The client secret.

The client secret.

The ID of the target network association.

Describes the authentication methods used by a Client VPN endpoint. For more information, see Authentication in the Client VPN Administrator Guide.

Information about the authentication method used by the Client VPN endpoint.

Describes the authentication method to be used by a Client VPN endpoint. For more information, see Authentication in the Client VPN Administrator Guide.

Information about the authentication method to be used to authenticate clients.

The authentication type used.

The type of client authentication to be used.

Describes the state of an authorization rule.

The current state of the authorization rule.

The current state of the authorization rule.

The current state of the authorization rule.

The state of the authorization rule.

Describes a client connection.

Information about the active and terminated client connections.

Describes the status of a client connection.

The current state of the client connection.

The state of the client connection.

A message about the status of the client connection, if applicable.

The state of the client connection.

Describes a Client VPN endpoint.

Describes the status of the Client VPN endpoint attribute.

The status of any updates to the client connect options.

The status code.

The ID of the Client VPN endpoint.

The ID of the Client VPN endpoint.

The ID of the Client VPN endpoint.

The ID of the Client VPN endpoint to which to add the route.

The ID of the Client VPN to be deleted.

The ID of the Client VPN endpoint from which the route is to be deleted.

The ID of the Client VPN endpoint.

The ID of the Client VPN endpoint.

The ID of the Client VPN endpoint.

The ID of the Client VPN endpoint.

The ID of the Client VPN endpoint from which to disassociate the target network.

The ID of the Client VPN endpoint.

The ID of the Client VPN endpoint.

The ID of the Client VPN endpoint to which the client certificate revocation list applies.

The ID of the Client VPN endpoint to modify.

The ID of the Client VPN endpoint with which the authorization rule is associated.

The ID of the Client VPN endpoint to which the client is connected.

The ID of the Client VPN endpoint.

Describes the state of a Client VPN endpoint.

The current state of the Client VPN endpoint.

The current state of the Client VPN endpoint.

The current state of the Client VPN endpoint.

The state of the Client VPN endpoint. Possible states include:

• pending-associate - The Client VPN endpoint has been created but no target networks have been associated. The Client VPN endpoint cannot accept connections.

• available - The Client VPN endpoint has been created and a target network has been associated. The Client VPN endpoint can accept connections.

• deleting - The Client VPN endpoint is being deleted. The Client VPN endpoint cannot accept connections.

• deleted - The Client VPN endpoint has been deleted. The Client VPN endpoint cannot accept connections.

Information about a Client VPN endpoint route.

Information about the Client VPN endpoint routes.

Describes the state of a Client VPN endpoint route.

The current state of the route.

The current state of the route.

The current state of the route.

The state of the Client VPN endpoint route.

The IDs of the security groups to apply to the associated target network. Up to 5 security groups can be applied to an associated target network.

The IDs of the applied security groups.

The IDs of the security groups for the target network.

The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

The IDs of one or more security groups to apply to the target network.

The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.

Options for sending VPN tunnel logs to CloudWatch.

Options for sending VPN tunnel logs to CloudWatch.

Options for sending VPN tunnel logs to CloudWatch.

Options for sending VPN tunnel logs to CloudWatch.

Describes address usage for a customer-owned address pool.

Information about the address usage.

Information about a customer-owned IP address range.

Information about a range of customer-owned IP addresses.

Information about a range of customer-owned IP addresses.

Describes a customer-owned address pool.

Information about the CoIP address pool.

Information about the CoIP address pool.

The ID of the customer-owned address pool.

The customer-owned IPv4 address pool associated with the subnet.

You must set this value when you specify true for MapCustomerOwnedIpOnLaunch.

The customer-owned IPv4 address pool associated with the subnet.

The IDs of the address pools.

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

Information about the address pools.

The Amazon Web Services account for the component.

The Region for the component.

Describes the client connection logging options for the Client VPN endpoint.

Information about the client connection logging options.

If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:

• Client connection requests

• Client connection results (successful and unsuccessful)

• Reasons for unsuccessful client connection requests

• Client connection termination time

Information about the client connection logging options.

If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:

• Client connection requests

• Client connection results (successful and unsuccessful)

• Reasons for unsuccessful client connection requests

• Client connection termination time

Information about the client connection logging options for a Client VPN endpoint.

Information about the client connection logging options for the Client VPN endpoint.

Describes a connection notification for a VPC endpoint or VPC endpoint service.

Information about the notification.

The ID of the notification.

The ID of the notification.

The IDs of the notifications.

The notifications.

The state of the notification.

The type of notification.

Indicates whether the NAT gateway supports public or private connectivity. The default is public connectivity.

Indicates whether the NAT gateway supports public or private connectivity.

The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is exported.

The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is exported.

The conversion task IDs.

Describes a conversion task.

Information about the conversion task.

Information about the conversion task.

The ID of the conversion task.

The state of the conversion task.

Contains the parameters for CopyImage.

Contains the output of CopyImage.

When you copy an encrypted source snapshot using the Amazon EC2 Query API, you must supply a pre-signed URL. This parameter is optional for unencrypted snapshots. For more information, see Query requests.

The PresignedUrl should use the snapshot source endpoint, the CopySnapshot action, and include the SourceRegion, SourceSnapshotId, and DestinationRegion parameters. The PresignedUrl must be signed using Amazon Web Services Signature Version 4. Because EBS snapshots are stored in Amazon S3, the signing algorithm for this parameter uses the same logic that is described in Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) in the Amazon Simple Storage Service API Reference. An invalid or improperly signed PresignedUrl will cause the copy operation to fail asynchronously, and the snapshot will move to an error state.

Copies the tags from the specified volume to corresponding snapshot.

The default number of cores for the instance type.

The valid number of cores that can be configured for the instance type.

The Amazon Resource Name (ARN) of the core network.

The Amazon Resource Name (ARN) of the core network.

The Amazon Resource Name (ARN) of the core network.

The CPU manufacturers to include.

• For instance types with Intel CPUs, specify intel.

• For instance types with AMD CPUs, specify amd.

• For instance types with Amazon Web Services CPUs, specify amazon-web-services.

Default: Any manufacturer

The CPU manufacturers to include.

• For instance types with Intel CPUs, specify intel.

• For instance types with AMD CPUs, specify amd.

• For instance types with Amazon Web Services CPUs, specify amazon-web-services.

Default: Any manufacturer

The CPU options for the instance.

The CPU options for the instance.

The CPU options for the instance. Both the core count and threads per core must be specified in the request.

The CPU options for the instance. For more information, see Optimize CPU options in the Amazon EC2 User Guide.

Contains the parameters for CreateCustomerGateway.

Contains the output of CreateCustomerGateway.

Describes the instances that could not be launched by the fleet.

Information about the instances that could not be launched by the fleet. Supported only for fleets of type instant.

Describes the instances that were launched by the fleet.

Information about the instances that were launched by the fleet. Supported only for fleets of type instant.

Contains the parameters for CreateNetworkInterfacePermission.

