Skip to main content

AWS - EC2

This Integration is part of the AWS - EC2 Pack.#

Amazon Web Services Elastic Compute Cloud (EC2).

Configure AWS - EC2 on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for AWS - EC2.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    AWS Default RegionFalse
    Role ArnFalse
    Role Session NameFalse
    Role Session DurationFalse
    Access KeyFalse
    Secret KeyFalse
    TimeoutThe time in seconds until a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout followed after a comma (for example 60,10). If a connect timeout is not specified, a default of 10 second will be used.False
    RetriesThe maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time.False
    PrivateLink service URLFalse
    STS PrivateLink URLFalse
    AWS organization accountsA comma-separated list of AWS Organization accounts to use when running EC2 commands. A role name for cross-organization account access must be provided to use this feature. This feature is explained below.False
    Role name for cross-organization account accessThe role name used to access accounts in the organization. This role name must exist in the accounts provided in "AWS Organization accounts" and be assumable with the credentials provided. This feature is explained below.False
    Max concurrent command callsThe maximum number of concurrent calls to allow when running a command on all accounts provided in "AWS Organization accounts".False
    Use system proxy settingsFalse
    Trust any certificate (not secure)False
  4. Click Test to validate the URLs, token, and connection.

Run commands in multiple AWS accounts#

The EC2 integration supports running commands across multiple AWS accounts in an organization. To use this feature, configure the parameter AWS organization accounts with a comma-separated list of AWS Organization accounts and the Role name for cross-organization account access parameter with a role name that grants full access to the EC2 API in each account. Using the roleArn, roleSessionName and roleSessionDuration arguments in EC2 commands will override this feature.

Example:#


AWS organization accounts

12345678,98765432

Role name for cross-organization account access

CrossAccountAccessRole


In this case, the user configured with Access Key and Secret Key must be able to perform AssumeRole with the RoleArn: arn:aws:iam::12345678:role/CrossAccountAccessRole arn:aws:iam::98765432:role/CrossAccountAccessRole

AwsEC2SyncAccounts Script#

The script AwsEC2SyncAccounts can be used to configure an AWS - EC2 instance with all accounts in an organization.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

aws-ec2-describe-instances#


Describes one or more of your instances.

Base Command#

aws-ec2-describe-instances

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
instanceIdsOne or more instance IDs. Seprated by comma.Optional
regionThe AWS Region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Instances.AmiLaunchIndexnumberThe AMI launch index, which can be used to find this instance in the launch group.
AWS.EC2.Instances.ImageIdstringThe ID of the AMI used to launch the instance.
AWS.EC2.Instances.InstanceIdstringThe ID of the instance.
AWS.EC2.Instances.InstanceTypestringThe instance type.
AWS.EC2.Instances.KernelIdstringThe kernel associated with this instance, if applicable.
AWS.EC2.Instances.KeyNamestringThe name of the key pair, if this instance was launched with an associated key pair.
AWS.EC2.Instances.LaunchTimedateThe time the instance was launched.
AWS.EC2.Instances.Monitoring.StatestringIndicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.
AWS.EC2.Instances.Placement.AvailabilityZonestringThe Availability Zone of the instance.
AWS.EC2.Instances.Placement.AffinitystringThe affinity setting for the instance on the Dedicated Host.
AWS.EC2.Instances.Placement.GroupNamestringThe name of the placement group the instance is in (for cluster compute instances).
AWS.EC2.Instances.Placement.HostIdstringhe ID of the Dedicated Host on which the instance resides.
AWS.EC2.Instances.Placement.TenancystringThe tenancy of the instance (if the instance is running in a VPC).
AWS.EC2.Instances.PlatformstringThe value is Windows for Windows instances; otherwise blank.
AWS.EC2.Instances.PrivateDnsNamestring(IPv4 only) The private DNS hostname name assigned to the instance. This DNS hostname can only be used inside the Amazon EC2 network. This name is not available until the instance enters the running state.
AWS.EC2.Instances.PrivateIpAddressstringThe private IPv4 address assigned to the instance.
AWS.EC2.Instances.ProductCodes.ProductCodeIdstringThe product code.
AWS.EC2.Instances.ProductCodes.ProductCodeTypestringThe type of product code.
AWS.EC2.Instances.PublicDnsNamestring(IPv4 only) The public DNS name assigned to the instance. This name is not available until the instance enters the running state.
AWS.EC2.Instances.PublicIpAddressstringThe public IPv4 address assigned to the instance, if applicable.
AWS.EC2.Instances.RamdiskIdstringThe RAM disk associated with this instance, if applicable.
AWS.EC2.Instances.State.CodestringThe low byte represents the state.
AWS.EC2.Instances.State.NamestringThe current state of the instance.
AWS.EC2.Instances.StateTransitionReasonstringThe reason for the most recent state transition. This might be an empty string.
AWS.EC2.Instances.SubnetIdstringThe ID of the subnet in which the instance is running.
AWS.EC2.Instances.VpcIdstringThe ID of the VPC in which the instance is running.
AWS.EC2.Instances.ArchitecturestringThe architecture of the image.
AWS.EC2.Instances.BlockDeviceMappings.DeviceNamestringThe device name (for example, /dev/sdh or xvdh).
AWS.EC2.Instances.BlockDeviceMappings.Ebs.AttachTimestringThe time stamp when the attachment initiated.
AWS.EC2.Instances.BlockDeviceMappings.Ebs.DeleteOnTerminationstringIndicates whether the volume is deleted on instance termination.
AWS.EC2.Instances.BlockDeviceMappings.Ebs.StatusstringThe attachment state.
AWS.EC2.Instances.BlockDeviceMappings.Ebs.VolumeIdstringThe ID of the EBS volume.
AWS.EC2.Instances.ClientTokenstringThe idempotency token you provided when you launched the instance, if applicable.
AWS.EC2.Instances.EbsOptimizedbooleanIndicates whether the instance is optimized for Amazon EBS I/O.
AWS.EC2.Instances.EnaSupportbooleanSpecifies whether enhanced networking with ENA is enabled.
AWS.EC2.Instances.HypervisorstringThe hypervisor type of the instance.
AWS.EC2.Instances.IamInstanceProfile.ArnstringThe Amazon Resource Name (ARN) of the instance profile.
AWS.EC2.Instances.IamInstanceProfile.IdstringThe ID of the instance profile.
AWS.EC2.Instances.InstanceLifecyclestringIndicates whether this is a Spot Instance or a Scheduled Instance.
AWS.EC2.Instances.ElasticGpuAssociations.ElasticGpuIdstringThe ID of the Elastic GPU.
AWS.EC2.Instances.ElasticGpuAssociations.ElasticGpuAssociationIdstringThe ID of the association.
AWS.EC2.Instances.ElasticGpuAssociations.ElasticGpuAssociationStatestringThe state of the association between the instance and the Elastic GPU.
AWS.EC2.Instances.ElasticGpuAssociations.ElasticGpuAssociationTimestringThe time the Elastic GPU was associated with the instance.
AWS.EC2.Instances.NetworkInterfaces.Association.IpOwnerIdstringThe ID of the owner of the Elastic IP address.
AWS.EC2.Instances.NetworkInterfaces.Association.PublicDnsNamestringThe public DNS name.
AWS.EC2.Instances.NetworkInterfaces.Association.PublicIpstringThe public IP address or Elastic IP address bound to the network interface.
AWS.EC2.Instances.NetworkInterfaces.Attachment.AttachTimedateThe time stamp when the attachment initiated.
AWS.EC2.Instances.NetworkInterfaces.Attachment.AttachmentIdstringThe ID of the network interface attachment.
AWS.EC2.Instances.NetworkInterfaces.Attachment.DeleteOnTerminationbooleanIndicates whether the network interface is deleted when the instance is terminated.
AWS.EC2.Instances.NetworkInterfaces.Attachment.DeviceIndexnumberThe index of the device on the instance for the network interface attachment.
AWS.EC2.Instances.NetworkInterfaces.Attachment.StatusstringThe attachment state.
AWS.EC2.Instances.NetworkInterfaces.DescriptionstringThe description.
AWS.EC2.Instances.NetworkInterfaces.Groups.GroupNamestringThe name of the security group.
AWS.EC2.Instances.NetworkInterfaces.Groups.GroupIdstringThe ID of the security group.
AWS.EC2.Instances.NetworkInterfaces.Ipv6Addresses.Ipv6AddressstringThe IPv6 addresses associated with the network interface.
AWS.EC2.Instances.NetworkInterfaces.MacAddressstringThe MAC address.
AWS.EC2.Instances.NetworkInterfaces.NetworkInterfaceIdstringThe ID of the network interface.
AWS.EC2.Instances.NetworkInterfaces.OwnerIdstringThe ID of the AWS account that created the network interface.
AWS.EC2.Instances.NetworkInterfaces.PrivateDnsNamestringThe private DNS name.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddressstringThe IPv4 address of the network interface within the subnet.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddresses.Association.IpOwnerIdstringThe ID of the owner of the Elastic IP address.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddresses.Association.PublicDnsNamestringThe public DNS name.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddresses.Association.PublicIpstringThe public IP address or Elastic IP address bound to the network interface.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddresses.PrimarybooleanIndicates whether this IPv4 address is the primary private IP address of the network interface.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddresses.PrivateDnsNamestringThe private IPv4 DNS name.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddresses.PrivateIpAddressstringThe private IPv4 address of the network interface.
AWS.EC2.Instances.NetworkInterfaces.SourceDestCheckbooleanIndicates whether to validate network traffic to or from this network interface.
AWS.EC2.Instances.NetworkInterfaces.StatusstringThe status of the network interface.
AWS.EC2.Instances.NetworkInterfaces.SubnetIdstringThe ID of the subnet.
AWS.EC2.Instances.NetworkInterfaces.VpcIdstringThe ID of the VPC.
AWS.EC2.Instances.RootDeviceNamestringThe device name of the root device volume (for example, /dev/sda1).
AWS.EC2.Instances.RootDeviceTypestringThe root device type used by the AMI. The AMI can use an EBS volume or an instance store volume.
AWS.EC2.Instances.SecurityGroups.GroupNamestringThe name of the security group.
AWS.EC2.Instances.SecurityGroups.GroupIdstringThe ID of the security group.
AWS.EC2.Instances.SourceDestCheckbooleanSpecifies whether to enable an instance launched in a VPC to perform NAT.
AWS.EC2.Instances.SpotInstanceRequestIdstringIf the request is a Spot Instance request, the ID of the request.
AWS.EC2.Instances.SriovNetSupportstringSpecifies whether enhanced networking with the Intel 82599 Virtual Function interface is enabled.
AWS.EC2.Instances.StateReason.CodestringThe reason code for the state change.
AWS.EC2.Instances.StateReason.MessagestringThe message for the state change.
AWS.EC2.Instances.Tags.KeystringThe key of the tag.
AWS.EC2.Instances.Tags.ValuestringThe value of the tag.
AWS.EC2.Instances.VirtualizationTypestringThe virtualization type of the instance.
AWS.EC2.Instances.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command Example#

!aws-ec2-describe-instances

Context Example#

{
"AWS": {
"EC2": {
"Instances": [
{
"AmiLaunchIndex": 0,
"Architecture": "x86_64",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/dev_name",
"Ebs": {
"AttachTime": "2020-04-26T15:49:18",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-1"
}
}
],
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"ClientToken": "some_token",
"CpuOptions": {
"CoreCount": 8,
"ThreadsPerCore": 2
},
"EbsOptimized": false,
"EnaSupport": true,
"HibernationOptions": {
"Configured": false
},
"Hypervisor": "xen",
"IamInstanceProfile": {
"Arn": "some_arn",
"Id": "id"
},
"ImageId": "ami-id",
"InstanceId": "i-id",
"InstanceType": "m5.4xlarge",
"KeyName": "Aqua",
"LaunchTime": "2020-04-26T15:49:17",
"Monitoring": {
"State": "enabled"
},
"NetworkInterfaces": [
{
"Attachment": {
"AttachTime": "2020-04-26T15:49:28",
"AttachmentId": "eni-attach",
"DeleteOnTermination": false,
"DeviceIndex": 1,
"Status": "attached"
},
"Description": "Floating network interface providing a fixed IP address for AWS Ground Station to connect to.",
"Groups": [
{
"GroupId": "sg",
"GroupName": "some_group_name"
}
],
"Ipv6Addresses": [],
"MacAddress": "add",
"NetworkInterfaceId": "eni",
"OwnerId": "some_id",
"PrivateDnsName": "name",
"PrivateIpAddress": "1.1.1.1",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateDnsName": "name",
"PrivateIpAddress": "1.1.1.1"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet",
"VpcId": "vpc"
}
],
"Placement": {
"AvailabilityZone": "us-west-2a",
"GroupName": "name",
"Tenancy": "dedicated"
},
"PrivateDnsName": "dns_name",
"PrivateIpAddress": "1.1.1.1",
"ProductCodes": [],
"PublicDnsName": "",
"Region": "us-west-2",
"RootDeviceName": "/dev/dev_name",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupId": "sg",
"GroupName": "name"
}
],
"SourceDestCheck": true,
"State": {
"Code": 80,
"Name": "stopped"
},
"StateReason": {
"Code": "Client.UserInitiatedShutdown",
"Message": "Client.UserInitiatedShutdown: User initiated shutdown"
},
"StateTransitionReason": "User initiated (2020-04-26 18:28:48 GMT)",
"SubnetId": "subnet-1",
"Tags": [
{
"Key": "stack-id",
"Value": "some_info"
}
],
"VirtualizationType": "hvm",
"VpcId": "vpc"
}
]
}
}
}

Human Readable Output#

AWS Instances#

ImageIdInstanceIdKeyNameLaunchDateMonitoringNamePublicDNSNamePublicIPAddressRegionStateTypeaws:cloudformation:logical-idaws:cloudformation:stack-idaws:cloudformation:stack-name
ami-1i-1Aqua2020-04-26T15:49:17ZenabledReceiver-gs-aqua-receiverus-west-2stoppedm5.4xlargeReceiverInstancearn1name1
ami-2i-22020-08-19T11:23:48Zdisabledflask-envsome_server1.2.3.4us-west-2runningt2.microAWSEBAutoScalingGrouparn2name2

aws-ec2-describe-iam-instance-profile-associations#


Describes your IAM instance profile associations.

Base Command#

aws-ec2-describe-iam-instance-profile-associations

Input#

Argument NameDescriptionRequired
filtersOne or more filters. See the AWS documentation for details & filter options.The IAM instance profile associations.
maxResultsThe maximum number of results to return in a single call. Specify a value between 5 and 1000.Optional
nextTokenThe token for the next set of results.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.IamInstanceProfileAssociations.IamInstanceProfile.ArnstringThe Amazon Resource Name (ARN) of the instance profile.
AWS.EC2.IamInstanceProfileAssociations.IamInstanceProfile.IdstringThe ID of the instance profile.
AWS.EC2.IamInstanceProfileAssociations.StatestringThe state of the association.
AWS.EC2.IamInstanceProfileAssociations.InstanceIdstringThe ID of the instance.
AWS.EC2.IamInstanceProfileAssociations.AssociationIdstringThe ID of the association.
AWS.EC2.IamInstanceProfileAssociations.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command Example#

!aws-ec2-describe-iam-instance-profile-associations

Context Example#

{
"AWS": {
"EC2": {
"IamInstanceProfileAssociations": [
{
"AssociationId": "association1",
"InstanceId": "instance1",
"IamInstanceProfile": {
"Arn": "arn:aws:iam::000000000000:instance-profile/eks-00000000-0000-0000-0000-00000000",
"Id": "AAAAA"
},
"State": "associated"
},
{
"AssociationId": "iip-assoc-0fdeba1a2861d2580",
"InstanceId": "i-06bab8afb71d19fea",
"IamInstanceProfile": {
"Arn": "arn:aws:iam::000000000000:instance-profile/eks-00000000-0000-0000-0000-00000001",
"Id": "CCCCC"
},
"State": "associated"
}
]
}
}
}

aws-ec2-describe-images#


Describes one or more of the images (AMIs, AKIs, and ARIs) available to you. Images available to you include public images, private images that you own, and private images owned by other AWS accounts but for which you have explicit launch permissions.

Base Command#

aws-ec2-describe-images

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
imageIdsA comma-separated list of image IDs.Optional
ownersFilters the images by the owner. Specify an AWS account ID, self (owner is the sender of the request), or an AWS owner alias (valid values are amazon | aws-marketplace | microsoft ). Omitting this option returns all images for which you have launch permissions, regardless of ownership.Optional
executableUsersScopes the images by users with explicit launch permissions. Specify an AWS account ID, self (the sender of the request), or all (public AMIs).Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Images.ArchitecturestringThe architecture of the image.
AWS.EC2.Images.CreationDatedateThe date and time the image was created.
AWS.EC2.Images.ImageIdstringThe ID of the AMI.
AWS.EC2.Images.ImageLocationstringThe location of the AMI.
AWS.EC2.Images.ImageTypestringThe type of image.
AWS.EC2.Images.PublicbooleanIndicates whether the image has public launch permissions. The value is true if this image has public launch permissions or false if it has only implicit and explicit launch permissions.
AWS.EC2.Images.KernelIdstringThe kernel associated with the image, if any. Only applicable for machine images.
AWS.EC2.Images.OwnerIdstringThe AWS account ID of the image owner.
AWS.EC2.Images.PlatformstringThe value is Windows for Windows AMIs; otherwise blank.
AWS.EC2.Images.ProductCodes.ProductCodeIdstringThe product code.
AWS.EC2.Images.ProductCodes.ProductCodeTypestringThe type of product code.
AWS.EC2.Images.RamdiskIdstringThe RAM disk associated with the image, if any. Only applicable for machine images.
AWS.EC2.Images.StatestringThe current state of the AMI. If the state is available , the image is successfully registered and can be used to launch an instance.
AWS.EC2.Images.BlockDeviceMappings.DeviceNamestringThe device name (for example, /dev/sdh or xvdh).
AWS.EC2.Images.BlockDeviceMappings.VirtualNamestringThe virtual device name (ephemeral N).
AWS.EC2.Images.BlockDeviceMappings.Ebs.EncryptedbooleanIndicates whether the EBS volume is encrypted.
AWS.EC2.Images.BlockDeviceMappings.Ebs.DeleteOnTerminationbooleanIndicates whether the EBS volume is deleted on instance termination.
AWS.EC2.Images.BlockDeviceMappings.Ebs.IopsnumberThe number of I/O operations per second (IOPS) that the volume supports.
AWS.EC2.Images.BlockDeviceMappings.Ebs.KmsKeyIdstringIdentifier (key ID, key alias, ID ARN, or alias ARN) for a user-managed CMK under which the EBS volume is encrypted.
AWS.EC2.Images.BlockDeviceMappings.Ebs.SnapshotIdstringThe ID of the snapshot.
AWS.EC2.Images.BlockDeviceMappings.Ebs.VolumeSizenumberThe size of the volume, in GiB.
AWS.EC2.Images.BlockDeviceMappings.Ebs.VolumeTypestringThe volume type.
AWS.EC2.Images.BlockDeviceMappings.NoDevicestringSuppresses the specified device included in the block device mapping of the AMI.
AWS.EC2.Images.DescriptionstringThe description of the AMI that was provided during image creation.
AWS.EC2.Images.EnaSupportbooleanSpecifies whether enhanced networking with ENA is enabled.
AWS.EC2.Images.HypervisorstringThe hypervisor type of the image.
AWS.EC2.Images.ImageOwnerAliasstringThe AWS account alias (for example, amazon , self ) or the AWS account ID of the AMI owner.
AWS.EC2.Images.NamestringThe name of the AMI that was provided during image creation.
AWS.EC2.Images.RootDeviceNamestringThe device name of the root device volume (for example, /dev/sda1).
AWS.EC2.Images.RootDeviceTypestringThe type of root device used by the AMI. The AMI can use an EBS volume or an instance store volume.
AWS.EC2.Images.SriovNetSupportstringSpecifies whether enhanced networking with the Intel 82599 Virtual Function interface is enabled.
AWS.EC2.Images.StateReason.CodestringThe reason code for the state change.
AWS.EC2.Images.StateReason.MessagestringThe message for the state change.
AWS.EC2.Images.Tags.KeystringThe key of the tag.
AWS.EC2.Images.Tags.ValuestringThe value of the tag.
AWS.EC2.Images.VirtualizationTypestringThe type of virtualization of the AMI.
AWS.EC2.Images.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-describe-regions#


Describes one or more regions that are currently available to you.

Base Command#

aws-ec2-describe-regions

Input#

Argument NameDescriptionRequired
regionNamesThe name of the region (for example, us-east-1 ).Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.Regions.EndpointstringThe region service endpoint.
AWS.Regions.RegionNamestringThe name of the region.
AWS.Regions.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command Example#

!aws-ec2-describe-regions

Context Example#

{
"AWS": {
"Regions": [
{
"Endpoint": "ec2.eu-north-1.amazonaws.com",
"RegionName": "eu-north-1"
},
{
"Endpoint": "ec2.ap-south-1.amazonaws.com",
"RegionName": "ap-south-1"
}
]
}
}

Human Readable Output#

AWS Regions#

EndpointRegionName
ec2.eu-north-1.amazonaws.comeu-north-1
ec2.ap-south-1.amazonaws.comap-south-1

aws-ec2-describe-addresses#


Describes one or more of your Elastic IP addresses.

Base Command#

aws-ec2-describe-addresses

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
publicIpsOne or more Elastic IP addresses.Optional
allocationIdsOne or more allocation IDs.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.ElasticIPs.InstanceIdstringThe ID of the instance that the address is associated with (if any).
AWS.EC2.ElasticIPs.PublicIpstringThe Elastic IP address.
AWS.EC2.ElasticIPs.AllocationIdstringThe ID representing the allocation of the address for use with EC2-VPC.
AWS.EC2.ElasticIPs.AssociationIdstringThe ID representing the association of the address with an instance in a VPC.
AWS.EC2.ElasticIPs.Domainstringdicates whether this Elastic IP address is for use with instances in EC2-Classic (standard) or instances in a VPC.
AWS.EC2.ElasticIPs.NetworkInterfaceIdstringThe ID of the network interface.
AWS.EC2.ElasticIPs.NetworkInterfaceOwnerIdstringThe ID of the AWS account that owns the network interface.
AWS.EC2.ElasticIPs.PrivateIpAddressstringThe private IP address associated with the Elastic IP address.
AWS.EC2.ElasticIPs.RegionstringThe AWS region where the elastic IP is located.
AWS.EC2.ElasticIPs.Tags.KeystringThe key of the tag.
AWS.EC2.ElasticIPs.Tags.ValuestringThe value of the tag.
AWS.EC2.ElasticIPs.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command Example#

!aws-ec2-describe-addresses

Context Example#

{
"AWS": {
"EC2": {
"ElasticIPs": [
{
"AllocationId": "eipalloc-1",
"Domain": "vpc",
"PublicIp": "1.1.1.1",
"PublicIpv4Pool": "amazon",
"Region": "us-west-2"
},
{
"AllocationId": "eipalloc-2",
"AssociationId": "eipassoc-2",
"Domain": "vpc",
"InstanceId": "i-1",
"NetworkInterfaceId": "eni-1",
"NetworkInterfaceOwnerId": "id",
"PrivateIpAddress": "1.2.3.4",
"PublicIp": "3.4.5.6",
"PublicIpv4Pool": "amazon"
}
]
}
}
}

Human Readable Output#

AWS EC2 ElasticIPs#

AllocationIdDomainPublicIpRegion
eipalloc-1vpc1.1.1.1us-west-2
eipalloc-2vpc1.2.3.4us-west-2

aws-ec2-describe-snapshots#


Describes one or more of the EBS snapshots available to you.

Base Command#

aws-ec2-describe-snapshots

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
ownerIdsReturns the snapshots owned by the specified owner. Multiple owners can be specified.Optional
snapshotIdsA comma-separated list of snapshot IDs.Optional
restorableByUserIdsOne or more AWS accounts IDs that can create volumes from the snapshot.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Snapshots.DataEncryptionKeyIdstringThe data encryption key identifier for the snapshot.
AWS.EC2.Snapshots.DescriptionstringThe description for the snapshot.
AWS.EC2.Snapshots.EncryptedbooleanIndicates whether the snapshot is encrypted.
AWS.EC2.Snapshots.KmsKeyIdstringThe full ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to protect the volume encryption key for the parent volume.
AWS.EC2.Snapshots.OwnerIdstringThe AWS account ID of the EBS snapshot owner.
AWS.EC2.Snapshots.ProgressstringThe progress of the snapshot, as a percentage.
AWS.EC2.Snapshots.SnapshotIdstringThe ID of the snapshot.
AWS.EC2.Snapshots.StartTimestringThe time stamp when the snapshot was initiated.
AWS.EC2.Snapshots.StatestringThe snapshot state.
AWS.EC2.Snapshots.StateMessagestringthis field displays error state details to help you diagnose why the error occurred.
AWS.EC2.Snapshots.VolumeIdstringThe ID of the volume that was used to create the snapshot.
AWS.EC2.Snapshots.VolumeSizenumberThe size of the volume, in GiB.
AWS.EC2.Snapshots.OwnerAliasstringValue from an Amazon-maintained list of snapshot owners.
AWS.EC2.Snapshots.RegionstringThe AWS region where the snapshot is located.
AWS.EC2.Snapshots.Tags.KeystringThe key of the tag.
AWS.EC2.Snapshots.Tags.ValuestringThe value of the tag.
AWS.EC2.Snapshots.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-describe-launch-templates#


Describes one or more launch templates.

Base Command#

aws-ec2-describe-launch-templates

Input#

Argument NameDescriptionRequired
FiltersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
LaunchTemplateNamesA comma-separated list of launch template names.Optional
LaunchTemplateIdsA comma-separated list of launch template IDs.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.LaunchTemplates.LaunchTemplateIdstringThe ID of the launch template.
AWS.EC2.LaunchTemplates.LaunchTemplateNamestringThe name of the launch template.
AWS.EC2.LaunchTemplates.CreateTimedateThe time launch template was created.
AWS.EC2.LaunchTemplates.CreatedBystringThe principal that created the launch template.
AWS.EC2.LaunchTemplates.DefaultVersionNumbernumberThe version number of the default version of the launch template.
AWS.EC2.LaunchTemplates.LatestVersionNumbernumberThe version number of the latest version of the launch template.
AWS.EC2.LaunchTemplates.Tags.KeystringThe key of the tag.
AWS.EC2.LaunchTemplates.Tags.ValuestringThe value of the tag.
AWS.EC2.LaunchTemplates.RegionstringThe aws region where the template is located
AWS.EC2.LaunchTemplates.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command Example#

!aws-ec2-describe-launch-templates

Context Example#

{
"AWS": {
"EC2": {
"LaunchTemplates": {
"CreateTime": "2019-04-21T07:54:50",
"CreatedBy": "some_user",
"DefaultVersionNumber": 1,
"LatestVersionNumber": 1,
"LaunchTemplateId": "lt-1",
"LaunchTemplateName": "sample_launch_template",
"Region": "us-west-2"
}
}
}
}

Human Readable Output#

AWS EC2 LaunchTemplates#

CreateTimeCreatedByDefaultVersionNumberLatestVersionNumberLaunchTemplateIdLaunchTemplateNameRegion
2019-04-21T07:54:50Zsome_user11lt-1sample_launch_templateus-west-2

aws-ec2-describe-key-pairs#


Describes one or more of your key pairs.

Base Command#

aws-ec2-describe-key-pairs

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
keyNamesA comma-separated list of key pair names.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.KeyPairs.KeyFingerprintUnknownIf you used CreateKeyPair to create the key pair, this is the SHA-1 digest of the DER encoded private key. If you used ImportKeyPair to provide AWS the public key, this is the MD5 public key fingerprint as specified in section 4 of RFC4716.
AWS.EC2.KeyPairs.KeyNameUnknownThe name of the key pair.
AWS.EC2.KeyPairs.RegionUnknownThe AWS region where the key pair is located.
AWS.EC2.KeyPairs.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-describe-volumes#

Command Example#

!aws-ec2-describe-key-pairs

Context Example#

{
"AWS": {
"EC2": {
"KeyPairs": [
{
"KeyFingerprint": "fp1",
"KeyName": "Aqua",
"Region": "us-west-2"
},
{
"KeyFingerprint": "fp2",
"KeyName": "Test Keys",
"Region": "us-west-2"
}
]
}
}
}

Human Readable Output#

AWS EC2 Key Pairs#

KeyFingerprintKeyNameRegion
fp1Aquaus-west-2
fp2Test Keysus-west-2

aws-ec2-describe-volumes#


Describes the specified EBS volumes.

Base Command#

aws-ec2-describe-volumes

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
volumeIdsA comma-separated list of volume IDs.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Volumes.AvailabilityZonestringThe Availability Zone for the volume.
AWS.EC2.Volumes.CreateTimedateThe time stamp when volume creation was initiated.
AWS.EC2.Volumes.EncryptedbooleanIndicates whether the volume will be encrypted.
AWS.EC2.Volumes.KmsKeyIdstringThe full ARN of the AWS Key Management Service customer master key that was used to protect the volume encryption key for the volume.
AWS.EC2.Volumes.SizenumberThe snapshot from which the volume was created, if applicable.
AWS.EC2.Volumes.StatestringThe volume state.
AWS.EC2.Volumes.VolumeIdstringThe ID of the volume.
AWS.EC2.Volumes.IopsnumberThe number of I/O operations per second (IOPS) that the volume supports.
AWS.EC2.Volumes.VolumeTypestringThe volume type. This can be gp2 for General Purpose SSD, io1 for Provisioned IOPS SSD, st1 for Throughput Optimized HDD, sc1 for Cold HDD, or standard for Magnetic volumes.
AWS.EC2.Volumes.Tags.KeystringThe key of the tag.
AWS.EC2.Volumes.Tags.ValuestringThe value of the tag.
AWS.EC2.Volumes.Attachments.AttachTimedateThe time stamp when the attachment initiated.
AWS.EC2.Volumes.Attachments.DevicestringThe device name.
AWS.EC2.Volumes.Attachments.InstanceIdstringThe ID of the instance.
AWS.EC2.Volumes.Attachments.StatestringThe attachment state of the volume.
AWS.EC2.Volumes.Attachments.VolumeIdstringThe ID of the volume.
AWS.EC2.Volumes.Attachments.DeleteOnTerminationbooleanIndicates whether the EBS volume is deleted on instance termination.
AWS.EC2.Volumes.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command Example#

!aws-ec2-describe-volumes

Context Example#

{
"AWS": {
"EC2": {
"Volumes": [
{
"Attachments": [
{
"AttachTime": "2019-04-29T13:05:57",
"DeleteOnTermination": true,
"Device": "/dev/dev_name",
"InstanceId": "i-1",
"State": "attached",
"VolumeId": "vol-1"
}
],
"AvailabilityZone": "us-west-2b",
"CreateTime": "2019-04-29T13:05:57",
"Encrypted": false,
"Iops": 100,
"Region": "us-west-2",
"Size": 8,
"SnapshotId": "snap-1",
"State": "in-use",
"VolumeId": "vol-1",
"VolumeType": "gp2"
},
{
"Attachments": [
{
"AttachTime": "2020-08-19T11:22:07",
"DeleteOnTermination": true,
"Device": "/dev/dev_name",
"InstanceId": "i-1",
"State": "attached",
"VolumeId": "vol-1"
}
],
"AvailabilityZone": "us-west-2b",
"CreateTime": "2020-08-19T11:22:07",
"Encrypted": false,
"Iops": 100,
"Size": 8,
"SnapshotId": "snap-1",
"State": "in-use",
"VolumeId": "vol-1",
"VolumeType": "gp2"
}
]
}
}
}

Human Readable Output#

AWS EC2 Volumes#

AvailabilityZoneCreateTimeEncryptedStateVolumeIdVolumeType
us-west-2b2019-04-29T13:05:57Zfalsein-usevol-1gp2
us-west-2b2020-08-19T11:22:07Zfalsein-usevol-2gp2

aws-ec2-describe-vpcs#


Describes one or more of your VPCs.