Contains the output of CreateNetworkInterfacePermission.

Contains the parameters for CreateReservedInstancesListing.

Contains the output of CreateReservedInstancesListing.

Contains the parameters for CreateSpotDatafeedSubscription.

Contains the output of CreateSpotDatafeedSubscription.

The options for a Connect attachment.

The Connect attachment options.

The options for the transit gateway multicast domain.

The options for the transit gateway multicast domain.

Describes whether dynamic routing is enabled or disabled for the transit gateway peering request.

Requests a transit gateway peering attachment.

Describes the options for a VPC attachment.

The VPC attachment options.

Describes the network interface options when creating an Amazon Web Services Verified Access endpoint using the network-interface type.

The network interface details. This parameter is required if the endpoint type is network-interface.

Describes the load balancer options when creating an Amazon Web Services Verified Access endpoint using the load-balancer type.

The load balancer details. This parameter is required if the endpoint type is load-balancer.

The IDs of the subnets.

Describes the options when creating an Amazon Web Services Verified Access trust provider using the device type.

The options for a device-based trust provider. This parameter is required when the provider type is device.

Describes the options when creating an Amazon Web Services Verified Access trust provider using the user type.

The options for a OpenID Connect-compatible user-identity trust provider. This parameter is required when the provider type is user.

Describes the user or group to be added or removed from the list of create volume permissions for a volume.

Adds the specified Amazon Web Services account ID or group to the list.

Removes the specified Amazon Web Services account ID or group from the list.

The users and groups that have the permissions for creating volumes from the snapshot.

Describes modifications to the list of create volume permissions for a volume.

A JSON representation of the snapshot attribute modification.

Contains the parameters for CreateVpnConnection.

Contains the output of CreateVpnConnection.

Contains the parameters for CreateVpnConnectionRoute.

Contains the parameters for CreateVpnGateway.

Contains the output of CreateVpnGateway.

Describes the credit option for CPU usage of a T instance.

The credit option for CPU usage of the instance.

The credit option for CPU usage of a T instance.

The credit option for CPU usage of the instance. Valid only for T instances.

The credit option for CPU usage of the burstable performance instance. Valid values are standard and unlimited. To change this attribute after launch, use ModifyInstanceCreditSpecification. For more information, see Burstable performance instances in the Amazon EC2 User Guide.

Default: standard (T2 instances) or unlimited (T3/T3a/T4g instances)

For T3 instances with host tenancy, only standard is supported.

The currency in which the totalUpfrontPrice and totalHourlyPrice amounts are specified. At this time, the only supported currency is USD.

The currency of the offering.

The currency in which the upfrontPrice and hourlyPrice amounts are specified. At this time, the only supported currency is USD.

The currency for transacting the Reserved Instance resale. At this time, the only supported currency is USD.

The currency for transacting the Reserved Instance resale. At this time, the only supported currency is USD.

The currency in which the UpfrontPrice and HourlyPrice amounts are specified. At this time, the only supported currency is USD.

The currency in which the totalUpfrontPrice, LimitPrice, and totalHourlyPrice amounts are specified. At this time, the only supported currency is USD.

The currency in which the totalUpfrontPrice and totalHourlyPrice amounts are specified. At this time, the only supported currency is USD.

The currency in which the limitPrice amount is specified. At this time, the only supported currency is USD.

The currency of the Reserved Instance. It\'s specified using ISO 4217 standard currency codes. At this time, the only supported currency is USD.

The currency of the Reserved Instance offering you are purchasing. It\'s specified using ISO 4217 standard currency codes. At this time, the only supported currency is USD.

Indicates whether the instance type is current generation.

Describes a customer gateway.

Information about the customer gateway.

The ID of the customer gateway.

The ID of the customer gateway.

The ID of the customer gateway.

The ID of the customer gateway at your end of the VPN connection.

One or more customer gateway IDs.

Default: Describes all your customer gateways.

Information about one or more customer gateways.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

A list of network performance data queries.

A query used for retrieving network health data.

The response to a DataQuery.

The list of data responses.

The state of the Spot Instance data feed subscription.

The time this task started.

The time of the most recent update for the task.

The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation\'s state changes to expired when it reaches its end date and time.

The date and time at which the Capacity Reservation was created.

The time that the disk upload ends.

The time that the disk upload starts.

The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation\'s state changes to expired when it reaches its end date and time.

You must provide an EndDate value if EndDateType is limited. Omit EndDate if EndDateType is unlimited.

If the EndDateType is limited, the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.

The start date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.

The end date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new EC2 Fleet requests are placed or able to fulfill the request. If no value is specified, the request remains until you cancel it.

The start date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

The last date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). All records up to this time were retrieved.

If nextToken indicates that there are more items, this value is not present.

The start date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

The starting date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

The last date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). All records up to this time were retrieved.

If nextToken indicates that there are more items, this value is not present.

The starting date and time for the events, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

The date and time, up to the current date, from which to stop retrieving the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

The date and time, up to the past 90 days, from which to start retrieving the price history data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

The time stamp when the attachment initiated.

The time at which the elastic inference accelerator is associated with an instance.

The creation date and time of the EC2 Fleet.

The start date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.

The end date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new instance requests are placed or able to fulfill the request. The default end date is 7 days from the current date.

The date and time the AFI was created.

The time of the most recent update to the AFI.

The time at which the output was last updated.

The time the data was last updated.

The new end date of the reservation term.

The date and time of the event, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

The date and time of the event, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

The time that the Dedicated Host was allocated.

The time that the Dedicated Host was released.

The date and time that the reservation ends.

The date and time that the reservation started.

The time the IAM instance profile was associated with the instance.

The date in UTC at which you are permanently switched over to using longer IDs. If a deadline is not yet available for this resource type, this field is not returned.

The time the instance was launched.

The time stamp when the attachment initiated.

The time when a status check failed. For an instance that was launched and impaired, this is the time when the instance was launched.

The latest scheduled end time for the event.

The earliest scheduled start time for the event.

The deadline for starting the event.

The time launch template was created.

The end date of the request. For a one-time request, the request remains active until all instances launch, the request is canceled, or this date is reached. If the request is persistent, it remains active until it is canceled or this date and time is reached.

The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). Supported only for persistent requests.

• For a persistent request, the request remains active until the ValidUntil date and time is reached. Otherwise, the request remains active until you cancel it.

• For a one-time request, ValidUntil is not supported. The request remains active until all instances launch or you cancel the request.

Default: 7 days from the current date

The time the version was created.

The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation\'s state changes to expired when it reaches its end date and time.

The Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.

You must provide an EndDate value if EndDateType is limited. Omit EndDate if EndDateType is unlimited.

The new date and time when the event will take place.

The date and time the NAT gateway was created.

The date and time the NAT gateway was deleted, if applicable.

The timestamp indicating when the attachment initiated.

Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.

Reserved. If you need to sustain traffic greater than the documented limits, contact us through the Support Center.

The time at which to purchase the Reserved Instance, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

The time at which the reported instance health state ended.