Base Command#

aws-ec2-describe-vpcs

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
vpcIdsA comma-separated list of VPC IDs.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Vpcs.CidrBlockstringThe primary IPv4 CIDR block for the VPC.
AWS.EC2.Vpcs.DhcpOptionsIdstringThe ID of the set of DHCP options you have associated with the VPC.
AWS.EC2.Vpcs.StatestringThe current state of the VPC.
AWS.EC2.Vpcs.VpcIdstringThe ID of the VPC.
AWS.EC2.Vpcs.InstanceTenancystringThe allowed tenancy of instances launched into the VPC.
AWS.EC2.Vpcs.IsDefaultstringIndicates whether the VPC is the default VPC.
AWS.EC2.Vpcs.Tags.KeystringThe key of the tag.
AWS.EC2.Vpcs.Tags.ValuestringThe value of the tag.
AWS.EC2.Vpcs.Tags.Ipv6CidrBlockAssociationSet.AssociationIdstringThe association ID for the IPv6 CIDR block.
AWS.EC2.Vpcs.Tags.Ipv6CidrBlockAssociationSet.Ipv6CidrBlockstringThe IPv6 CIDR block.
AWS.EC2.Vpcs.Tags.Ipv6CidrBlockAssociationSet.Ipv6CidrBlockState.StatestringThe state of the CIDR block.
AWS.EC2.Vpcs.Tags.Ipv6CidrBlockAssociationSet.Ipv6CidrBlockState.StatusMessagestringA message about the status of the CIDR block, if applicable.
AWS.EC2.Vpcs.Tags.CidrBlockAssociationSet.AssociationIdstringThe association ID for the IPv4 CIDR block.
AWS.EC2.Vpcs.Tags.CidrBlockAssociationSet.CidrBlockstringThe IPv4 CIDR block.
AWS.EC2.Vpcs.Tags.CidrBlockAssociationSet.CidrBlockState.StatestringThe state of the CIDR block.
AWS.EC2.Vpcs.Tags.CidrBlockAssociationSet.CidrBlockState.StatusMessagestringA message about the status of the CIDR block, if applicable.
AWS.EC2.Vpcs.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command Example#

!aws-ec2-describe-vpcs

Context Example#

{
"AWS": {
"EC2": {
"Vpcs": {
"CidrBlock": "1.1.1.1/16",
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc",
"CidrBlock": "1.1.1.1/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"DhcpOptionsId": "dopt-1",
"InstanceTenancy": "default",
"IsDefault": true,
"OwnerId": "id",
"Region": "us-west-2",
"State": "available",
"VpcId": "vpc-1"
}
}
}
}

Human Readable Output#

AWS EC2 Vpcs#

CidrBlockDhcpOptionsIdInstanceTenancyIsDefaultRegionStateVpcId
1.1.1.1/16dopt-1defaulttrueus-west-2availablevpc-1

aws-ec2-describe-subnets#


Describes one or more of your subnets.

Base Command#

aws-ec2-describe-subnets

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
subnetIdsA comma-separated list of subnet IDs.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Subnets.AvailabilityZonestringThe Availability Zone of the subnet.
AWS.EC2.Subnets.AvailableIpAddressCountnumberThe number of unused private IPv4 addresses in the subnet. Note that the IPv4 addresses for any stopped instances are considered unavailable.
AWS.EC2.Subnets.CidrBlockstringThe IPv4 CIDR block assigned to the subnet.
AWS.EC2.Subnets.DefaultForAzbooleanIndicates whether this is the default subnet for the Availability Zone.
AWS.EC2.Subnets.MapPublicIpOnLaunchbooleanIndicates whether instances launched in this subnet receive a public IPv4 address.
AWS.EC2.Subnets.StatestringThe current state of the subnet.
AWS.EC2.Subnets.SubnetIdstringThe ID of the subnet.
AWS.EC2.Subnets.VpcIdstringThe ID of the VPC the subnet is in.
AWS.EC2.Subnets.AssignIpv6AddressOnCreationbooleanIndicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives an IPv6 address.
AWS.EC2.Subnets.Ipv6CidrBlockAssociationSet.AssociationIdstringThe association ID for the CIDR block.
AWS.EC2.Subnets.Ipv6CidrBlockAssociationSet.Ipv6CidrBlockstringThe IPv6 CIDR block.
AWS.EC2.Subnets.Ipv6CidrBlockAssociationSet.Ipv6CidrBlockState.StatestringThe state of a CIDR block.
AWS.EC2.Subnets.Ipv6CidrBlockAssociationSet.Ipv6CidrBlockState.StatusMessagestringA message about the status of the CIDR block, if applicable.
AWS.EC2.Subnets.Tags.KeystringThe key of the tag.
AWS.EC2.Subnets.Tags.ValuestringThe value of the tag.
AWS.EC2.Subnets.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command Example#

!aws-ec2-describe-subnets

Context Example#

{
"AWS": {
"EC2": {
"Subnets": [
{
"AssignIpv6AddressOnCreation": false,
"AvailabilityZone": "us-west-2d",
"AvailabilityZoneId": "zone_id",
"AvailableIpAddressCount": 4091,
"CidrBlock": "1.1.1.1/20",
"DefaultForAz": true,
"Ipv6CidrBlockAssociationSet": [],
"MapPublicIpOnLaunch": true,
"OwnerId": "id",
"Region": "us-west-2",
"State": "available",
"SubnetArn": "arn",
"SubnetId": "subnet-1",
"VpcId": "vpc-1"
}
]
}
}
}

Human Readable Output#

AWS EC2 Subnets#

AvailabilityZoneAvailableIpAddressCountCidrBlockDefaultForAzRegionStateSubnetIdVpcId
us-west-2d40911.1.1.1/20trueus-west-2availablesubnet-1vpc-1
us-west-2c40902.2.2.2/20trueus-west-2availablesubnet-2vpc-2

aws-ec2-describe-security-groups#


Describes one or more of your security groups.

Base Command#

aws-ec2-describe-security-groups

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
groupIdsA comma-separated list of security group IDs. Required for security groups in a nondefault VPC.Optional
groupNamesA comma-separated list of security group names.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.SecurityGroups.DescriptionstringA description of the security group.
AWS.EC2.SecurityGroups.GroupNamestringThe name of the security group.
AWS.EC2.SecurityGroups.IpPermissions.FromPortnumberThe start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types.
AWS.EC2.SecurityGroups.IpPermissions.IpProtocolstringThe IP protocol name (tcp , udp , icmp ) or number.
AWS.EC2.SecurityGroups.IpPermissions.IpRanges.CidrIpstringThe IPv4 CIDR range.
AWS.EC2.SecurityGroups.IpPermissions.IpRanges.DescriptionstringA description for the security group rule that references this IPv4 address range.
AWS.EC2.SecurityGroups.IpPermissions.Ipv6Ranges.CidrIpv6stringThe IPv6 CIDR range.
AWS.EC2.SecurityGroups.IpPermissions.Ipv6Ranges.DescriptionstringA description for the security group rule that references this IPv6 address range.
AWS.EC2.SecurityGroups.IpPermissions.PrefixListIds.DescriptionstringA description for the security group rule that references this prefix list ID.
AWS.EC2.SecurityGroups.IpPermissions.PrefixListIds.PrefixListIdstringThe ID of the prefix.
AWS.EC2.SecurityGroups.IpPermissions.ToPortnumberThe end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.
AWS.EC2.SecurityGroups.IpPermissions.UserIdGroupPairs.DescriptionstringA description for the security group rule that references this user ID group pair.
AWS.EC2.SecurityGroups.IpPermissions.UserIdGroupPairs.GroupIdstringThe ID of the security group.
AWS.EC2.SecurityGroups.IpPermissions.UserIdGroupPairs.GroupNamestringThe name of the security group.
AWS.EC2.SecurityGroups.IpPermissions.UserIdGroupPairs.PeeringStatusstringThe status of a VPC peering connection, if applicable.
AWS.EC2.SecurityGroups.IpPermissions.UserIdGroupPairs.UserIdstringThe ID of an AWS account.
AWS.EC2.SecurityGroups.IpPermissions.UserIdGroupPairs.VpcIdstringThe ID of the VPC for the referenced security group, if applicable.
AWS.EC2.SecurityGroups.IpPermissions.UserIdGroupPairs.VpcPeeringConnectionIdstringThe ID of the VPC peering connection, if applicable.
AWS.EC2.SecurityGroups.OwnerIdstringThe AWS account ID of the owner of the security group.
AWS.EC2.SecurityGroups.GroupIdstringThe ID of the security group.
AWS.EC2.SecurityGroups.IpPermissionsEgress.FromPortnumberThe start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.
AWS.EC2.SecurityGroups.IpPermissionsEgress.IpProtocolstringThe IP protocol name (tcp , udp , icmp) or number.
AWS.EC2.SecurityGroups.IpPermissionsEgress.IpRanges.CidrIpstringThe IPv4 CIDR range.
AWS.EC2.SecurityGroups.IpPermissionsEgress.IpRanges.DescriptionstringA description for the security group rule that references this IPv4 address range.
AWS.EC2.SecurityGroups.IpPermissionsEgress.Ipv6Ranges.CidrIpv6stringThe IPv6 CIDR range.
AWS.EC2.SecurityGroups.IpPermissionsEgress.Ipv6Ranges.DescriptionstringA description for the security group rule that references this IPv6 address range.
AWS.EC2.SecurityGroups.IpPermissionsEgress.PrefixListIds.DescriptionstringA description for the security group rule that references this prefix list ID.
AWS.EC2.SecurityGroups.IpPermissionsEgress.PrefixListIds.PrefixListIdstringThe ID of the prefix.
AWS.EC2.SecurityGroups.IpPermissionsEgress.ToPortstringThe end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.
AWS.EC2.SecurityGroups.IpPermissionsEgress.UserIdGroupPairs.DescriptionstringA description for the security group rule that references this user ID group pair.
AWS.EC2.SecurityGroups.IpPermissionsEgress.UserIdGroupPairs.GroupIdstringThe ID of the security group.
AWS.EC2.SecurityGroups.IpPermissionsEgress.UserIdGroupPairs.GroupNamestringThe name of the security group.
AWS.EC2.SecurityGroups.IpPermissionsEgress.UserIdGroupPairs.PeeringStatusstringThe status of a VPC peering connection, if applicable.
AWS.EC2.SecurityGroups.IpPermissionsEgress.UserIdGroupPairs.UserIdstringThe ID of an AWS account.
AWS.EC2.SecurityGroups.IpPermissionsEgress.UserIdGroupPairs.VpcIdstringThe ID of the VPC for the referenced security group, if applicable.
AWS.EC2.SecurityGroups.IpPermissionsEgress.UserIdGroupPairs.VpcPeeringConnectionIdstringThe ID of the VPC peering connection, if applicable.
AWS.EC2.SecurityGroups.VpcIdstringThe ID of the VPC for the security group.
AWS.EC2.SecurityGroups.Tags.KeystringThe key of the tag.
AWS.EC2.SecurityGroups.Tags.ValuestringThe value of the tag.
AWS.EC2.SecurityGroups.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command Example#

!aws-ec2-describe-security-groups

Context Example#

{
"AWS": {
"EC2": {
"SecurityGroups": [
{
"Description": "AWS Ground Station receiver instance security group.",
"GroupId": "sg-1",
"GroupName": "gs-name",
"IpPermissions": [
{
"FromPort": 80,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [
{
"CidrIpv6": "::/0"
}
],
"PrefixListIds": [],
"ToPort": 80,
"UserIdGroupPairs": []
},
{
"FromPort": 22,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 22,
"UserIdGroupPairs": []
},
{
"FromPort": 55888,
"IpProtocol": "udp",
"IpRanges": [],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 55888,
"UserIdGroupPairs": [
{
"Description": "AWS Ground Station Downlink Stream",
"GroupId": "sg-1",
"UserId": "id"
}
]
}
],
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"OwnerId": "id",
"Region": "us-west-2",
"Tags": [
{
"Key": "aws:key",
"Value": "InstanceSecurityGroup"
}
],
"VpcId": "vpc-1"
}
]
}
}
}

Human Readable Output#

AWS EC2 SecurityGroups#

DescriptionGroupIdGroupNameOwnerIdRegionVpcIdaws:cloudformation:logical-idaws:cloudformation:stack-idaws:cloudformation:stack-name
AWS Ground Station receiver instance security group.sg-1gs-nameidus-west-2vpc-1InstanceSecurityGrouparngs-aqua-receiver
Demisto-PlaybookTestsg-2Demisto-PlaybookTestidus-west-2vpc-2

aws-ec2-allocate-address#


Allocates an Elastic IP address.

Base Command#

aws-ec2-allocate-address

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.ElasticIPs.PublicIpUnknownThe Elastic IP address.
AWS.EC2.ElasticIPs.AllocationIdstringThe ID that AWS assigns to represent the allocation of the Elastic IP address for use with instances in a VPC.
AWS.EC2.ElasticIPs.DomainstringIndicates whether this Elastic IP address is for use with instances in EC2-Classic (standard ) or instances in a VPC (vpc).
AWS.EC2.ElasticIPs.RegionUnknownThe AWS region where the elastic IP is located.
AWS.EC2.ElasticIPs.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-associate-address#


Associates an Elastic IP address with an instance or a network interface.

Base Command#

aws-ec2-associate-address

Input#

Argument NameDescriptionRequired
allocationIdThe allocation ID.Required
instanceIdThe ID of the instance. For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both. The operation fails if you specify an instance ID unless exactly one network interface is attached.Optional
allowReassociationFor a VPC in an EC2-Classic account, specify true to allow an Elastic IP address that is already associated with an instance or network interface to be reassociated with the specified instance or network interface. Otherwise, the operation fails. In a VPC in an EC2-VPC-only account, reassociation is automatic, therefore you can specify false to ensure the operation fails if the Elastic IP address is already associated with another resource. Possible values are: True, False. Default is False.Optional
networkInterfaceIdThe ID of the network interface. If the instance has more than one network interface, you must specify a network interface ID.Optional
privateIpAddressThe primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.ElasticIPs.AssociationIdstringThe ID that represents the association of the Elastic IP address with an instance.
AWS.EC2.ElasticIPs.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-create-snapshot#


Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance.

Base Command#

aws-ec2-create-snapshot

Input#

Argument NameDescriptionRequired
volumeIdThe ID of the EBS volume.Required
descriptionA description for the snapshot.Optional
tagsThe tags to apply to the snapshot during creation.Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Snapshots.DataEncryptionKeyIdstringThe data encryption key identifier for the snapshot.
AWS.EC2.Snapshots.DescriptionstringThe description for the snapshot.
AWS.EC2.Snapshots.EncryptednumberIndicates whether the snapshot is encrypted.
AWS.EC2.Snapshots.KmsKeyIdstringThe full ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to protect the volume encryption key for the parent volume.
AWS.EC2.Snapshots.OwnerIdstringThe AWS account ID of the EBS snapshot owner.
AWS.EC2.Snapshots.ProgressstringThe progress of the snapshot, as a percentage.
AWS.EC2.Snapshots.SnapshotIdstringThe ID of the snapshot.
AWS.EC2.Snapshots.StartTimedateThe time stamp when the snapshot was initiated.
AWS.EC2.Snapshots.StatestringThe snapshot state.
AWS.EC2.Snapshots.StateMessagestringthis field displays error state details to help you diagnose why the error occurred.
AWS.EC2.Snapshots.VolumeIdstringThe ID of the volume that was used to create the snapshot.
AWS.EC2.Snapshots.VolumeSizenumberThe size of the volume, in GiB.
AWS.EC2.Snapshots.OwnerAliasstringValue from an Amazon-maintained list of snapshot owners.
AWS.EC2.Snapshots.Tags.KeystringThe key of the tag.
AWS.EC2.Snapshots.Tags.ValuestringThe value of the tag.
AWS.EC2.Snapshots.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-delete-snapshot#


Deletes the specified snapshot.

Base Command#

aws-ec2-delete-snapshot

Input#

Argument NameDescriptionRequired
snapshotIdThe ID of the EBS snapshot.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-create-image#


Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.

Base Command#

aws-ec2-create-image

Input#

Argument NameDescriptionRequired
nameA name for the new image.Required
instanceIdThe ID of the instance.Required
descriptionA description for the new image.Optional
noRebootBy default, Amazon EC2 attempts to shut down and reboot the instance before creating the image. If the noReboot option is set, Amazon EC2 won't shut down the instance before creating the image. When this option is used, file system integrity on the created image cant be guaranteed. Possible values are: True, False.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Images.ImageIdstringThe ID of the new AMI.
AWS.EC2.Images.NamestringThe name of the new AMI.
AWS.EC2.Images.InstanceIdstringThe ID of the instance.
AWS.EC2.Images.RegionstringThe AWS region where the image is located.
AWS.EC2.Images.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-deregister-image#


Deregisters the specified AMI.

Base Command#

aws-ec2-deregister-image

Input#

Argument NameDescriptionRequired
imageIdThe ID of the AMI.Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-modify-volume#


You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity.

Base Command#

aws-ec2-modify-volume

Input#

Argument NameDescriptionRequired
volumeIdThe ID of the volume.Required
sizeTarget size in GiB of the volume to be modified.Optional
volumeTypeTarget EBS volume type of the volume to be modified The API does not support modifications for volume type standard . You also cannot change the type of a volume to standard .Optional
iopsTarget IOPS rate of the volume to be modified.Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Volumes.Modification.VolumeIdstringID of the volume being modified.
AWS.EC2.Volumes.Modification.ModificationStatestringCurrent state of modification. Modification state is null for unmodified. volumes.
AWS.EC2.Volumes.Modification.StatusMessagestringGeneric status message on modification progress or failure.
AWS.EC2.Volumes.Modification.TargetSizenumberTarget size of the volume being modified.
AWS.EC2.Volumes.Modification.TargetIopsnumberTarget IOPS rate of the volume being modified.
AWS.EC2.Volumes.Modification.TargetVolumeTypestringTarget EBS volume type of the volume being modified.
AWS.EC2.Volumes.Modification.OriginalSizenumberOriginal size of the volume being modified.
AWS.EC2.Volumes.Modification.OriginalIopsnumberOriginal IOPS rate of the volume being modified.
AWS.EC2.Volumes.Modification.OriginalVolumeTypestringOriginal EBS volume type of the volume being modified.
AWS.EC2.Volumes.Modification.ProgressstringModification progress from 0 to 100%.
AWS.EC2.Volumes.Modification.StartTimedateModification start time.
AWS.EC2.Volumes.Modification.EndTimedateModification completion or failure time.
AWS.EC2.Volumes.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-create-tags#


Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.

Base Command#

aws-ec2-create-tags

Input#

Argument NameDescriptionRequired
resourcesThe IDs of one or more resources to tag. For example, ami-1a2b3c4d.Required
tagsOne or more tags.Required
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-disassociate-address#


Disassociates an Elastic IP address from the instance or network interface its associated with.

Base Command#

aws-ec2-disassociate-address

Input#

Argument NameDescriptionRequired
associationIdThe association ID.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-release-address#


Releases the specified Elastic IP address.

Base Command#

aws-ec2-release-address

Input#

Argument NameDescriptionRequired
allocationIdThe allocation ID.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-start-instances#


Starts an Amazon EBS-backed instance that you have previously stopped.

Base Command#

aws-ec2-start-instances

Input#

Argument NameDescriptionRequired
instanceIdsOne or more instance IDs. Sepereted by comma.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-stop-instances#


Stops an Amazon EBS-backed instance.

Base Command#

aws-ec2-stop-instances

Input#

Argument NameDescriptionRequired
instanceIdsOne or more instance IDs.Required
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-terminate-instances#


Shuts down one or more instances. This operation is idempotent; if you terminate an instance more than once, each call succeeds.

Base Command#

aws-ec2-terminate-instances

Input#

Argument NameDescriptionRequired
instanceIdsOne or more instance IDs.Required
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-create-volume#


Creates an EBS volume that can be attached to an instance in the same Availability Zone.

Base Command#

aws-ec2-create-volume

Input#

Argument NameDescriptionRequired
availabilityZoneThe Availability Zone in which to create the volume. Use DescribeAvailabilityZones to list the Availability Zones that are currently available to you.Required
encryptedSpecifies whether the volume should be encrypted. Possible values are: True, False.Optional
iopsThe number of I/O operations per second (IOPS) to provision for the volume, with a maximum ratio of 50 IOPS/GiB. Range is 100 to 32000 IOPS for volumes in most regions.Optional
kmsKeyIdAn identifier for the AWS Key Management Service (AWS KMS) customer master key (CMK) to use when creating the encrypted volume. This parameter is only required if you want to use a non-default CMK; if this parameter is not specified, the default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.Optional
sizeThe size of the volume, in GiBs.Optional
snapshotIdThe snapshot from which to create the volume.Optional
volumeTypeThe volume type. Possible values are: standard, io1, gp2, sc1, st1.Optional
tagsOne or more tags. Example key=Name,value=test;key=Owner,value=Bob.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Volumes.AvailabilityZonestringThe Availability Zone for the volume.
AWS.EC2.Volumes.CreateTimedateThe time stamp when volume creation was initiated.
AWS.EC2.Volumes.EncryptedbooleanIndicates whether the volume will be encrypted.
AWS.EC2.Volumes.KmsKeyIdstringThe full ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to protect the volume encryption key for the volume.
AWS.EC2.Volumes.SizenumberThe size of the volume, in GiBs.
AWS.EC2.Volumes.SnapshotIdstringThe snapshot from which the volume was created, if applicable.
AWS.EC2.Volumes.StatestringThe volume state.
AWS.EC2.Volumes.VolumeIdstringThe ID of the volume.
AWS.EC2.Volumes.IopsnumberThe number of I/O operations per second (IOPS) that the volume supports.
AWS.EC2.Volumes.VolumeTypestringThe volume type. This can be gp2 for General Purpose SSD, io1 for Provisioned IOPS SSD, st1 for Throughput Optimized HDD, sc1 for Cold HDD, or standard for Magnetic volumes.
AWS.EC2.Volumes.Tags.KeystringThe key of the tag.
AWS.EC2.Volumes.Tags.ValuestringThe value of the tag.
AWS.EC2.Volumes.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-attach-volume#


Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.

Base Command#

aws-ec2-attach-volume

Input#

Argument NameDescriptionRequired
deviceThe device name (for example, /dev/sdh or xvdh).Required
instanceIdThe ID of the instance.Required
volumeIdThe ID of the EBS volume. The volume and instance must be within the same Availability Zone.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Volumes.Attachments.AttachTimedateThe time stamp when the attachment initiated.
AWS.EC2.Volumes.Attachments.DevicestringThe device name.
AWS.EC2.Volumes.Attachments.InstanceIdstringThe ID of the instance.
AWS.EC2.Volumes.Attachments.StatestringThe attachment state of the volume.
AWS.EC2.Volumes.Attachments.VolumeIdstringThe ID of the volume.
AWS.EC2.Volumes.Attachments.DeleteOnTerminationbooleanIndicates whether the EBS volume is deleted on instance termination.
AWS.EC2.Volumes.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-detach-volume#


Detaches an EBS volume from an instance.

Base Command#

aws-ec2-detach-volume

Input#

Argument NameDescriptionRequired
volumeIdThe ID of the volume.Required
forceForces detachment if the previous detachment attempt did not occur cleanly. This option can lead to data loss or a corrupted file system. Use this option only as a last resort to detach a volume from a failed instance.Optional
deviceThe device name (for example, /dev/sdh or xvdh).Optional
instanceIdThe ID of the instance.Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Volumes.Attachments.AttachTimedateThe time stamp when the attachment initiated.
AWS.EC2.Volumes.Attachments.DevicestringThe device name.
AWS.EC2.Volumes.Attachments.InstanceIdstringThe ID of the instance.
AWS.EC2.Volumes.Attachments.StatestringThe attachment state of the volume.
AWS.EC2.Volumes.Attachments.VolumeIdstringThe ID of the volume.
AWS.EC2.Volumes.Attachments.DeleteOnTerminationbooleanIndicates whether the EBS volume is deleted on instance termination.
AWS.EC2.Volumes.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-delete-volume#


Deletes the specified EBS volume. The volume must be in the available state (not attached to an instance).

Base Command#

aws-ec2-delete-volume

Input#

Argument NameDescriptionRequired
volumeIdThe ID of the volume.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-run-instances#


Launches the specified number of instances using an AMI for which you have permissions. You can create a launch template , which is a resource that contains the parameters to launch an instance. When you launch an instance using RunInstances , you can specify the launch template instead of specifying the launch parameters. An instance is ready for you to use when its in the running state. You can check the state of your instance using DescribeInstances.

Base Command#

aws-ec2-run-instances

Input#

Argument NameDescriptionRequired
countThe number of instances to launch. Must be greater than 0. Default is 1.Required
imageIdThe ID of the AMI, which you can get by calling DescribeImages . An AMI is required to launch an instance and must be specified here or in a launch template.Optional
instanceTypeThe instance type. For example: t2.large.Optional
securityGroupIdsA comma-separated list of security group IDs.Optional
securityGroupsOne or more security group names. For a nondefault VPC, you must use security group IDs instead.Optional
subnetIdThe ID of the subnet to launch the instance into.Optional
userDataThe user data to make available to the instance.This value will be base64 encoded automatically. Do not base64 encode this value prior to performing the operation.Optional
disableApiTerminationIf you set this parameter to true , you cant terminate the instance using the Amazon EC2 console, CLI, or API. Possible values are: True, False.Optional
iamInstanceProfileArnThe Amazon Resource Name (ARN) of the instance profile. Both iamInstanceProfileArn and iamInstanceProfile are required if you would like to associate an instance profile.Optional
iamInstanceProfileNameThe name of the instance profile. Both iamInstanceProfileArn and iamInstanceProfile are required if you would like to associate an instance profile.Optional
keyNameThe name of the key pair. Warning - If you do not specify a key pair, you cant connect to the instance unless you choose an AMI that is configured to allow users another way to log in.Optional
ebsOptimizedIndicates whether the instance is optimized for Amazon EBS I/O. Possible values are: True, False.Optional
deviceNameThe device name (for example, /dev/sdh or xvdh).Optional
ebsVolumeSizeThe size of the volume, in GiB.Optional
ebsVolumeTypeThe volume type. Possible values are: gp2, io1, st1, sc1, standard.Optional
ebsIopsThe number of I/O operations per second (IOPS) that the volume supports.Optional
ebsDeleteOnTerminationIndicates whether the EBS volume is deleted on instance termination. Possible values are: True, False.Optional
ebsKmsKeyIdIdentifier (key ID, key alias, ID ARN, or alias ARN) for a user-managed CMK under which the EBS volume is encrypted.Optional
ebsSnapshotIdThe ID of the snapshot.Optional
ebsEncryptedIndicates whether the EBS volume is encrypted.Optional
launchTemplateIdThe ID of the launch template. The launch template to use to launch the instances. Any parameters that you specify in RunInstances override the same parameters in the launch template. You can specify either the name or ID of a launch template, but not both.Optional
launchTemplateNameThe name of the launch template. The launch template to use to launch the instances. Any parameters that you specify in RunInstances override the same parameters in the launch template. You can specify either the name or ID of a launch template, but not both.Optional
launchTemplateVersionThe version number of the launch template.Optional
tagsThe tags to apply to the instance.Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
host_idThe dedicated Host ID.Optional

Context Output#

PathTypeDescription
AWS.EC2.Instances.AmiLaunchIndexnumberThe AMI launch index, which can be used to find this instance in the launch group.
AWS.EC2.Instances.ImageIdstringThe ID of the AMI used to launch the instance.
AWS.EC2.Instances.InstanceIdstringThe ID of the instance.
AWS.EC2.Instances.InstanceTypestringThe instance type.
AWS.EC2.Instances.KernelIdstringThe kernel associated with this instance, if applicable.
AWS.EC2.Instances.KeyNamestringThe name of the key pair, if this instance was launched with an associated key pair.
AWS.EC2.Instances.LaunchTimedateThe time the instance was launched.
AWS.EC2.Instances.Monitoring.StatestringIndicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.
AWS.EC2.Instances.Placement.AvailabilityZonestringThe Availability Zone of the instance.
AWS.EC2.Instances.Placement.AffinitystringThe affinity setting for the instance on the Dedicated Host.
AWS.EC2.Instances.Placement.GroupNamestringThe name of the placement group the instance is in (for cluster compute instances).
AWS.EC2.Instances.Placement.HostIdstringhe ID of the Dedicated Host on which the instance resides.
AWS.EC2.Instances.Placement.TenancystringThe tenancy of the instance (if the instance is running in a VPC).
AWS.EC2.Instances.PlatformstringThe value is Windows for Windows instances; otherwise blank.
AWS.EC2.Instances.PrivateDnsNamestring(IPv4 only) The private DNS hostname name assigned to the instance. This DNS hostname can only be used inside the Amazon EC2 network. This name is not available until the instance enters the running state.
AWS.EC2.Instances.PrivateIpAddressstringThe private IPv4 address assigned to the instance.
AWS.EC2.Instances.ProductCodes.ProductCodeIdstringThe product code.
AWS.EC2.Instances.ProductCodes.ProductCodeTypestringThe type of product code.
AWS.EC2.Instances.PublicDnsNamestring(IPv4 only) The public DNS name assigned to the instance. This name is not available until the instance enters the running state.
AWS.EC2.Instances.PublicIpAddressstringThe public IPv4 address assigned to the instance, if applicable.
AWS.EC2.Instances.RamdiskIdstringThe RAM disk associated with this instance, if applicable.
AWS.EC2.Instances.State.CodestringThe low byte represents the state.
AWS.EC2.Instances.State.NamestringThe current state of the instance.
AWS.EC2.Instances.StateTransitionReasonstringThe reason for the most recent state transition. This might be an empty string.
AWS.EC2.Instances.SubnetIdstringThe ID of the subnet in which the instance is running.
AWS.EC2.Instances.VpcIdstringThe ID of the VPC in which the instance is running.
AWS.EC2.Instances.ArchitecturestringThe architecture of the image.
AWS.EC2.Instances.BlockDeviceMappings.DeviceNamestringThe device name (for example, /dev/sdh or xvdh).
AWS.EC2.Instances.BlockDeviceMappings.Ebs.AttachTimestringThe time stamp when the attachment initiated.
AWS.EC2.Instances.BlockDeviceMappings.Ebs.DeleteOnTerminationstringIndicates whether the volume is deleted on instance termination.
AWS.EC2.Instances.BlockDeviceMappings.Ebs.StatusstringThe attachment state.
AWS.EC2.Instances.BlockDeviceMappings.Ebs.VolumeIdstringThe ID of the EBS volume.
AWS.EC2.Instances.ClientTokenstringThe idempotency token you provided when you launched the instance, if applicable.
AWS.EC2.Instances.EbsOptimizedbooleanIndicates whether the instance is optimized for Amazon EBS I/O.
AWS.EC2.Instances.EnaSupportbooleanSpecifies whether enhanced networking with ENA is enabled.
AWS.EC2.Instances.HypervisorstringThe hypervisor type of the instance.
AWS.EC2.Instances.IamInstanceProfile.ArnstringThe Amazon Resource Name (ARN) of the instance profile.
AWS.EC2.Instances.IamInstanceProfile.IdstringThe ID of the instance profile.
AWS.EC2.Instances.InstanceLifecyclestringIndicates whether this is a Spot Instance or a Scheduled Instance.
AWS.EC2.Instances.ElasticGpuAssociations.ElasticGpuIdstringThe ID of the Elastic GPU.
AWS.EC2.Instances.ElasticGpuAssociations.ElasticGpuAssociationIdstringThe ID of the association.
AWS.EC2.Instances.ElasticGpuAssociations.ElasticGpuAssociationStatestringThe state of the association between the instance and the Elastic GPU.
AWS.EC2.Instances.ElasticGpuAssociations.ElasticGpuAssociationTimestringThe time the Elastic GPU was associated with the instance.
AWS.EC2.Instances.NetworkInterfaces.Association.IpOwnerIdstringThe ID of the owner of the Elastic IP address.
AWS.EC2.Instances.NetworkInterfaces.Association.PublicDnsNamestringThe public DNS name.
AWS.EC2.Instances.NetworkInterfaces.Association.PublicIpstringThe public IP address or Elastic IP address bound to the network interface.
AWS.EC2.Instances.NetworkInterfaces.Attachment.AttachTimedateThe time stamp when the attachment initiated.
AWS.EC2.Instances.NetworkInterfaces.Attachment.AttachmentIdstringThe ID of the network interface attachment.
AWS.EC2.Instances.NetworkInterfaces.Attachment.DeleteOnTerminationbooleanIndicates whether the network interface is deleted when the instance is terminated.
AWS.EC2.Instances.NetworkInterfaces.Attachment.DeviceIndexnumberThe index of the device on the instance for the network interface attachment.
AWS.EC2.Instances.NetworkInterfaces.Attachment.StatusstringThe attachment state.
AWS.EC2.Instances.NetworkInterfaces.DescriptionstringThe description.
AWS.EC2.Instances.NetworkInterfaces.Groups.GroupNamestringThe name of the security group.
AWS.EC2.Instances.NetworkInterfaces.Groups.GroupIdstringThe ID of the security group.
AWS.EC2.Instances.NetworkInterfaces.Ipv6Addresses.Ipv6AddressstringThe IPv6 addresses associated with the network interface.
AWS.EC2.Instances.NetworkInterfaces.MacAddressstringThe MAC address.
AWS.EC2.Instances.NetworkInterfaces.NetworkInterfaceIdstringThe ID of the network interface.
AWS.EC2.Instances.NetworkInterfaces.OwnerIdstringThe ID of the AWS account that created the network interface.
AWS.EC2.Instances.NetworkInterfaces.PrivateDnsNamestringThe private DNS name.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddressstringThe IPv4 address of the network interface within the subnet.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddresses.Association.IpOwnerIdstringThe ID of the owner of the Elastic IP address.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddresses.Association.PublicDnsNamestringThe public DNS name.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddresses.Association.PublicIpstringThe public IP address or Elastic IP address bound to the network interface.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddresses.PrimarybooleanIndicates whether this IPv4 address is the primary private IP address of the network interface.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddresses.PrivateDnsNamestringThe private IPv4 DNS name.
AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddresses.PrivateIpAddressstringThe private IPv4 address of the network interface.
AWS.EC2.Instances.NetworkInterfaces.SourceDestCheckbooleanIndicates whether to validate network traffic to or from this network interface.
AWS.EC2.Instances.NetworkInterfaces.StatusstringThe status of the network interface.
AWS.EC2.Instances.NetworkInterfaces.SubnetIdstringThe ID of the subnet.
AWS.EC2.Instances.NetworkInterfaces.VpcIdstringThe ID of the VPC.
AWS.EC2.Instances.RootDeviceNamestringThe device name of the root device volume (for example, /dev/sda1).
AWS.EC2.Instances.RootDeviceTypestringThe root device type used by the AMI. The AMI can use an EBS volume or an instance store volume.
AWS.EC2.Instances.SecurityGroups.GroupNamestringThe name of the security group.
AWS.EC2.Instances.SecurityGroups.GroupIdstringThe ID of the security group.
AWS.EC2.Instances.SourceDestCheckbooleanSpecifies whether to enable an instance launched in a VPC to perform NAT.
AWS.EC2.Instances.SpotInstanceRequestIdstringIf the request is a Spot Instance request, the ID of the request.
AWS.EC2.Instances.SriovNetSupportstringSpecifies whether enhanced networking with the Intel 82599 Virtual Function interface is enabled.
AWS.EC2.Instances.StateReason.CodestringThe reason code for the state change.
AWS.EC2.Instances.StateReason.MessagestringThe message for the state change.
AWS.EC2.Instances.Tags.KeystringThe key of the tag.
AWS.EC2.Instances.Tags.ValuestringThe value of the tag.
AWS.EC2.Instances.VirtualizationTypestringThe virtualization type of the instance.
AWS.EC2.Instances.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-waiter-instance-running#