The time at which the reported instance health state began.

The start date of the request. If this is a one-time request, the request becomes active at this date and time and remains active until all instances launch, the request expires, or the request is canceled. If the request is persistent, the request becomes active at this date and time and remains active until it expires or is canceled.

The specified start date and time cannot be equal to the current date and time. You must specify a start date and time that occurs after the current date and time.

The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ).

• For a persistent request, the request remains active until the ValidUntil date and time is reached. Otherwise, the request remains active until you cancel it.

• For a one-time request, the request remains active until all instances launch, the request is canceled, or the ValidUntil date and time is reached. By default, the request is valid for 7 days from the date the request was created.

The time when the Reserved Instance expires.

The date and time the Reserved Instance started.

The time the listing was created.

The last modified timestamp of the listing.

The time when the modification request was created.

The time for the modification to become effective.

The time when the modification request was last updated.

The date when the Scheduled Instance was purchased.

The time for the next schedule to start.

The time that the previous schedule ended or will end.

The end date for the Scheduled Instance.

The start date for the Scheduled Instance.

The time period for the first schedule to start.

The earliest date and time, in UTC, for the Scheduled Instance to start.

The latest date and time, in UTC, for the Scheduled Instance to start. This value must be later than or equal to the earliest date and at most three months in the future.

The earliest date and time, in UTC, for the Scheduled Instance to start.

The latest date and time, in UTC, for the Scheduled Instance to start.

The time stamp when the snapshot was initiated.

The start date and time of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). By default, Amazon EC2 starts fulfilling the request immediately.

The end date and time of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). After the end date and time, no new Spot Instance requests are placed or able to fulfill the request. If no value is specified, the Spot Fleet request remains until you cancel it.

The date and time when the Spot Instance request was created, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

The start date of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). The request becomes active at this date and time.

The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ).

• For a persistent request, the request remains active until the validUntil date and time is reached. Otherwise, the request remains active until you cancel it.

• For a one-time request, the request remains active until all instances launch, the request is canceled, or the validUntil date and time is reached. By default, the request is valid for 7 days from the date the request was created.

The date and time of the most recent status update, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). Supported only for persistent requests.

• For a persistent request, the request remains active until the ValidUntil date and time is reached. Otherwise, the request remains active until you cancel it.

• For a one-time request, ValidUntil is not supported. The request remains active until all instances launch or you cancel the request.

The date and time the request was created, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

The creation time.

The creation time.

The creation time.

The creation time.

The time the transit gateway multicast domain was created.

The time the transit gateway peering attachment was created.

The timestamp when the transit gateway policy table was created.

The creation time.

The timestamp when the transit gateway route table announcement was created.

The creation time.

The date and time of the last change in status.

The time stamp when volume creation was initiated.

The time stamp when the attachment initiated.

The modification start time.

The modification completion or failure time.

The time that an unaccepted VPC peering connection will expire.

Indicates whether Dedicated Hosts are supported on the instance type.

The ID of the Dedicated Host for the instance.

The ID of the Dedicated Host with which to associate the instance.

The IDs of the Dedicated Hosts to associate with the event window.

The IDs of the Dedicated Hosts associated with the event window.

The IDs of the Dedicated Hosts to disassociate from the event window.

The index of the default network card, starting at 0.

Enable or disable automatic association with the default association route table.

Indicates whether resource attachments are automatically associated with the default association route table.

Enable or disable automatic association with the default association route table. Enabled by default.

Enable or disable automatic propagation of routes to the default propagation route table.

Indicates whether resource attachments automatically propagate routes to the default propagation route table.

Enable or disable automatic propagation of routes to the default propagation route table. Enabled by default.

The default TotalTargetCapacity, which is either Spot or On-Demand.

The default TotalTargetCapacity, which is either Spot or On-Demand.

The ID of the DHCP options set, or default to associate no DHCP options with the VPC.

Contains the parameters for DeleteCustomerGateway.

Describes an EC2 Fleet error.

The error.

The error code.

Describes an EC2 Fleet that was not successfully deleted.

Information about the EC2 Fleets that are not successfully deleted.

Describes an EC2 Fleet that was successfully deleted.

Information about the EC2 Fleets that are successfully deleted.

Describes a launch template version that could not be deleted.

Information about the launch template versions that could not be deleted.

Describes a launch template version that was successfully deleted.

Information about the launch template versions that were successfully deleted.

Contains the parameters for DeleteNetworkInterfacePermission.

Contains the output for DeleteNetworkInterfacePermission.

Contains the parameters for DeleteNetworkInterface.

Describes the error for a Reserved Instance whose queued purchase could not be deleted.

The error.

The error code.

The IDs of the Reserved Instances.

Contains the parameters for DeleteSpotDatafeedSubscription.

Contains the parameters for DeleteVpnConnection.

Contains the parameters for DeleteVpnConnectionRoute.

Contains the parameters for DeleteVpnGateway.

The deprovisioned CIDRs.

Contains the parameters for DeregisterImage.

Information about the tag keys to deregister for the current Region. You can either specify individual tag keys or deregister all tag keys in the current Region. You must specify either IncludeAllTagsOfInstance or InstanceTagKeys in the request

Information about the tag keys to deregister.

The maximum number of address transfers to return in one page of results.

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

Constraint: If the value is greater than 1000, we return only 1000 items.

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the nextToken value.

Information about the conversion tasks.

Contains the parameters for DescribeCustomerGateways.

Contains the output of DescribeCustomerGateways.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 5 and 1000.

The maximum number of results to return in a single call.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

Describe details about a fast-launch enabled Windows image that meets the requested criteria. Criteria are defined by the DescribeFastLaunchImages action filters.

A collection of details about the fast-launch enabled Windows images that meet the requested criteria.

Describes fast snapshot restores for a snapshot.

Information about the state of fast snapshot restores.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

Describes the instances that could not be launched by the fleet.

Information about the instances that could not be launched by the fleet. Valid only when Type is set to instant.

Describes the instances that were launched by the fleet.

Information about the instances that were launched by the fleet. Valid only when Type is set to instant.

The maximum number of results to return in a single call.

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

Contains the parameters for DescribeImageAttribute.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

You cannot specify this parameter and the instance IDs parameter in the same call.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value. This value can be between 1 and 200.

The maximum number of results to return for the request in a single page. The remaining results of the initial request can be seen by sending another request with the returned NextToken value. This value can be between 5 and 1000; if MaxResults is given a value outside of this range, an error is returned.

Default: If no value is provided, the default is 1000.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

Contains the parameters for DescribeNetworkInterfaceAttribute.

Contains the output of DescribeNetworkInterfaceAttribute.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. If this parameter is not specified, up to 50 results are returned by default. For more information, see Pagination.

Contains the parameters for DescribeNetworkInterfacePermissions.

Contains the output for DescribeNetworkInterfacePermissions.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. You cannot specify this parameter and the network interface IDs parameter in the same request. For more information, see Pagination.

Contains the parameters for DescribeNetworkInterfaces.

The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

Contains the parameters for DescribeReservedInstancesListings.

Contains the output of DescribeReservedInstancesListings.

Contains the parameters for DescribeReservedInstancesModifications.

Contains the output of DescribeReservedInstancesModifications.

Contains the parameters for DescribeReservedInstancesOfferings.

Contains the output of DescribeReservedInstancesOfferings.

Contains the parameters for DescribeReservedInstances.

Contains the output for DescribeReservedInstances.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

Contains the output of DescribeRouteTables.

The maximum number of results to return in a single call. This value can be between 5 and 300. The default value is 300. To retrieve the remaining results, make another call with the returned NextToken value.

Contains the parameters for DescribeScheduledInstanceAvailability.

Contains the output of DescribeScheduledInstanceAvailability.

Contains the parameters for DescribeScheduledInstances.

Contains the output of DescribeScheduledInstances.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. This value can be between 5 and 1000. If this parameter is not specified, then all items are returned. For more information, see Pagination.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. This value can be between 5 and 1000. If this parameter is not specified, then all items are returned. For more information, see Pagination.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

Contains the parameters for DescribeSpotDatafeedSubscription.

Contains the output of DescribeSpotDatafeedSubscription.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

Contains the parameters for DescribeSpotFleetInstances.

Contains the output of DescribeSpotFleetInstances.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

Contains the parameters for DescribeSpotFleetRequestHistory.

Contains the output of DescribeSpotFleetRequestHistory.

Contains the parameters for DescribeSpotFleetRequests.

Contains the output of DescribeSpotFleetRequests.

Contains the parameters for DescribeSpotInstanceRequests.

Contains the output of DescribeSpotInstanceRequests.

Contains the parameters for DescribeSpotPriceHistory.

Contains the output of DescribeSpotPriceHistory.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

You cannot specify this parameter and the ImageIDs parameter in the same call.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

The token to include in another request to get the next page of items. This value is null when there are no more items to return.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

Contains the parameters for DescribeVpnConnections.

Contains the output of DescribeVpnConnections.

Contains the parameters for DescribeVpnGateways.

Contains the output of DescribeVpnGateways.

The format for the flow log. The default is plain-text.

The format for the flow log.

Describes the destination options for a flow log.

The destination options.

Describes the destination options for a flow log.

The destination options.

Contains the parameters for DetachNetworkInterface.

Contains the parameters for DetachVpnGateway.

Describes the options for an Amazon Web Services Verified Access device-identity based trust provider.

The options for device-identity trust provider.

The type of device-based trust provider. This parameter is required when the provider type is device.

The type of device-based trust provider.

The type of device-based trust provider.

The type of root device used by the AMI. The AMI can use an Amazon EBS volume or an instance store volume.

The root device type used by the AMI. The AMI can use an EBS volume or an instance store volume.

Describes a DHCP configuration option.

The DHCP options in the set.

The values for the DHCP option.

The set of DHCP options.

A set of DHCP options.

The ID of the DHCP options set.

The IDs of one or more DHCP options sets.

Default: Describes all your DHCP options sets.

Information about one or more DHCP options sets.

Describes an Active Directory.

Information about the Active Directory, if applicable.

Describes the Active Directory to be used for client authentication.

Information about the Active Directory to be used, if applicable. You must provide this information if Type is directory-service-authentication.

Contains information about the errors that occurred when disabling fast snapshot restores.

Information about the snapshots for which fast snapshot restores could not be disabled.

Describes an error that occurred when disabling fast snapshot restores.

The error.

Contains information about an error that occurred when disabling fast snapshot restores.

The errors.

Describes fast snapshot restores that were successfully disabled.

Information about the snapshots for which fast snapshot restores were successfully disabled.

Contains the parameters for DisableVgwRoutePropagation.

The number of disks with this configuration.

Describes a disk image.

Describes a disk image.

The image.

The image.

Describes a disk image.

Information about the disk image.

The disk image.

The disk image format.

The disk image format.

The disk image format.

The disk image format for the exported image.

The format for the exported image.

The format for the exported image.

The disk image.

Describes a disk image volume.

The volume.

The volume.

Describes a disk.

Describes the disks that are available for the instance type.

The size of the disk in GB.

The total size of the disks, in GB.

The type of disk.

Describes a DNS entry.

(Interface endpoint) The DNS entries for the endpoint.

The DNS entries for the VPC endpoint.

The verification state of the VPC endpoint service.

>Consumers of the endpoint service can use the private name only when the state is verified.

The verification state of the VPC endpoint service.

Consumers of the endpoint service cannot use the private name when the state is not verified.

Describes the DNS options for an endpoint.

The DNS options for the endpoint.

Describes the DNS options for an endpoint.

The DNS options for the endpoint.

The DNS options for the endpoint.

The DNS records created for the endpoint.

The DNS records created for the endpoint.

Information about the DNS server to be used.

Information about the DNS servers to be used by Client VPN connections. A Client VPN endpoint can have up to two DNS servers.

Enable or disable DNS support. The default is enable.

Enable or disable DNS support.

Enable or disable DNS support. The default is enable.

Indicates whether DNS support is enabled.

Enable or disable DNS support. Enabled by default.

Indicates whether DNS support is enabled.

The network (vpc).

The network (vpc).

The network (vpc).

The capacity units that have been fulfilled.

The size of the uploaded disk image, in GiB.

The requested capacity units that have been successfully reserved.

The number of capacity units fulfilled by the Capacity Reservation. For more information, see Total target capacity in the Amazon EC2 User Guide.

The number of units fulfilled by this request compared to the set target capacity.

The number of units fulfilled by this request compared to the set target On-Demand capacity.

The number of units provided by the specified instance type.

The priority for the launch template override. The highest priority is launched first.

If the On-Demand AllocationStrategy is set to prioritized, EC2 Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity.

If the Spot AllocationStrategy is set to capacity-optimized-prioritized, EC2 Fleet uses priority on a best-effort basis to determine which launch template override to use in fulfilling Spot capacity, but optimizes for capacity first.

Valid values are whole numbers starting at 0. The lower the number, the higher the priority. If no number is set, the override has the lowest priority. You can set the same priority for different launch template overrides.

The number of units provided by the specified instance type.

The priority for the launch template override. The highest priority is launched first.

If the On-Demand AllocationStrategy is set to prioritized, EC2 Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity.

If the Spot AllocationStrategy is set to capacity-optimized-prioritized, EC2 Fleet uses priority on a best-effort basis to determine which launch template override to use in fulfilling Spot capacity, but optimizes for capacity first.

Valid values are whole numbers starting at 0. The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority. You can set the same priority for different launch template overrides.

The number of units provided by the specified instance type.

The priority for the launch template override. The highest priority is launched first.

If OnDemandAllocationStrategy is set to prioritized, Spot Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity.

If the Spot AllocationStrategy is set to capacityOptimizedPrioritized, Spot Fleet uses priority on a best-effort basis to determine which launch template override to use in fulfilling Spot capacity, but optimizes for capacity first.