A waiter function that runs every 15 seconds until a successful state is reached.

Base Command#

aws-ec2-waiter-instance-running

Input#

Argument NameDescriptionRequired
filterOne or more filters. See the AWS documentation for details & filter options.Optional
instanceIdsOne or more instance IDs. Sepreted by comma.Optional
waiterDelayThe amount of time in seconds to wait between attempts. Default 15.Optional
waiterMaxAttemptsThe maximum number of attempts to be made. Default 40.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-waiter-instance-status-ok#


A waiter function that runs every 15 seconds until a successful state is reached.

Base Command#

aws-ec2-waiter-instance-status-ok

Input#

Argument NameDescriptionRequired
filterOne or more filters. See documentation for details & filter options.Optional
instanceIdsOne or more instance IDs. Seprated by comma.Optional
waiterDelayThe amount of time in seconds to wait between attempts. Default 15.Optional
waiterMaxAttemptsThe maximum number of attempts to be made. Default 40.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-waiter-instance-stopped#


A waiter function that runs every 15 seconds until a successful state is reached.

Base Command#

aws-ec2-waiter-instance-stopped

Input#

Argument NameDescriptionRequired
filterOne or more filters. See the AWS documentation for details & filter options.Optional
instanceIdsA comma-separated list of instance IDs.Optional
waiterDelayThe amount of time in seconds to wait between attempts. Default 15.Optional
waiterMaxAttemptsThe maximum number of attempts to be made. Default 40.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-waiter-instance-terminated#


A waiter function that runs every 15 seconds until a successful state is reached.

Base Command#

aws-ec2-waiter-instance-terminated

Input#

Argument NameDescriptionRequired
filterOne or more filters. See the AWS documentation for details & filter options.Optional
instanceIdsA comma-separated list of instance IDs.Optional
waiterDelayThe amount of time in seconds to wait between attempts. Default 15.Optional
waiterMaxAttemptsThe maximum number of attempts to be made. Default 40.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-waiter-image-available#


A waiter function that waits until image is avilable.

Base Command#

aws-ec2-waiter-image-available

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
imageIdsOne or more image IDs. Sperated by comma.Optional
ownersFilters the images by the owner. Specify an AWS account ID, self (owner is the sender of the request), or an AWS owner alias (valid values are amazon | aws-marketplace | microsoft ). Omitting this option returns all images for which you have launch permissions, regardless of ownership.Optional
executableUsersScopes the images by users with explicit launch permissions. Specify an AWS account ID, self (the sender of the request), or all (public AMIs).Optional
waiterDelayThe amount of time in seconds to wait between attempts. Default 15.Optional
waiterMaxAttemptsThe maximum number of attempts to be made. Default 40.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-waiter-snapshot_completed#


A waiter function that waits until the snapshot is complate.

Base Command#

aws-ec2-waiter-snapshot_completed

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
ownerIdsReturns the snapshots owned by the specified owner. Multiple owners can be specified. Sperated by comma.Optional
snapshotIdsOne or more snapshot IDs. Sperated by comma.Optional
restorableByUserIdsOne or more AWS accounts IDs that can create volumes from the snapshot.Optional
waiterDelayThe amount of time in seconds to wait between attempts. Default 15.Optional
waiterMaxAttemptsThe maximum number of attempts to be made. Default 40.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-get-latest-ami#


Get The latest AMI.

Base Command#

aws-ec2-get-latest-ami

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
ownersFilters the images by the owner. Specify an AWS account ID, self (owner is the sender of the request), or an AWS owner alias (valid values are amazon | aws-marketplace | microsoft ). Omitting this option returns all images for which you have launch permissions, regardless of ownership.Optional
executableUsersScopes the images by users with explicit launch permissions. Specify an AWS account ID, self (the sender of the request), or all (public AMIs).Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Images.ArchitecturestringThe architecture of the image.
AWS.EC2.Images.CreationDatedateThe date and time the image was created.
AWS.EC2.Images.ImageIdstringThe ID of the AMI.
AWS.EC2.Images.ImageLocationstringThe location of the AMI.
AWS.EC2.Images.ImageTypestringThe type of image.
AWS.EC2.Images.PublicbooleanIndicates whether the image has public launch permissions. The value is true if this image has public launch permissions or false if it has only implicit and explicit launch permissions.
AWS.EC2.Images.KernelIdstringThe kernel associated with the image, if any. Only applicable for machine images.
AWS.EC2.Images.OwnerIdstringThe AWS account ID of the image owner.
AWS.EC2.Images.PlatformstringThe value is Windows for Windows AMIs; otherwise blank.
AWS.EC2.Images.ProductCodes.ProductCodeIdstringThe product code.
AWS.EC2.Images.ProductCodes.ProductCodeTypestringThe type of product code.
AWS.EC2.Images.RamdiskIdstringThe RAM disk associated with the image, if any. Only applicable for machine images.
AWS.EC2.Images.StatestringThe current state of the AMI. If the state is available , the image is successfully registered and can be used to launch an instance.
AWS.EC2.Images.BlockDeviceMappings.DeviceNamestringThe device name (for example, /dev/sdh or xvdh ).
AWS.EC2.Images.BlockDeviceMappings.VirtualNamestringThe virtual device name (ephemeral N).
AWS.EC2.Images.BlockDeviceMappings.Ebs.EncryptedbooleanIndicates whether the EBS volume is encrypted.
AWS.EC2.Images.BlockDeviceMappings.Ebs.DeleteOnTerminationbooleanIndicates whether the EBS volume is deleted on instance termination.
AWS.EC2.Images.BlockDeviceMappings.Ebs.IopsnumberThe number of I/O operations per second (IOPS) that the volume supports.
AWS.EC2.Images.BlockDeviceMappings.Ebs.KmsKeyIdstringIdentifier (key ID, key alias, ID ARN, or alias ARN) for a user-managed CMK under which the EBS volume is encrypted.
AWS.EC2.Images.BlockDeviceMappings.Ebs.SnapshotIdstringThe ID of the snapshot.
AWS.EC2.Images.BlockDeviceMappings.Ebs.VolumeSizenumberThe size of the volume, in GiB.
AWS.EC2.Images.BlockDeviceMappings.Ebs.VolumeTypestringThe volume type.
AWS.EC2.Images.BlockDeviceMappings.NoDevicestringSuppresses the specified device included in the block device mapping of the AMI.
AWS.EC2.Images.DescriptionstringThe description of the AMI that was provided during image creation.
AWS.EC2.Images.EnaSupportbooleanSpecifies whether enhanced networking with ENA is enabled.
AWS.EC2.Images.HypervisorstringThe hypervisor type of the image.
AWS.EC2.Images.ImageOwnerAliasstringThe AWS account alias (for example, amazon , self ) or the AWS account ID of the AMI owner.
AWS.EC2.Images.NamestringThe name of the AMI that was provided during image creation.
AWS.EC2.Images.RootDeviceNamestringThe device name of the root device volume (for example, /dev/sda1).
AWS.EC2.Images.RootDeviceTypestringThe type of root device used by the AMI. The AMI can use an EBS volume or an instance store volume.
AWS.EC2.Images.SriovNetSupportstringSpecifies whether enhanced networking with the Intel 82599 Virtual Function interface is enabled.
AWS.EC2.Images.StateReason.CodestringThe reason code for the state change.
AWS.EC2.Images.StateReason.MessagestringThe message for the state change.
AWS.EC2.Images.Tags.KeystringThe key of the tag.
AWS.EC2.Images.Tags.ValuestringThe value of the tag.
AWS.EC2.Images.VirtualizationTypestringThe type of virtualization of the AMI.
AWS.EC2.Images.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-create-security-group#


Creates a security group.

Base Command#

aws-ec2-create-security-group

Input#

Argument NameDescriptionRequired
groupNameThe name of the security group.Required
descriptionA description for the security group.Required
vpcIdThe ID of the VPC.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.SecurityGroups.GroupNamestringThe name of the security group.
AWS.EC2.SecurityGroups.DescriptionstringA description for the security group.
AWS.EC2.SecurityGroups.VpcIdstringThe ID of the VPC.
AWS.EC2.SecurityGroups.GroupIdstringThe ID of the security group.
AWS.EC2.SecurityGroups.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-delete-security-group#


Deletes a security group.

Base Command#

aws-ec2-delete-security-group

Input#

Argument NameDescriptionRequired
groupIdThe ID of the security group. Required for a nondefault VPC.Optional
groupNamedefault VPC only. The name of the security group. You can specify either the security group name or the security group ID.Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-authorize-security-group-ingress-rule#


Adds ingress rule to a security group.

Base Command#

aws-ec2-authorize-security-group-ingress-rule

Input#

Argument NameDescriptionRequired
groupIdThe ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.Required
fromPortThe start of port range for the TCP and UDP protocols.Optional
toPortThe end of port range for the TCP and UDP protocols.Optional
cidrIpThe CIDR IPv4 address range.Optional
ipProtocolThe IP protocol name (tcp , udp , icmp) or number. Use -1 to specify all protocols.Optional
sourceSecurityGroupNameThe name of the source security group. The source security group must be in the same VPC.Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
IpPermissionsfromPortThe start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.Optional
IpPermissionsIpProtocolThe IP protocol name (tcp, udp, icmp, icmpv6) or number.Optional
IpPermissionsToPortThe end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.Optional
IpRangesCidrIpThe IPv4 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.Optional
IpRangesDescA description for the security group rule that references this IPv4 address range.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}$*!.
Optional
Ipv6RangesCidrIpThe IPv6 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv6 address, use the /128 prefix length.Optional
Ipv6RangesDescA description for the security group rule that references this IPv6 address range.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}$*!.
Optional
PrefixListIdThe ID of the prefix.Optional
PrefixListIdDescA description for the security group rule that references this prefix list ID.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}$*!.
Optional
UserIdGroupPairsDescriptionA description for the security group rule that references this user ID group pair.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}$*!.
Optional
UserIdGroupPairsGroupIdThe ID of the security group.Optional
UserIdGroupPairsGroupNameThe name of the security group. In a request, use this parameter for a security group in EC2-Classic or a default VPC only. For a security group in a nondefault VPC, use the security group ID.Optional
UserIdGroupPairsPeeringStatusThe status of a VPC peering connection, if applicable.Optional
UserIdGroupPairsUserIdThe ID of an AWS account.Optional
UserIdGroupPairsVpcIdThe ID of the VPC for the referenced security group, if applicable.Optional
UserIdGroupPairsVpcPeeringConnectionIdThe ID of the VPC peering connection, if applicable.Optional
IpPermissionsFullFull IpPermissions argument as a string to more easily copy rules (e.x. """[{"IpProtocol": "-1", "IpRanges": [{"CidrIp": "0.0.0.0/0"}], "Ipv6Ranges": [], "PrefixListIds": [], "UserIdGroupPairs": []}]""").Optional

Context Output#

There is no context output for this command.

aws-ec2-authorize-security-group-egress-rule#


Adds egress rule to a security group.

Base Command#

aws-ec2-authorize-security-group-egress-rule

Input#

Argument NameDescriptionRequired
groupIdThe ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
IpPermissionsfromPortThe start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.Optional
IpPermissionsIpProtocolThe IP protocol name (tcp, udp, icmp, icmpv6) or number.Optional
IpPermissionsToPortThe end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.Optional
IpRangesCidrIpThe IPv4 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.Optional
IpRangesDescA description for the security group rule that references this IPv4 address range. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}$*!.Optional
Ipv6RangesCidrIpThe IPv6 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv6 address, use the /128 prefix length.Optional
Ipv6RangesDescA description for the security group rule that references this IPv6 address range. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}$*!.Optional
PrefixListIdThe ID of the prefix.Optional
PrefixListIdDescA description for the security group rule that references this prefix list ID. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}$*!.Optional
UserIdGroupPairsDescriptionA description for the security group rule that references this user ID group pair. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}$*!.Optional
UserIdGroupPairsGroupIdThe ID of the security group.Optional
UserIdGroupPairsGroupNameThe name of the security group. In a request, use this parameter for a security group in EC2-Classic or a default VPC only. For a security group in a nondefault VPC, use the security group ID.Optional
UserIdGroupPairsPeeringStatusThe status of a VPC peering connection, if applicable.Optional
UserIdGroupPairsUserIdThe ID of an AWS account.Optional
UserIdGroupPairsVpcIdThe ID of the VPC for the referenced security group, if applicable.Optional
UserIdGroupPairsVpcPeeringConnectionIdThe ID of the VPC peering connection, if applicable.Optional
IpPermissionsFullFull IpPermissions argument as a string to more easily copy rules (e.x. """[{"IpProtocol": "-1", "IpRanges": [{"CidrIp": "0.0.0.0/0"}], "Ipv6Ranges": [], "PrefixListIds": [], "UserIdGroupPairs": []}]""").Optional

Context Output#

There is no context output for this command.

aws-ec2-revoke-security-group-ingress-rule#


Removes egress rule from a security group. To remove a rule, the values that you specify (for example, ports) must match the existing rule's values exactly.