Valid values are whole numbers starting at 0. The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority. You can set the same priority for different launch template overrides.

The minimum amount of memory per vCPU, in GiB. If this parameter is not specified, there is no minimum limit.

The maximum amount of memory per vCPU, in GiB. If this parameter is not specified, there is no maximum limit.

The minimum amount of memory per vCPU, in GiB. To specify no minimum limit, omit this parameter.

The maximum amount of memory per vCPU, in GiB. To specify no maximum limit, omit this parameter.

The minimum amount of network bandwidth, in Gbps. If this parameter is not specified, there is no minimum limit.

The maximum amount of network bandwidth, in Gbps. If this parameter is not specified, there is no maximum limit.

The minimum amount of network bandwidth, in Gbps. To specify no minimum limit, omit this parameter.

The maximum amount of network bandwidth, in Gbps. To specify no maximum limit, omit this parameter.

The fixed price for the term.

The fixed price for the term.

The price per instance.

The amount of the recurring charge.

Used for Reserved Instance Marketplace offerings. Specifies the limit price on the total order (instanceCount * price).

The size of the disk in the snapshot, in GiB.

The size of the disk in the snapshot, in GiB.

The number of units provided by the specified instance type. These are the same units that you chose to set the target capacity in terms of instances, or a performance characteristic such as vCPUs, memory, or I/O.

If the target capacity divided by this value is not a whole number, Amazon EC2 rounds the number of instances to the next whole number. If this value is not specified, the default is 1.

The number of units fulfilled by this request compared to the set target capacity. You cannot set this value.

The number of On-Demand units fulfilled by this request compared to the set target On-Demand capacity.

The minimum amount of total local storage, in GB. If this parameter is not specified, there is no minimum limit.

The maximum amount of total local storage, in GB. If this parameter is not specified, there is no maximum limit.

The minimum amount of total local storage, in GB. To specify no minimum limit, omit this parameter.

The maximum amount of total local storage, in GB. To specify no maximum limit, omit this parameter.

The weight of the instance type in the Capacity Reservation Fleet. For more information, see Instance type weight in the Amazon EC2 User Guide.

The number of capacity units provided by the specified instance type. This value, together with the total target capacity that you specify for the Fleet determine the number of instances for which the Fleet reserves capacity. Both values are based on units that make sense for your workload. For more information, see Total target capacity in the Amazon EC2 User Guide.

The maximum amount of time to wait (in seconds) before forcibly releasing the IP addresses if connections are still in progress. Default value is 350 seconds.

The maximum amount of time to wait (in seconds) before forcibly releasing the IP addresses if connections are still in progress. Default value is 350 seconds.

Indicates whether dynamic routing is enabled or disabled.

Describes whether dynamic routing is enabled or disabled for the transit gateway peering attachment.

Describes a block device for an EBS volume.

Parameters used to automatically set up EBS volumes when the instance is launched.

Indicates whether Amazon EBS encryption is supported.

Describes the Amazon EBS features supported by the instance type.

Describes the Amazon EBS settings for the instance type.

Describes a parameter used to set up an EBS volume in a block device mapping.

Parameters used to automatically set up EBS volumes when the instance is launched.

Describes information used to set up an EBS volume specified in a block device mapping.

Parameters used to automatically set up EBS volumes when the instance is launched.

Indicates whether non-volatile memory express (NVMe) is supported.

Describes the optimized EBS performance for supported instance types.

Describes the optimized EBS performance for the instance type.

Indicates whether the instance type is Amazon EBS-optimized. For more information, see Amazon EBS-optimized instances in Amazon EC2 User Guide.

The EC2 Instance Connect Endpoint.

Information about the EC2 Instance Connect Endpoint.

Information about the EC2 Instance Connect Endpoint.

The current state of the EC2 Instance Connect Endpoint.

Describes the Elastic Fabric Adapters for the instance type.

Describes the Elastic Fabric Adapters for the instance type.

Indicates whether Elastic Fabric Adapter (EFA) is supported.

Describes an egress-only internet gateway.

Information about the egress-only internet gateway.

[IPv6 traffic only] The ID of an egress-only internet gateway.

The ID of the egress-only internet gateway.

The ID of the egress-only internet gateway.

[IPv6 traffic only] The ID of an egress-only internet gateway.

The IDs of the egress-only internet gateways.

Information about the egress-only internet gateways.

Deprecated.

Deprecated.

The association IDs of EIPs that have been associated with the NAT gateway.

Describes the association between an instance and an Elastic Graphics accelerator.

The Elastic GPU associated with the instance.

Describes the status of an Elastic Graphics accelerator.

The status of the Elastic Graphics accelerator.

The ID of the Elastic Graphics accelerator.

The Elastic Graphics accelerator IDs.

Information about the Elastic Graphics accelerators.

A specification for an Elastic Graphics accelerator.

An elastic GPU to associate with the instance.

Describes an elastic GPU.

The elastic GPU specification.

An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource that you can attach to your Windows instance to accelerate the graphics performance of your applications. For more information, see Amazon EC2 Elastic GPUs in the Amazon EC2 User Guide.

The state of the Elastic Graphics accelerator.

The health status.

Describes an Elastic Graphics accelerator.

Describes an elastic inference accelerator.

Describes the association between an instance and an elastic inference accelerator.

The elastic inference accelerator associated with the instance.

The number of elastic inference accelerators to attach to the instance.

Default: 1

An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.

You cannot specify accelerators from different generations in the same request.

The association ID. This parameter is required.

ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase the maximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances. With ENA Express, you can communicate between two EC2 instances in the same subnet within the same account, or in different accounts. Both sending and receiving instances must have ENA Express enabled.

To improve the reliability of network packet delivery, ENA Express reorders network packets on the receiving end by default. However, some UDP-based applications are designed to handle network packets that are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express is enabled, you can specify whether UDP network traffic uses it.

Configures ENA Express for the network interface that this action attaches to the instance.

Updates the ENA Express configuration for the network interface that’s attached to the instance.

Indicates whether the instance type supports ENA Express. ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase the maximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances.

ENA Express is compatible with both TCP and UDP transport protocols. When it’s enabled, TCP traffic automatically uses it. However, some UDP-based applications are designed to handle network packets that are out of order, without a need for retransmission, such as live video broadcasting or other near-real-time applications. For UDP traffic, you can specify whether to use ENA Express, based on your application environment needs.

Configures ENA Express for UDP network traffic.

Indicates whether Elastic Network Adapter (ENA) is supported.

Contains information about the errors that occurred when enabling fast snapshot restores.

Information about the snapshots for which fast snapshot restores could not be enabled.

Describes an error that occurred when enabling fast snapshot restores.

The error.

Contains information about an error that occurred when enabling fast snapshot restores.

The errors.

Describes fast snapshot restores that were successfully enabled.

Information about the snapshots for which fast snapshot restores were successfully enabled.

Contains the parameters for EnableVgwRoutePropagation.

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves.

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves.

To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true; otherwise, set it to false.

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.

You can\'t enable Amazon Web Services Nitro Enclaves and hibernation on the same instance.

Indicates whether the instance type automatically encrypts in-transit traffic between instances.

Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

• unlimited - The Capacity Reservation remains active until you explicitly cancel it.

• limited - The Capacity Reservation expires automatically at a specified date and time.

Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

• unlimited - The Capacity Reservation remains active until you explicitly cancel it. Do not provide an EndDate if the EndDateType is unlimited.

• limited - The Capacity Reservation expires automatically at a specified date and time. You must provide an EndDate value if the EndDateType value is limited.

Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

• unlimited - The Capacity Reservation remains active until you explicitly cancel it. Do not provide an EndDate value if EndDateType is unlimited.

• limited - The Capacity Reservation expires automatically at a specified date and time. You must provide an EndDate value if EndDateType is limited.

Information about the Client VPN endpoints.

Indicates whether non-volatile memory express (NVMe) is supported.

The error codes and error messages.

The event code.

Describes an EC2 Fleet or Spot Fleet event.

Information about the event.

Information about the event.

The type of events to describe. By default, all events are described.

The event type.

• error - An error with the Spot Fleet request.

• fleetRequestChange - A change in the status or configuration of the Spot Fleet request.

• instanceChange - An instance was launched or terminated.

• Information - An informational event.

Indicates whether running instances should be terminated if the target capacity of the Spot Fleet request is decreased below the current size of the Spot Fleet.

Supported only for fleets of type maintain.

Indicates whether running instances should be terminated if you decrease the target capacity of the Spot Fleet request below the current size of the Spot Fleet.

Supported only for fleets of type maintain.

The instance types to exclude.

You can use strings with one or more wild cards, represented by an asterisk (*), to exclude an instance type, size, or generation. The following are examples: m5.8xlarge, c5*.*, m5a.*, r*, *3*.

For example, if you specify c5*,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify m5a.*, Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types.

Default: No excluded instance types

The instance types to exclude.

You can use strings with one or more wild cards, represented by an asterisk (*), to exclude an instance family, type, size, or generation. The following are examples: m5.8xlarge, c5*.*, m5a.*, r*, *3*.

For example, if you specify c5*,Amazon EC2 will exclude the entire C5 instance family, which includes all C5a and C5n instance types. If you specify m5a.*, Amazon EC2 will exclude all the M5a instance types, but not the M5n instance types.

Default: No excluded instance types

Scopes the images by users with explicit launch permissions. Specify an Amazon Web Services account ID, self (the sender of the request), or all (public AMIs).

• If you specify an Amazon Web Services account ID that is not your own, only AMIs shared with that specific Amazon Web Services account ID are returned. However, AMIs that are shared with the account’s organization or organizational unit (OU) are not returned.

• If you specify self or your own Amazon Web Services account ID, AMIs shared with your account are returned. In addition, AMIs that are shared with the organization or OU of which you are member are also returned.

• If you specify all, all public AMIs are returned.

Describes an explanation code for an unreachable path. For more information, see Reachability Analyzer explanation codes.

The explanations. For more information, see Reachability Analyzer explanation codes.

The explanation codes.

The target virtualization environment.

The target virtualization environment.

Describes an export image task.

The IDs of the export image tasks.

Information about the export image tasks.

Describes an export instance task.

Information about the export instance task.

The export task IDs.

Information about the export tasks.

Describes the destination for an export image task.

Information about the destination Amazon S3 bucket.

Information about the destination Amazon S3 bucket.

Describes the destination for an export image task.

The Amazon S3 bucket for the destination image. The destination bucket must exist.

The state of the export task.

Describes the format and location for the export task.

Information about the export task.

Describes an export instance task.

The format and location for an export instance task.

The ID of the export task. This is the ID returned by CreateInstanceExportTask.

Describes a Capacity Reservation Fleet that could not be cancelled.

Information about the Capacity Reservation Fleets that could not be cancelled.

Describes a Reserved Instance whose queued purchase was not deleted.

Information about the queued purchases that could not be deleted.

Details for one or more Windows AMI image IDs.

Request to create a launch template for a fast-launch enabled Windows AMI.

The launch template to use when launching Windows instances from pre-provisioned snapshots. Launch template parameters can include either the name or ID of the launch template, but not both.

Identifies the launch template to use for faster launching of the Windows AMI.

The launch template that the fast-launch enabled Windows AMI uses when it launches Windows instances from pre-provisioned snapshots.

The launch template that was used to launch Windows instances from pre-provisioned snapshots.

The launch template that is used when launching Windows instances from pre-provisioned snapshots.

The resource type that is used for pre-provisioning the Windows AMI. Supported values include: snapshot.

The pre-provisioning resource type that must be cleaned after turning off faster launching for the Windows AMI. Supported values include: snapshot.

The type of resource that was defined for pre-provisioning the Windows AMI for faster launching.

Configuration settings for creating and managing pre-provisioned snapshots for a fast-launch enabled Windows AMI.

Configuration settings for creating and managing the snapshots that are used for pre-provisioning the Windows AMI for faster launching. The associated ResourceType must be snapshot.

Configuration settings for creating and managing pre-provisioned snapshots for a fast-launch enabled Windows AMI.

A group of parameters that are used for pre-provisioning the associated Windows AMI using snapshots.

Parameters that were used for faster launching for the Windows AMI before faster launching was turned off. This informs the clean-up process.

Settings to create and manage the pre-provisioned snapshots that Amazon EC2 uses for faster launches from the Windows AMI. This property is returned when the associated resourceType is snapshot.

The current state of faster launching for the specified Windows AMI.

The current state of faster launching for the specified Windows AMI.

The current state of faster launching for the specified Windows AMI.

The state of fast snapshot restores.

The state of fast snapshot restores for the snapshot.

The state of fast snapshot restores.

Describes the IAM SAML identity providers used for federated authentication.

Information about the IAM SAML identity provider, if applicable.

The IAM SAML identity provider used for federated authentication.

Information about the IAM SAML identity provider to be used, if applicable. You must provide this information if Type is federated-authentication.

A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.

One or more filters. Filter names and values are case-sensitive.

• allocation-id - The allocation ID for the address.

• association-id - The association ID for the address.

• instance-id - The ID of the instance the address is associated with, if any.

• network-border-group - A unique set of Availability Zones, Local Zones, or Wavelength Zones from where Amazon Web Services advertises IP addresses.

• network-interface-id - The ID of the network interface that the address is associated with, if any.

• network-interface-owner-id - The Amazon Web Services account ID of the owner.

• private-ip-address - The private IP address associated with the Elastic IP address.

• public-ip - The Elastic IP address, or the carrier IP address.

• tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

The filters.

• group-name - For Availability Zones, use the Region name. For Local Zones, use the name of the group associated with the Local Zone (for example, us-west-2-lax-1) For Wavelength Zones, use the name of the group associated with the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

• message - The Zone message.