Base Command#

aws-ec2-revoke-security-group-ingress-rule

Input#

Argument NameDescriptionRequired
groupIdThe ID of the security group.Required
fromPortThe start of port range for the TCP and UDP protocols.Optional
toPortThe end of port range for the TCP and UDP protocols.Optional
cidrIpThe CIDR IPv4 address range.Optional
cidrIpv6The CIDR IPv6 address range.Optional
ipProtocolThe IP protocol name (tcp , udp , icmp) or number. Use -1 to specify all protocols.Optional
sourceSecurityGroupNameThe name of the source security group. The source security group must be in the same VPC.Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
IpPermissionsFullFull IpPermissions argument as a string to more easily target rules (e.x. """[{"IpProtocol": "-1", "IpRanges": [{"CidrIp": "0.0.0.0/0"}], "Ipv6Ranges": [], "PrefixListIds": [], "UserIdGroupPairs": []}]""").Optional

Context Output#

There is no context output for this command.

aws-ec2-revoke-security-group-egress-rule#


(VPC only) Removes the specified egress rules from a security group for EC2-VPC. This action does not apply to security groups for use in EC2-Classic. To remove a rule, the values that you specify (for example, ports) must match the existing rule's values exactly.

Base Command#

aws-ec2-revoke-security-group-egress-rule

Input#

Argument NameDescriptionRequired
groupIdThe ID of the security group.Required
IpPermissionsfromPortThe start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.Optional
IpPermissionsToPortThe end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.Optional
IpPermissionsIpProtocolThe IP protocol name (tcp, udp, icmp, icmpv6) or number.Optional
IpRangesCidrIpThe IPv4 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.Optional
IpRangesDescriptionA description for the security group rule that references this IPv4 address range.Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*Optional
Ipv6RangesCidrIpThe IPv6 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv6 address, use the /128 prefix length.Optional
Ipv6RangesDescriptionA description for the security group rule that references this IPv6 address range. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*Optional
PrefixListIdThe ID of the prefix.Optional
PrefixListIdDescriptionA description for the security group rule that references this prefix list ID. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*Optional
UserIdGroupPairsDescriptionA description for the security group rule that references this prefix list ID. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*Optional
UserIdGroupPairsGroupIdThe ID of the security group.Optional
UserIdGroupPairsGroupNameThe name of the security group. In a request, use this parameter for a security group in EC2-Classic or a default VPC only. For a security group in a nondefault VPC, use the security group ID. For a referenced security group in another VPC, this value is not returned if the referenced security group is deleted.Optional
UserIdGroupPairsPeeringStatusThe status of a VPC peering connection, if applicable.Optional
UserIdGroupPairsUserIdThe ID of an AWS account. For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned. [EC2-Classic] Required when adding or removing rules that reference a security group in another AWS account.Optional
UserIdGroupPairsVpcIdThe ID of the VPC for the referenced security group, if applicable.Optional
UserIdGroupPairsVpcPeeringConnectionIdThe ID of the VPC peering connection, if applicable.Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
IpPermissionsFullFull IpPermissions argument as a string to more easily target rules (e.x. """[{"IpProtocol": "-1", "IpRanges": [{"CidrIp": "0.0.0.0/0"}], "Ipv6Ranges": [], "PrefixListIds": [], "UserIdGroupPairs": []}]""").Optional

Context Output#

There is no context output for this command.

aws-ec2-copy-image#


Initiates the copy of an AMI from the specified source region to the current region.

Base Command#

aws-ec2-copy-image

Input#

Argument NameDescriptionRequired
nameThe name of the new AMI in the destination region.Required
sourceImageIdThe ID of the AMI to copy.Required
sourceRegionThe name of the region that contains the AMI to copy.Required
descriptionA description for the new AMI in the destination region.Optional
encryptedSpecifies whether the destination snapshots of the copied image should be encrypted. The default CMK for EBS is used unless a non-default AWS Key Management Service (AWS KMS) CMK is specified with KmsKeyId . Possible values are: True, False.Optional
kmsKeyIdAn identifier for the AWS Key Management Service (AWS KMS) customer master key (CMK) to use when creating the encrypted volume. This parameter is only required if you want to use a non-default CMK; if this parameter is not specified, the default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.Optional
clientTokennique, case-sensitive identifier you provide to ensure idempotency of the request.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Images.ImageIdstringThe ID of the new AMI.
AWS.EC2.Images.RegionstringThe Region where the image is located.
AWS.EC2.Images.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-copy-snapshot#


Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy the snapshot within the same region or from one region to another.

Base Command#

aws-ec2-copy-snapshot

Input#

Argument NameDescriptionRequired
sourceSnapshotIdThe ID of the EBS snapshot to copy.Required
sourceRegionThe ID of the region that contains the snapshot to be copied.Required
descriptionA description for the EBS snapshot.Optional
encryptedSpecifies whether the destination snapshot should be encrypted. You can encrypt a copy of an unencrypted snapshot using this flag, but you cannot use it to create an unencrypted copy from an encrypted snapshot. Your default CMK for EBS is used unless a non-default AWS Key Management Service (AWS KMS) CMK is specified with KmsKeyId .Optional
kmsKeyIdAn identifier for the AWS Key Management Service (AWS KMS) customer master key (CMK) to use when creating the encrypted volume. This parameter is only required if you want to use a non-default CMK; if this parameter is not specified, the default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Snapshots.SnapshotIdstringThe ID of the new snapshot.
AWS.EC2.Snapshots.RegionstringThe Region where the snapshot is located.
AWS.EC2.Snapshots.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-describe-reserved-instances#


Describes one or more of the Reserved Instances that you purchased.

Base Command#

aws-ec2-describe-reserved-instances

Input#

Argument NameDescriptionRequired
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
reservedInstancesIdsOne or more Reserved Instance IDs. Separated by comma.Optional
offeringClassDescribes whether the Reserved Instance is Standard or Convertible. Possible values are: standard, convertible.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.ReservedInstances.AvailabilityZonestringThe Availability Zone in which the Reserved Instance can be used.
AWS.EC2.ReservedInstances.DurationnumberThe duration of the Reserved Instance, in seconds.
AWS.EC2.ReservedInstances.EnddateThe time when the Reserved Instance expires.
AWS.EC2.ReservedInstances.FixedPricenumberThe purchase price of the Reserved Instance.
AWS.EC2.ReservedInstances.InstanceCountnumberThe number of reservations purchased.
AWS.EC2.ReservedInstances.InstanceTypestringThe instance type on which the Reserved Instance can be used.
AWS.EC2.ReservedInstances.ProductDescriptionstringThe Reserved Instance product platform description.
AWS.EC2.ReservedInstances.ReservedInstancesIdstringThe ID of the Reserved Instance.
AWS.EC2.ReservedInstances.StartdateThe date and time the Reserved Instance started.
AWS.EC2.ReservedInstances.StatestringThe state of the Reserved Instance purchase.
AWS.EC2.ReservedInstances.UsagePricenumberThe usage price of the Reserved Instance, per hour.
AWS.EC2.ReservedInstances.CurrencyCodestringThe currency of the Reserved Instance. It's specified using ISO 4217 standard currency codes. At this time, the only supported currency is USD .
AWS.EC2.ReservedInstances.InstanceTenancystringThe tenancy of the instance.
AWS.EC2.ReservedInstances.OfferingClassstringThe offering class of the Reserved Instance.
AWS.EC2.ReservedInstances.OfferingTypestringThe Reserved Instance offering type.
AWS.EC2.ReservedInstances.RecurringCharges.AmountnumberThe amount of the recurring charge.
AWS.EC2.ReservedInstances.RecurringCharges.Frequencystringhe frequency of the recurring charge.
AWS.EC2.ReservedInstances.ScopestringThe scope of the Reserved Instance.
AWS.EC2.ReservedInstances.Tags.KeystringThe key of the tag.
AWS.EC2.ReservedInstances.Tags.ValuestringThe value of the tag.
AWS.EC2.ReservedInstances.RegionstringThe AWS region where the reserved instance is located.
AWS.EC2.ReservedInstances.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-monitor-instances#


Enables detailed monitoring for a running instance.

Base Command#

aws-ec2-monitor-instances

Input#

Argument NameDescriptionRequired
instancesIdsOne or more instance IDs. Separated by comma.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Instances.InstanceIdstringThe ID of the instance.
AWS.EC2.Instances.Monitoring.StatestringIndicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.
AWS.EC2.Instances.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-unmonitor-instances#


Disables detailed monitoring for a running instance.

Base Command#

aws-ec2-unmonitor-instances

Input#

Argument NameDescriptionRequired
instancesIdsOne or more instance IDs. Separated by comma.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Instances.InstanceIdUnknownThe ID of the instance.
AWS.EC2.Instances.Monitoring.StateUnknownIndicates whether detailed monitoring is enabled. Otherwise, basic monitoring is enabled.
AWS.EC2.Instances.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-reboot-instances#


Requests a reboot of one or more instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored. If an instance does not cleanly shut down within four minutes, Amazon EC2 performs a hard reboot.

Base Command#

aws-ec2-reboot-instances

Input#

Argument NameDescriptionRequired
instanceIdsOne or more instance IDs. Separated by comma.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-get-password-data#


Retrieves the encrypted administrator password for a running Windows instance.

Base Command#

aws-ec2-get-password-data

Input#

Argument NameDescriptionRequired
instanceIdThe ID of the Windows instance.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Instances.PasswordData.PasswordDatastringThe password of the instance. Returns an empty string if the password is not available.
AWS.EC2.Instances.PasswordData.TimestampdateThe time the data was last updated.
AWS.EC2.Instances.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-modify-network-interface-attribute#


Modifies the specified network interface attribute. You can specify only one attribute at a time.

Base Command#

aws-ec2-modify-network-interface-attribute

Input#

Argument NameDescriptionRequired
networkInterfaceIdThe ID of the network interface.Required
groupsChanges the security groups for the network interface. The new set of groups you specify replaces the current set. You must specify at least one group, even if it's just the default security group in the VPC. You must specify the ID of the security group, not the name.Optional
sourceDestCheckIndicates whether source/destination checking is enabled. A value of true means checking is enabled, and false means checking is disabled. This value must be false for a NAT instance to perform NAT. Possible values are: True, False.Optional
descriptionA description for the network interface.Optional
attachmentIdThe ID of the network interface attachment. Information about the interface attachment. If modifying the 'delete on termination' attribute, you must specify the ID of the interface attachment.Optional
deleteOnTerminationIndicates whether the network interface is deleted when the instance is terminated. Information about the interface attachment. If modifying the 'delete on termination' attribute, you must specify the ID of the interface attachment. Possible values are: True, False.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-modify-instance-attribute#


Modifies the specified attribute of the specified instance. You can specify only one attribute at a time. Using this action to change the security groups associated with an elastic network interface (ENI) attached to an instance in a VPC can result in an error if the instance has more than one ENI. To change the security groups associated with an ENI attached to an instance that has multiple ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action.

Base Command#

aws-ec2-modify-instance-attribute

Input#

Argument NameDescriptionRequired
instanceIdThe ID of the instance.Required
sourceDestCheckSpecifies whether source/destination checking is enabled. A value of true means that checking is enabled, and false means that checking is disabled. This value must be false for a NAT instance to perform NAT. Possible values are: True, False.Optional
disableApiTerminationIf the value is true , you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. You cannot use this parameter for Spot Instances. Possible values are: True, False.Optional
ebsOptimizedSpecifies whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance. Possible values are: True, False.Optional
enaSupportSet to true to enable enhanced networking with ENA for the instance. This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable. Possible values are: True, False.Optional
instanceTypeChanges the instance type to the specified value.Optional
instanceInitiatedShutdownBehaviorSpecifies whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown). Possible values are: Stop, Terminate.Optional
groups[EC2-VPC] Changes the security groups of the instance. You must specify at least one security group, even if it's just the default security group for the VPC. You must specify the security group ID, not the security group name.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-create-network-acl#


Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC.

Base Command#

aws-ec2-create-network-acl

Input#

Argument NameDescriptionRequired
DryRunChecks whether you have the required permissions for the action, without actually making the request, and provides an error response. Possible values are: True, False.Optional
VpcIdThe ID of the VPC.Required
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.VpcId.NetworkAcl.Associations.NetworkAclAssociationIdStringThe ID of the association between a network ACL and a subnet.
AWS.EC2.VpcId.NetworkAcl.Associations.NetworkAclIdStringThe ID of the network ACL.
AWS.EC2.VpcId.NetworkAcl.Associations.SubnetIdStringThe ID of the subnet.
AWS.EC2.VpcId.NetworkAcl.Entries.CidrBlockStringThe IPv4 network range to allow or deny, in CIDR notation.
AWS.EC2.VpcId.NetworkAcl.Entries.EgressBooleanIndicates whether the rule is an egress rule (applied to traffic leaving the subnet).
AWS.EC2.VpcId.NetworkAcl.Entries.IcmpTypeCode.CodeNumberThe ICMP code. A value of -1 means all codes for the specified ICMP type.
AWS.EC2.VpcId.NetworkAcl.Entries.IcmpTypeCode.TypeNumberThe ICMP type. A value of -1 means all types.
AWS.EC2.VpcId.NetworkAcl.Entries.Ipv6CidrBlockStringThe IPv6 network range to allow or deny, in CIDR notation.
AWS.EC2.VpcId.NetworkAcl.Entries.PortRange.FromNumberThe first port in the range.
AWS.EC2.VpcId.NetworkAcl.Entries.PortRange.ToNumberThe last port in the range.
AWS.EC2.VpcId.NetworkAcl.Entries.ProtocolStringThe protocol number. A value of "-1" means all protocols.
AWS.EC2.VpcId.NetworkAcl.Entries.RuleActionStringIndicates whether to allow or deny the traffic that matches the rule.
AWS.EC2.VpcId.NetworkAcl.Entries.RuleNumberNumberThe rule number for the entry. ACL entries are processed in ascending order by rule number.
AWS.EC2.VpcId.NetworkAcl.NetworkAclIdStringThe ID of the network ACL.
AWS.EC2.VpcId.NetworkAcl.Tags.KeyStringThe key of the tag.
AWS.EC2.VpcId.NetworkAcl.Tags.ValueStringThe value of the tag.
AWS.EC2.VpcId.NetworkAcl.VpcIdStringThe ID of the VPC for the network ACL.
AWS.EC2.VpcId.NetworkAcl.OwnerIdStringThe ID of the AWS account that owns the network ACL.
AWS.EC2.VpcId.NetworkAcl.AccountIdStringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-create-network-acl-entry#


Creates an entry (a rule) in a network ACL with the specified rule number.

Base Command#

aws-ec2-create-network-acl-entry

Input#

Argument NameDescriptionRequired
CidrBlockThe IPv4 network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).Optional
DryRunChecks whether you have the required permissions for the action, without actually making the request, and provides an error response. Possible values are: True, False.Optional
EgressIndicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Possible values are: True, False.Required
CodeThe ICMP code. A value of -1 means all codes for the specified ICMP type.Optional
TypeThe ICMP type. A value of -1 means all types.Optional
Ipv6CidrBlockThe IPv6 network range to allow or deny, in CIDR notation (for example 2001:db8:1234:1a00::/64 ).Optional
NetworkAclIdThe ID of the network ACL.Required
FromThe first port in the range.Optional
ToThe last port in the range.Optional
ProtocolThe protocol number. A value of "-1" means all protocols. If you specify "-1" or a protocol number other than "6" (TCP), "17" (UDP), or "1" (ICMP), traffic on all ports is allowed, regardless of any ports or ICMP types or codes that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv4 CIDR block, traffic for all ICMP types and codes allowed, regardless of any that you specify. If you specify protocol "58" (ICMPv6) and specify an IPv6 CIDR block, you must specify an ICMP type and code.Required
RuleActionIndicates whether to allow or deny the traffic that matches the rule.Required
RuleNumberThe rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-ec2-create-fleet#


Launches an EC2 Fleet.