• opt-in-status - The opt-in status (opted-in | not-opted-in | opt-in-not-required).

• parent-zoneID - The ID of the zone that handles some of the Local Zone and Wavelength Zone control plane operations, such as API calls.

• parent-zoneName - The ID of the zone that handles some of the Local Zone and Wavelength Zone control plane operations, such as API calls.

• region-name - The name of the Region for the Zone (for example, us-east-1).

• state - The state of the Availability Zone, the Local Zone, or the Wavelength Zone (available).

• zone-id - The ID of the Availability Zone (for example, use1-az1), the Local Zone (for example, usw2-lax1-az1), or the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

• zone-name - The name of the Availability Zone (for example, us-east-1a), the Local Zone (for example, us-west-2-lax-1a), or the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

• zone-type - The type of zone (availability-zone | local-zone | wavelength-zone).

One or more filters.

The filters.

• bundle-id - The ID of the bundle task.

• error-code - If the task failed, the error code returned.

• error-message - If the task failed, the error message returned.

• instance-id - The ID of the instance.

• progress - The level of task completion, as a percentage (for example, 20%).

• s3-bucket - The Amazon S3 bucket to store the AMI.

• s3-prefix - The beginning of the AMI name.

• start-time - The time the task started (for example, 2013-09-15T17:15:20.000Z).

• state - The state of the task (pending | waiting-for-shutdown | bundling | storing | cancelling | complete | failed).

• update-time - The time of the most recent update for the task.

One or more filters.

• state - The state of the Fleet (submitted | modifying | active | partially_fulfilled | expiring | expired | cancelling | cancelled | failed).

• instance-match-criteria - The instance matching criteria for the Fleet. Only open is supported.

• tenancy - The tenancy of the Fleet (default | dedicated).

• allocation-strategy - The allocation strategy used by the Fleet. Only prioritized is supported.

One or more filters.

• instance-type - The type of instance for which the Capacity Reservation reserves capacity.

• owner-id - The ID of the Amazon Web Services account that owns the Capacity Reservation.

• instance-platform - The type of operating system for which the Capacity Reservation reserves capacity.

• availability-zone - The Availability Zone of the Capacity Reservation.

• tenancy - Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:

  • default - The Capacity Reservation is created on hardware that is shared with other Amazon Web Services accounts.

  • dedicated - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single Amazon Web Services account.

• outpost-arn - The Amazon Resource Name (ARN) of the Outpost on which the Capacity Reservation was created.

• state - The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

  • active- The Capacity Reservation is active and the capacity is available for your use.

  • expired - The Capacity Reservation expired automatically at the date and time specified in your request. The reserved capacity is no longer available for your use.

  • cancelled - The Capacity Reservation was cancelled. The reserved capacity is no longer available for your use.

  • pending - The Capacity Reservation request was successful but the capacity provisioning is still pending.

  • failed - The Capacity Reservation request has failed. A request might fail due to invalid request parameters, capacity constraints, or instance limit constraints. Failed requests are retained for 60 minutes.

• start-date - The date and time at which the Capacity Reservation was started.

• end-date - The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation\'s state changes to expired when it reaches its end date and time.

• end-date-type - Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

  • unlimited - The Capacity Reservation remains active until you explicitly cancel it.

  • limited - The Capacity Reservation expires automatically at a specified date and time.

• instance-match-criteria - Indicates the type of instance launches that the Capacity Reservation accepts. The options include:

  • open - The Capacity Reservation accepts all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes launch into the Capacity Reservation automatically without specifying any additional parameters.

  • targeted - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.

• placement-group-arn - The ARN of the cluster placement group in which the Capacity Reservation was created.

One or more filters.

• carrier-gateway-id - The ID of the carrier gateway.

• state - The state of the carrier gateway (pending | failed | available | deleting | deleted).

• owner-id - The Amazon Web Services account ID of the owner of the carrier gateway.

• tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

• vpc-id - The ID of the VPC associated with the carrier gateway.

The filters.

• group-id - The ID of a VPC security group that\'s associated with the instance.

• instance-id - The ID of the instance.

• tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

• vpc-id - The ID of the VPC to which the instance is linked.

One or more filters. Filter names and values are case-sensitive.

• description - The description of the authorization rule.

• destination-cidr - The CIDR of the network to which the authorization rule applies.

• group-id - The ID of the Active Directory group to which the authorization rule grants access.

One or more filters. Filter names and values are case-sensitive.

• connection-id - The ID of the connection.

• username - For Active Directory client authentication, the user name of the client who established the client connection.

One or more filters. Filter names and values are case-sensitive.

• endpoint-id - The ID of the Client VPN endpoint.

• transport-protocol - The transport protocol (tcp | udp).

One or more filters. Filter names and values are case-sensitive.

• destination-cidr - The CIDR of the route destination.

• origin - How the route was associated with the Client VPN endpoint (associate | add-route).

• target-subnet - The ID of the subnet through which traffic is routed.

One or more filters. Filter names and values are case-sensitive.

• association-id - The ID of the association.

• target-network-id - The ID of the subnet specified as the target network.

• vpc-id - The ID of the VPC in which the target network is located.

One or more filters.

• coip-pool.local-gateway-route-table-id - The ID of the local gateway route table.

• coip-pool.pool-id - The ID of the address pool.

One or more filters.

• bgp-asn - The customer gateway\'s Border Gateway Protocol (BGP) Autonomous System Number (ASN).

• customer-gateway-id - The ID of the customer gateway.

• ip-address - The IP address of the customer gateway device\'s external interface.

• state - The state of the customer gateway (pending | available | deleting | deleted).

• type - The type of customer gateway. Currently, the only supported type is ipsec.1.

• tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

The filters.

• dhcp-options-id - The ID of a DHCP options set.

• key - The key for one of the options (for example, domain-name).

• value - The value for one of the options.

• owner-id - The ID of the Amazon Web Services account that owns the DHCP options set.

• tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

The filters.

• tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

The filters.

• availability-zone - The Availability Zone in which the Elastic Graphics accelerator resides.

• elastic-gpu-health - The status of the Elastic Graphics accelerator (OK | IMPAIRED).

• elastic-gpu-state - The state of the Elastic Graphics accelerator (ATTACHED).

• elastic-gpu-type - The type of Elastic Graphics accelerator; for example, eg1.medium.

• instance-id - The ID of the instance to which the Elastic Graphics accelerator is associated.

Filter tasks using the task-state filter and one of the following values: active, completed, deleting, or deleted.

the filters for the export tasks.

Use the following filters to streamline results.

• resource-type - The resource type for pre-provisioning.

• launch-template - The launch template that is associated with the pre-provisioned Windows AMI.

• owner-id - The owner ID for the pre-provisioning resource.

• state - The current state of fast launching for the Windows AMI.

The filters. The possible values are:

• availability-zone: The Availability Zone of the snapshot.

• owner-id: The ID of the Amazon Web Services account that enabled fast snapshot restore on the snapshot.

• snapshot-id: The ID of the snapshot.