Base Command#

aws-ec2-create-fleet

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
DryRunChecks whether you have the required permissions for the action, without actually making the request, and provides an error response. Possible values are: True, False.Optional
ClientTokenUnique, case-sensitive identifier you provide to ensure the idempotency of the request.Optional
SpotAllocationStrategyIndicates how to allocate the target capacity across the Spot pools specified by the Spot Fleet request.Optional
InstanceInterruptionBehaviorThe behavior when a Spot Instance is interrupted.Optional
InstancePoolsToUseCountThe number of Spot pools across which to allocate your target Spot capacity.Optional
SpotSingleInstanceTypeIndicates that the fleet uses a single instance type to launch all Spot Instances in the fleet. Possible values are: True, False.Optional
SpotMinTargetCapacityThe minimum target capacity for Spot Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.Optional
OnDemandAllocationStrategyThe order of the launch template overrides to use in fulfilling On-Demand capacity.Optional
OnDemandSingleInstanceTypeIndicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet.Optional
OnDemandSingleAvailabilityZoneIndicates that the fleet launches all On-Demand Instances into a single Availability Zone.Optional
OnDemandMinTargetCapacityThe minimum target capacity for On-Demand Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.Optional
ExcessCapacityTerminationPolicyIndicates whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet.Optional
LaunchTemplateIdThe ID of the launch template.Required
LaunchTemplateNameThe name of the launch template.Required
VersionThe version number of the launch template.Required
OverrideInstanceTypeThe instance type.Optional
OverrideMaxPriceThe maximum price per unit hour that you are willing to pay for a Spot Instance.Optional
OverrideSubnetIdThe ID of the subnet in which to launch the instances.Optional
OverrideAvailabilityZoneThe Availability Zone in which to launch the instances.Optional
OverrideWeightedCapacityThe number of units provided by the specified instance type.Optional
OverridePriorityThe priority for the launch template override.Optional
TotalTargetCapacityThe number of units to request, filled using DefaultTargetCapacityType .Required
OnDemandTargetCapacityThe number of On-Demand units to request.Required
SpotTargetCapacityThe number of Spot units to request.Required
DefaultTargetCapacityTypeThe default TotalTargetCapacity, which is either Spot or On-Demand .Required
TypeThe type of the request.Optional
ValidFromThe start date and time of the request, in UTC format (for example, YYYY -MM -DD THH :MM :SS Z).Optional
ValidUntilThe end date and time of the request, in UTC format (for example, YYYY -MM -DD THH :MM :SS Z).Optional
ReplaceUnhealthyInstancesIndicates whether EC2 Fleet should replace unhealthy instances.Optional
TagsThe tags to apply to the resource.Optional

Context Output#

PathTypeDescription
AWS.EC2.Fleet.FleetIdStringThe ID of the EC2 Fleet.
AWS.EC2.Fleet.ErrorsStringInformation about the instances that could not be launched by the fleet. Valid only when Type is set to instant.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.LaunchTemplateSpecification.LaunchTemplateIdStringThe ID of the launch template. You must specify either a template ID or a template name.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.LaunchTemplateSpecification.LaunchTemplateNameStringThe name of the launch template. You must specify either a template name or a template ID.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.LaunchTemplateSpecification.VersionStringThe version number of the launch template. You must specify a version number.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.Overrides.InstanceTypeStringThe instance type.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.Overrides.MaxPriceStringThe maximum price per unit hour that you are willing to pay for a Spot Instance.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.Overrides.SubnetIdStringThe ID of the subnet in which to launch the instances.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.Overrides.AvailabilityZoneStringThe Availability Zone in which to launch the instances.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.Overrides.WeightedCapacityStringThe number of units provided by the specified instance type.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.Overrides.PriorityStringThe priority for the launch template override.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.Overrides.Placement.GroupNameStringThe name of the placement group the instance is in.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.LifecycleStringIndicates if the instance that could not be launched was a Spot Instance or On-Demand Instance.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.ErrorCodeStringThe error code that indicates why the instance could not be launched.
AWS.EC2.Fleet.LaunchTemplateAndOverrides.ErrorMessageStringThe error message that describes why the instance could not be launched.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.LaunchTemplateSpecification.LaunchTemplateIdStringThe ID of the launch template. You must specify either a template ID or a template name.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.LaunchTemplateSpecification.LaunchTemplateNameStringThe name of the launch template. You must specify either a template name or a template ID.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.LaunchTemplateSpecification.VersionStringThe version number of the launch template. You must specify a version number.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.Overrides.InstanceTypeStringThe instance type.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.Overrides.MaxPriceStringThe maximum price per unit hour that you are willing to pay for a Spot Instance.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.Overrides.SubnetIdStringThe ID of the subnet in which to launch the instances.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.Overrides.AvailabilityZoneStringThe Availability Zone in which to launch the instances.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.Overrides.WeightedCapacityNumberThe number of units provided by the specified instance type.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.Overrides.PriorityNumberThe priority for the launch template override.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.Overrides.Placement.GroupNameStringThe name of the placement group the instance is in.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.Overrides.LifecycleStringIndicates if the instance that was launched is a Spot Instance or On-Demand Instance.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.Overrides.InstanceIdsStringThe IDs of the instances.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.Overrides.InstanceTypeStringThe instance type.
AWS.EC2.Fleet.Instances.LaunchTemplateAndOverrides.Overrides.PlatformStringThe value is Windows for Windows instances; otherwise blank.
AWS.EC2.Fleet.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-delete-fleet#


Deletes the specified EC2 Fleet.

Base Command#

aws-ec2-delete-fleet

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
DryRunChecks whether you have the required permissions for the action, without actually making the request, and provides an error response.Optional
FleetIdsThe IDs of the EC2 Fleets.Required
TerminateInstancesIndicates whether to terminate instances for an EC2 Fleet if it is deleted successfully.Required

Context Output#

PathTypeDescription
AWS.EC2.DeletedFleets.SuccessfulFleetDeletions.CurrentFleetStateStringThe current state of the EC2 Fleet.
AWS.EC2.DeletedFleets.SuccessfulFleetDeletions.PreviousFleetStateStringThe previous state of the EC2 Fleet.
AWS.EC2.DeletedFleets.SuccessfulFleetDeletions.FleetIdStringThe ID of the EC2 Fleet.
AWS.EC2.DeletedFleets.UnsuccessfulFleetDeletions.Error.CodeStringThe error code.
AWS.EC2.DeletedFleets.UnsuccessfulFleetDeletions.Error.MessageStringThe description for the error code.
AWS.EC2.DeletedFleets.UnsuccessfulFleetDeletions.FleetIdStringThe ID of the EC2 Fleet.
AWS.EC2.DeletedFleets.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-describe-fleets#


Describes one or more of your EC2 Fleets.

Base Command#

aws-ec2-describe-fleets

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
FleetIdsThe ID of the EC2 Fleets.Optional
MaxResultsThe maximum number of results to return in a single call. Specify a value between 1 and 1000.Optional
NextTokenThe token for the next set of results.Optional

Context Output#

PathTypeDescription
AWS.EC2.Fleet.NextTokenstringThe token for the next set of results.
AWS.EC2.Fleet.Fleets.ActivityStatusstringThe progress of the EC2 Fleet. If there is an error, the status is error .
AWS.EC2.Fleet.Fleets.CreateTimedateThe creation date and time of the EC2 Fleet.
AWS.EC2.Fleet.Fleets.FleetIdstringThe ID of the EC2 Fleet.
AWS.EC2.Fleet.Fleets.FleetStatestringThe state of the EC2 Fleet.
AWS.EC2.Fleet.Fleets.ClientTokenstringUnique, case-sensitive identifier you provide to ensure the idempotency of the request.
AWS.EC2.Fleet.Fleets.ExcessCapacityTerminationPolicystringIndicates whether running instances should be terminated if the target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet.
AWS.EC2.Fleet.Fleets.FulfilledCapacitynumberThe number of units fulfilled by this request compared to the set target capacity.
AWS.EC2.Fleet.Fleets.FulfilledOnDemandCapacitynumberThe number of units fulfilled by this request compared to the set target On-Demand capacity.
AWS.EC2.Fleet.Fleets.LaunchTemplateConfigs.LaunchTemplateSpecification.LaunchTemplateIdstringThe ID of the launch template. You must specify either a template ID or a template name.
AWS.EC2.Fleet.Fleets.LaunchTemplateConfigs.LaunchTemplateSpecification.LaunchTemplateNamestringThe name of the launch template. You must specify either a template name or a template ID.
AWS.EC2.Fleet.Fleets.LaunchTemplateConfigs.LaunchTemplateSpecification.VersionstringThe version number of the launch template. You must specify a version number.
AWS.EC2.Fleet.Fleets.LaunchTemplateConfigs.LaunchTemplateSpecification.Overrides.InstanceTypestringThe instance type.
AWS.EC2.Fleet.Fleets.LaunchTemplateConfigs.LaunchTemplateSpecification.Overrides.MaxPricestringThe maximum price per unit hour that you are willing to pay for a Spot Instance.
AWS.EC2.Fleet.Fleets.LaunchTemplateConfigs.LaunchTemplateSpecification.Overrides.SubnetIdstringThe ID of the subnet in which to launch the instances.
AWS.EC2.Fleet.Fleets.LaunchTemplateConfigs.LaunchTemplateSpecification.Overrides.AvailabilityZonestringThe Availability Zone in which to launch the instances.
AWS.EC2.Fleet.Fleets.LaunchTemplateConfigs.LaunchTemplateSpecification.Overrides.WeightedCapacitynumberThe number of units provided by the specified instance type.
AWS.EC2.Fleet.Fleets.LaunchTemplateConfigs.LaunchTemplateSpecification.Overrides.PrioritynumberThe priority for the launch template override.
AWS.EC2.Fleet.Fleets.LaunchTemplateConfigs.LaunchTemplateSpecification.Overrides.Placement.GroupNamestringThe name of the placement group the instance is in.
AWS.EC2.Fleet.Fleets.TargetCapacitySpecification.TotalTargetCapacitynumberThe number of units to request, filled using DefaultTargetCapacityType .
AWS.EC2.Fleet.Fleets.TargetCapacitySpecification.OnDemandTargetCapacitynumberThe number of On-Demand units to request.
AWS.EC2.Fleet.Fleets.TargetCapacitySpecification.SpotTargetCapacitynumberThe maximum number of Spot units to launch.
AWS.EC2.Fleet.Fleets.TargetCapacitySpecification.DefaultTargetCapacityTypestringThe default TotalTargetCapacity , which is either Spot or On-Demand.
AWS.EC2.Fleet.Fleets.TerminateInstancesWithExpirationbooleanIndicates whether running instances should be terminated when the EC2 Fleet expires.
AWS.EC2.Fleet.Fleets.TypestringThe type of request. Indicates whether the EC2 Fleet only requests the target capacity, or also attempts to maintain it.
AWS.EC2.Fleet.Fleets.ValidFromdateThe start date and time of the request, in UTC format (for example, YYYY -MM -DD T*HH* :MM :SS Z).
AWS.EC2.Fleet.Fleets.ValidUntildateThe end date and time of the request, in UTC format (for example, YYYY -MM -DD T*HH* :MM :SS Z).
AWS.EC2.Fleet.Fleets.ReplaceUnhealthyInstancesbooleanIndicates whether EC2 Fleet should replace unhealthy instances.
AWS.EC2.Fleet.Fleets.SpotOptions.AllocationStrategystringIndicates how to allocate the target capacity across the Spot pools specified by the Spot Fleet request.
AWS.EC2.Fleet.Fleets.SpotOptions.InstanceInterruptionBehaviorstringThe behavior when a Spot Instance is interrupted. The default is terminate.
AWS.EC2.Fleet.Fleets.SpotOptions.InstancePoolsToUseCountnumberThe number of Spot pools across which to allocate your target Spot capacity.
AWS.EC2.Fleet.Fleets.SpotOptions.SingleInstanceTypebooleanIndicates that the fleet uses a single instance type to launch all Spot Instances in the fleet.
AWS.EC2.Fleet.Fleets.SpotOptions.SingleAvailabilityZonebooleanIndicates that the fleet launches all Spot Instances into a single Availability Zone.
AWS.EC2.Fleet.Fleets.SpotOptions.MinTargetCapacitynumberThe minimum target capacity for Spot Instances in the fleet.
AWS.EC2.Fleet.Fleets.OnDemandOptions.AllocationStrategystringThe order of the launch template overrides to use in fulfilling On-Demand capacity.
AWS.EC2.Fleet.Fleets.OnDemandOptions.SingleInstanceTypebooleanIndicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet.
AWS.EC2.Fleet.Fleets.OnDemandOptions.SingleAvailabilityZonebooleanIndicates that the fleet launches all On-Demand Instances into a single Availability Zone.
AWS.EC2.Fleet.Fleets.OnDemandOptions.MinTargetCapacitynumberThe minimum target capacity for On-Demand Instances in the fleet.
AWS.EC2.Fleet.Fleets.Tags.KeystringThe key of the tag.
AWS.EC2.Fleet.Fleets.Tags.ValuestringThe value of the tag.
AWS.EC2.Fleet.Fleets.Errors.LaunchTemplateAndOverrides.LaunchTemplateSpecification.LaunchTemplateIdstringThe ID of the launch template. You must specify either a template ID or a template name.
AWS.EC2.Fleet.Fleets.Errors.LaunchTemplateAndOverrides.LaunchTemplateSpecification.LaunchTemplateNamestringThe name of the launch template. You must specify either a template name or a template ID.
AWS.EC2.Fleet.Fleets.Errors.LaunchTemplateAndOverrides.LaunchTemplateSpecification.VersionstringThe version number of the launch template. You must specify a version number.
AWS.EC2.Fleet.Fleets.Errors.Overrides.InstanceTypestringThe instance type.
AWS.EC2.Fleet.Fleets.Errors.Overrides.MaxPricestringThe maximum price per unit hour that you are willing to pay for a Spot Instance.
AWS.EC2.Fleet.Fleets.Errors.Overrides.SubnetIdstringThe ID of the subnet in which to launch the instances.
AWS.EC2.Fleet.Fleets.Errors.Overrides.AvailabilityZonestringThe Availability Zone in which to launch the instances.
AWS.EC2.Fleet.Fleets.Errors.Overrides.WeightedCapacitynumberThe number of units provided by the specified instance type.
AWS.EC2.Fleet.Fleets.Errors.Overrides.PrioritynumberThe priority for the launch template override.
AWS.EC2.Fleet.Fleets.Errors.Overrides.Placement.GroupNamestringThe name of the placement group the instance is in.
AWS.EC2.Fleet.Fleets.Errors.LifecyclestringIndicates if the instance that could not be launched was a Spot Instance or On-Demand Instance.
AWS.EC2.Fleet.Fleets.Errors.ErrorCodestringThe error code that indicates why the instance could not be launched.
AWS.EC2.Fleet.Fleets.Errors.ErrorMessagestringThe error message that describes why the instance could not be launched.
AWS.EC2.Fleet.Fleets.Instances.LaunchTemplateAndOverrides.LaunchTemplateSpecification.LaunchTemplateIdstringThe ID of the launch template. You must specify either a template ID or a template name.
AWS.EC2.Fleet.Fleets.Instances.LaunchTemplateAndOverrides.LaunchTemplateSpecification.LaunchTemplateNamestringThe name of the launch template. You must specify either a template name or a template ID.
AWS.EC2.Fleet.Fleets.Instances.LaunchTemplateAndOverrides.LaunchTemplateSpecification.VersionstringThe version number of the launch template. You must specify a version number.
AWS.EC2.Fleet.Fleets.Instances.LaunchTemplateAndOverrides.Overrides.InstanceTypestringThe instance type.
AWS.EC2.Fleet.Fleets.Instances.LaunchTemplateAndOverrides.Overrides.MaxPricestringThe maximum price per unit hour that you are willing to pay for a Spot Instance.
AWS.EC2.Fleet.Fleets.Instances.LaunchTemplateAndOverrides.Overrides.SubnetIdstringThe ID of the subnet in which to launch the instances.
AWS.EC2.Fleet.Fleets.Instances.LaunchTemplateAndOverrides.Overrides.AvailabilityZonestringThe Availability Zone in which to launch the instances.
AWS.EC2.Fleet.Fleets.Instances.LaunchTemplateAndOverrides.Overrides.WeightedCapacitynumberThe number of units provided by the specified instance type.
AWS.EC2.Fleet.Fleets.Instances.LaunchTemplateAndOverrides.Overrides.PrioritynumberThe priority for the launch template override.
AWS.EC2.Fleet.Fleets.Instances.LaunchTemplateAndOverrides.Overrides.Placement.GroupNamestringThe name of the placement group the instance is in.
AWS.EC2.Fleet.Fleets.Instances.LifecyclestringIndicates if the instance that was launched is a Spot Instance or On-Demand Instance.
AWS.EC2.Fleet.Fleets.Instances.InstanceIdsstringThe IDs of the instances.
AWS.EC2.Fleet.Fleets.Instances.InstanceTypestringThe instance type.
AWS.EC2.Fleet.Fleets.Instances.PlatformstringThe value is Windows for Windows instances; otherwise blank.
AWS.EC2.Fleet.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-describe-fleet-instances#


Describes the running instances for the specified EC2 Fleet.