• state: The state of fast snapshot restores for the snapshot (enabling | optimizing | enabled | disabling | disabled).

The filters.

• instance-type - The instance type.

The filters.

• activity-status - The progress of the EC2 Fleet ( error | pending-fulfillment | pending-termination | fulfilled).

• excess-capacity-termination-policy - Indicates whether to terminate running instances if the target capacity is decreased below the current EC2 Fleet size (true | false).

• fleet-state - The state of the EC2 Fleet (submitted | active | deleted | failed | deleted-running | deleted-terminating | modifying).

• replace-unhealthy-instances - Indicates whether EC2 Fleet should replace unhealthy instances (true | false).

• type - The type of request (instant | request | maintain).

One or more filters.

• deliver-log-status - The status of the logs delivery (SUCCESS | FAILED).

• log-destination-type - The type of destination for the flow log data (cloud-watch-logs | s3 | kinesis-data-firehose).

• flow-log-id - The ID of the flow log.

• log-group-name - The name of the log group.

• resource-id - The ID of the VPC, subnet, or network interface.

• traffic-type - The type of traffic (ACCEPT | REJECT | ALL).

• tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

The filters.

• create-time - The creation time of the AFI.

• fpga-image-id - The FPGA image identifier (AFI ID).

• fpga-image-global-id - The global FPGA image identifier (AGFI ID).

• name - The name of the AFI.

• owner-id - The Amazon Web Services account ID of the AFI owner.

• product-code - The product code.

• shell-version - The version of the Amazon Web Services Shell that was used to create the bitstream.

• state - The state of the AFI (pending | failed | available | unavailable).

• tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

• update-time - The time of the most recent update.

The filters.

• instance-family - The instance family of the offering (for example, m4).

• payment-option - The payment option (NoUpfront | PartialUpfront | AllUpfront).

The filters.

• instance-family - The instance family (for example, m4).

• payment-option - The payment option (NoUpfront | PartialUpfront | AllUpfront).

• state - The state of the reservation (payment-pending | payment-failed | active | retired).

• tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

The filters.

• auto-placement - Whether auto-placement is enabled or disabled (on | off).

• availability-zone - The Availability Zone of the host.

• client-token - The idempotency token that you provided when you allocated the host.

• host-reservation-id - The ID of the reservation assigned to this host.

• instance-type - The instance type size that the Dedicated Host is configured to support.

• state - The allocation state of the Dedicated Host (available | under-assessment | permanent-failure | released | released-permanent-failure).

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

The filters.

• instance-id - The ID of the instance.

• state - The state of the association (associating | associated | disassociating).

The filters.

• architecture - The image architecture (i386 | x86_64 | arm64 | x86_64_mac | arm64_mac).

• block-device-mapping.delete-on-termination - A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.

• block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).

• block-device-mapping.snapshot-id - The ID of the snapshot used for the Amazon EBS volume.

• block-device-mapping.volume-size - The volume size of the Amazon EBS volume, in GiB.

• block-device-mapping.volume-type - The volume type of the Amazon EBS volume (io1 | io2 | gp2 | gp3 | sc1 | st1 | standard).

• block-device-mapping.encrypted - A Boolean that indicates whether the Amazon EBS volume is encrypted.

• creation-date - The time when the image was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.

• description - The description of the image (provided during image creation).

• ena-support - A Boolean that indicates whether enhanced networking with ENA is enabled.

• hypervisor - The hypervisor type (ovm | xen).

• image-id - The ID of the image.

• image-type - The image type (machine | kernel | ramdisk).

• is-public - A Boolean that indicates whether the image is public.

• kernel-id - The kernel ID.

• manifest-location - The location of the image manifest.

• name - The name of the AMI (provided during image creation).

• owner-alias - The owner alias (amazon | aws-marketplace). The valid aliases are defined in an Amazon-maintained list. This is not the Amazon Web Services account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.

• owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.

• platform - The platform. The only supported value is windows.

• product-code - The product code.

• product-code.type - The type of the product code (marketplace).

• ramdisk-id - The RAM disk ID.

• root-device-name - The device name of the root device volume (for example, /dev/sda1).

• root-device-type - The type of the root device volume (ebs | instance-store).

• state - The state of the image (available | pending | failed).

• state-reason-code - The reason code for the state change.

• state-reason-message - The message for the state change.

• sriov-net-support - A value of simple indicates that enhanced networking with the Intel 82599 VF interface is enabled.

• tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

• virtualization-type - The virtualization type (paravirtual | hvm).

Filter tasks using the task-state filter and one of the following values: active, completed, deleting, or deleted.

The filters.

One or more filters.

• instance-connect-endpoint-id - The ID of the EC2 Instance Connect Endpoint.

• state - The state of the EC2 Instance Connect Endpoint (create-in-progress | create-complete | create-failed | delete-in-progress | delete-complete | delete-failed).

• subnet-id - The ID of the subnet in which the EC2 Instance Connect Endpoint was created.

• tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

• tag-value - The value of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific value, regardless of tag key.

• vpc-id - The ID of the VPC in which the EC2 Instance Connect Endpoint was created.

The filters.

• instance-id - The ID of the instance.

One or more filters.

• dedicated-host-id - The event windows associated with the specified Dedicated Host ID.

• event-window-name - The event windows associated with the specified names.

• instance-id - The event windows associated with the specified instance ID.

• instance-tag - The event windows associated with the specified tag and value.

• instance-tag-key - The event windows associated with the specified tag key, regardless of the value.

• instance-tag-value - The event windows associated with the specified tag value, regardless of the key.

• tag:<key> - The key/value combination of a tag assigned to the event window. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value CMX, specify tag:Owner for the filter name and CMX for the filter value.

• tag-key - The key of a tag assigned to the event window. Use this filter to find all event windows that have a tag with a specific key, regardless of the tag value.

• tag-value - The value of a tag assigned to the event window. Use this filter to find all event windows that have a tag with a specific value, regardless of the tag key.

The filters.

• availability-zone - The Availability Zone of the instance.

• event.code - The code for the scheduled event (instance-reboot | system-reboot | system-maintenance | instance-retirement | instance-stop).

• event.description - A description of the event.

• event.instance-event-id - The ID of the event whose date and time you are modifying.

• event.not-after - The latest end time for the scheduled event (for example, 2014-09-15T17:15:20.000Z).

• event.not-before - The earliest start time for the scheduled event (for example, 2014-09-15T17:15:20.000Z).

• event.not-before-deadline - The deadline for starting the event (for example, 2014-09-15T17:15:20.000Z).

• instance-state-code - The code for the instance state, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).

• instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).

• instance-status.reachability - Filters on instance status where the name is reachability (passed | failed | initializing | insufficient-data).

• instance-status.status - The status of the instance (ok | impaired | initializing | insufficient-data | not-applicable).

• system-status.reachability - Filters on system status where the name is reachability (passed | failed | initializing | insufficient-data).

• system-status.status - The system status of the instance (ok | impaired | initializing | insufficient-data | not-applicable).