Base Command#

aws-ec2-describe-fleet-instances

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
FleetIdThe ID of the EC2 Fleet.Required
MaxResultsThe maximum number of results to return in a single call. Specify a value between 1 and 1000.Optional
NextTokenThe token for the next set of results.Optional

Context Output#

PathTypeDescription
AWS.EC2.Fleet.ActiveInstances.InstanceIdStringThe ID of the instance.
AWS.EC2.Fleet.ActiveInstances.InstanceTypeStringThe instance type.
AWS.EC2.Fleet.ActiveInstances.SpotInstanceRequestIdStringThe ID of the Spot Instance request.
AWS.EC2.Fleet.ActiveInstances.InstanceHealthStringThe health status of the instance.
AWS.EC2.Fleet.NextTokenStringThe token for the next set of results.
AWS.EC2.Fleet.FleetIdStringThe ID of the EC2 Fleet.
AWS.EC2.Fleet.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-modify-fleet#


Modifies the specified EC2 Fleet.

Base Command#

aws-ec2-modify-fleet

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
FleetIdThe ID of the EC2 Fleet.Required
TotalTargetCapacityThe number of units to request, filled using DefaultTargetCapacityType.Required
OnDemandTargetCapacityThe number of On-Demand units to request.Optional
SpotTargetCapacityThe number of Spot units to request.Optional
DefaultTargetCapacityTypeThe default TotalTargetCapacity, which is either Spot or On-Demand.Optional

Context Output#

There is no context output for this command.

aws-ec2-create-launch-template#


Creates a launch template. A launch template contains the parameters to launch an instance.

Base Command#

aws-ec2-create-launch-template

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
ClientTokenUnique, case-sensitive identifier you provide to ensure the idempotency of the request.Optional
LaunchTemplateNameA name for the launch template.Required
VersionDescriptionA description for the first version of the launch template.Optional
KernelIdThe ID of the kernel.Optional
EbsOptimizedIndicates whether the instance is optimized for Amazon EBS I/O. Possible values are: True, False.Optional
iamInstanceProfileArnThe Amazon Resource Name (ARN) of the instance profile.Optional
iamInstanceProfileNameThe name of the instance profile.Optional
deviceNameThe device name (for example, /dev/sdh or xvdh).Optional
VirtualNameThe virtual device name (ephemeralN). Instance store volumes are numbered starting from 0.Optional
ebsEncryptedIndicates whether the EBS volume is encrypted. Possible values are: True, False.Optional
ebsDeleteOnTerminationIndicates whether the EBS volume is deleted on instance termination. Possible values are: True, False.Optional
ebsIopsThe number of I/O operations per second (IOPS) that the volume supports.Optional
ebsKmsKeyIdThe ARN of the AWS Key Management Service (AWS KMS) CMK used for encryption.Optional
ebsSnapshotIdThe ID of the snapshot.Optional
ebsVolumeSizeThe size of the volume, in GiB.Optional
ebsVolumeTypeThe volume type.Optional
NoDeviceSuppresses the specified device included in the block device mapping of the AMI.Optional
AssociatePublicIpAddressAssociates a public IPv4 address with eth0 for a new network interface. Possible values are: True, False.Optional
NetworkInterfacesDeleteOnTerminationIndicates whether the network interface is deleted when the instance is terminated. Possible values are: True, False.Optional
NetworkInterfacesDescriptionA description for the network interface.Optional
NetworkInterfacesDeviceIndexThe device index for the network interface attachment.Optional
NetworkInterfaceGroupsThe IDs of one or more security groups.Optional
Ipv6AddressCountThe number of IPv6 addresses to assign to a network interface. .Optional
Ipv6AddressesOne or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet.Optional
NetworkInterfaceIdThe ID of the network interface.Optional
PrivateIpAddressThe primary private IPv4 address of the network interface.Optional
SubnetIdThe ID of the subnet for the network interface.Optional
ImageIdThe ID of the AMI, which you can get by using DescribeImages.Optional
InstanceTypeThe instance type.Optional
KeyNameThe name of the key pair.Optional
MonitoringSpecify true to enable detailed monitoring. Otherwise, basic monitoring is enabled. Possible values are: True, False.Optional
AvailabilityZoneThe Availability Zone for the instance.Optional
PlacementAffinityThe affinity setting for an instance on a Dedicated Host.Optional
AvailabilityZoneGroupNameThe name of the placement group for the instance.Optional
PlacementHostIdThe ID of the Dedicated Host for the instance.Optional
PlacementTenancyThe tenancy of the instance (if the instance is running in a VPC).Optional
PlacementSpreadDomainReserved for future use.Optional
RamDiskIdThe ID of the RAM disk.Optional
DisableApiTerminationIf set to true , you can't terminate the instance using the Amazon EC2 console, CLI, or API. Possible values are: True, False.Optional
InstanceInitiatedShutdownBehaviorIndicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).Optional
UserDataThe Base64-encoded user data to make available to the instance.Optional
TagsThe tags to apply to the resource.Optional
ElasticGpuSpecificationsTypeThe type of Elastic Graphics accelerator.Optional
ElasticInferenceAcceleratorsTypeThe type of elastic inference accelerator. The possible values are eia1.medium, eia1.large, and eia1.xlarge.Optional
securityGroupIdsOne or more security group IDs.Optional
securityGroupsOne or more security group names.Optional
MarketTypeThe market type.Optional
SpotInstanceTypeThe Spot Instance request type.Optional
BlockDurationMinutesThe required duration for the Spot Instances (also known as Spot blocks), in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360).Optional
SpotValidUntilThe end date of the request.Optional
SpotInstanceInterruptionBehaviorThe behavior when a Spot Instance is interrupted. The default is terminate.Optional
SpotMaxPriceThe maximum hourly price you're willing to pay for the Spot Instances.Optional

Context Output#

PathTypeDescription
AWS.EC2.LaunchTemplates.LaunchTemplateIdStringThe ID of the launch template.
AWS.EC2.LaunchTemplates.LaunchTemplateNameStringThe name of the launch template.
AWS.EC2.LaunchTemplates.CreateTimeDateThe time launch template was created.
AWS.EC2.LaunchTemplates.CreatedByStringThe principal that created the launch template.
AWS.EC2.LaunchTemplates.DefaultVersionNumberNumberThe version number of the default version of the launch template.
AWS.EC2.LaunchTemplates.LatestVersionNumberNumberThe version number of the latest version of the launch template.
AWS.EC2.LaunchTemplates.Tags.KeyStringThe key of the tag.
AWS.EC2.LaunchTemplates.Tags.ValueStringThe value of the tag.
AWS.EC2.LaunchTemplates.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-delete-launch-template#


Deletes a launch template. Deleting a launch template deletes all of its versions.

Base Command#

aws-ec2-delete-launch-template

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
LaunchTemplateIdThe ID of the launch template.Optional
LaunchTemplateNameThe name of the launch template.Optional

Context Output#

PathTypeDescription
AWS.EC2.DeletedLaunchTemplates.LaunchTemplateIdStringThe ID of the launch template.
AWS.EC2.DeletedLaunchTemplates.LaunchTemplateNameStringThe name of the launch template.
AWS.EC2.DeletedLaunchTemplates.CreateTimeDateThe time launch template was created.
AWS.EC2.DeletedLaunchTemplates.CreatedByStringThe principal that created the launch template.
AWS.EC2.DeletedLaunchTemplates.DefaultVersionNumberNumberThe version number of the default version of the launch template.
AWS.EC2.DeletedLaunchTemplates.LatestVersionNumberNumberThe version number of the latest version of the launch template.
AWS.EC2.DeletedLaunchTemplates.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-modify-image-attribute#


Modifies the specified attribute of the specified AMI.

Base Command#

aws-ec2-modify-image-attribute

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
AttributeThe name of the attribute to modify. The valid values are description, launchPermission, and productCodes.Optional
DescriptionA new description for the AMI.Optional
ImageIdThe ID of the AMI.Required
LaunchPermission-Add-GroupThe name of the group.Optional
LaunchPermission-Add-UserIdThe AWS account ID.Optional
LaunchPermission-Remove-GroupThe name of the group.Optional
LaunchPermission-Remove-UserIdThe AWS account ID.Optional
OperationTypeThe operation type.Optional
ProductCodesOne or more DevPay product codes. After you add a product code to an AMI, it can't be removed.Optional
UserGroupsOne or more user groups. This parameter can be used only when the Attribute parameter is launchPermission.Optional
UserIdsOne or more AWS account IDs. This parameter can be used only when the Attribute parameter is launchPermission.Optional
ValueThe value of the attribute being modified. This parameter can be used only when the Attribute parameter is description or productCodes.Optional

Context Output#

There is no context output for this command.

aws-ec2-delete-subnet#


Deletes the specified subnet. You must terminate all running instances in the subnet before you can delete the subnet.

Base Command#

aws-ec2-delete-subnet

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
SubnetIdThe ID of the subnet.Required

Context Output#

There is no context output for this command.

aws-ec2-delete-vpc#


Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on.

Base Command#

aws-ec2-delete-vpc

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
VpcIdThe ID of the VPC.Required

Context Output#

There is no context output for this command.

aws-ec2-delete-internet-gateway#


Deletes the specified internet gateway. You must detach the internet gateway from the VPC before you can delete it.

Base Command#

aws-ec2-delete-internet-gateway

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
InternetGatewayIdThe ID of the internet gateway.Required

Context Output#

There is no context output for this command.

aws-ec2-describe-internet-gateway#


Describes one or more of your internet gateways.

Base Command#

aws-ec2-describe-internet-gateway

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
filtersOne or more filters separated by ';'. See the AWS documentation for details & filter options.Optional
InternetGatewayIdsOne or more internet gateway IDs.Optional

Context Output#

PathTypeDescription
AWS.EC2.InternetGateways.InternetGatewayIdstringThe ID of the internet gateway.
AWS.EC2.InternetGateways.OwnerIdstringThe ID of the AWS account that owns the internet gateway.
AWS.EC2.InternetGateways.TagsstringAny tags assigned to the internet gateway.
AWS.EC2.InternetGateways.Attachments.StatestringThe current state of the attachment.
AWS.EC2.InternetGateways.Attachments.VpcIdstringThe ID of the VPC.
AWS.EC2.InternetGateways.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-detach-internet-gateway#


Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC. The VPC must not contain any running instances with Elastic IP addresses or public IPv4 addresses.

Base Command#

aws-ec2-detach-internet-gateway

Input#

Argument NameDescriptionRequired
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
InternetGatewayIdThe ID of the internet gateway.Required
VpcIdThe ID of the VPC.Required

Context Output#

There is no context output for this command.

aws-ec2-create-traffic-mirror-session#


Creates a Traffic Mirror session.

Base Command#

aws-ec2-create-traffic-mirror-session

Input#

Argument NameDescriptionRequired
NetworkInterfaceIdThe ID of the source network interface.Required
TrafficMirrorTargetIdThe ID of the Traffic Mirror target.Required
TrafficMirrorFilterIdThe ID of the Traffic Mirror filter.Required
PacketLengthThe number of bytes in each packet to mirror.Optional
SessionNumberThe session number determines the order in which sessions are evaluated when an interface is used by multiple sessions.Required
VirtualNetworkIdThe VXLAN ID for the Traffic Mirror session.Optional
DescriptionThe description of the Traffic Mirror session.Optional
TagsThe tags to assign to a Traffic Mirror session.Optional
DryRunChecks whether you have the required permissions for the action, without actually making the request, and provides an error response.Optional
ClientTokenUnique, case-sensitive identifier that you provide to ensure the idempotency of the request.Optional

Context Output#

PathTypeDescription
AWS.EC2.TrafficMirrorSession.TrafficMirrorSessionIdStringThe ID for the Traffic Mirror session.
AWS.EC2.TrafficMirrorSession.TrafficMirrorTargetIdStringThe ID of the Traffic Mirror target.
AWS.EC2.TrafficMirrorSession.TrafficMirrorFilterIdStringThe ID of the Traffic Mirror filter.
AWS.EC2.TrafficMirrorSession.NetworkInterfaceIdStringThe ID of the Traffic Mirror session's network interface.
AWS.EC2.TrafficMirrorSession.OwnerIdStringThe ID of the account that owns the Traffic Mirror session.
AWS.EC2.TrafficMirrorSession.PacketLengthNumberThe number of bytes in each packet to mirror.
AWS.EC2.TrafficMirrorSession.SessionNumberNumberThe session number determines the order in which sessions are evaluated when an interface is used by multiple sessions.
AWS.EC2.TrafficMirrorSession.VirtualNetworkIdNumberThe virtual network ID associated with the Traffic Mirror session.
AWS.EC2.TrafficMirrorSession.DescriptionStringThe description of the Traffic Mirror session.
AWS.EC2.TrafficMirrorSession.Tags.KeyStringThe key of the tag.
AWS.EC2.TrafficMirrorSession.Tags.ValueStringThe value of the tag.
AWS.EC2.TrafficMirrorSession.ClientTokenStringUnique, case-sensitive identifier that you provide to ensure the idempotency of the request.
AWS.EC2.TrafficMirrorSession.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

aws-ec2-revoke-security-group-egress-rule#


Removes egress rule from a security group. To remove a rule, the values that you specify (for example, ports) must match the existing rule's values exactly.

Base Command#

aws-ec2-revoke-security-group-egress-rule

Input#

Argument NameDescriptionRequired
groupIdThe ID of the security group.Required
IpPermissionsfromPortThe start of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.Optional
IpPermissionsToPortThe end of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.Optional
IpPermissionsIpProtocolThe IP protocol name (tcp, udp, icmp, icmpv6) or number.Optional
IpRangesCidrIpThe IPv4 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.Optional
IpRangesDescriptionA description for the security group rule that references this IPv4 address range. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}$*!.Optional
Ipv6RangesCidrIpThe IPv6 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv6 address, use the /128 prefix length.Optional
Ipv6RangesDescriptionA description for the security group rule that references this IPv6 address range. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*.Optional
PrefixListIdThe ID of the prefix.Optional
PrefixListIdDescriptionA description for the security group rule that references this prefix list ID. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}$*!.Optional
UserIdGroupPairsDescriptionA description for the security group rule that references this user ID group pair. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}$*!.Optional
UserIdGroupPairsGroupIdThe ID of the security group.Optional
UserIdGroupPairsGroupNameThe name of the security group. In a request, use this parameter for a security group in EC2-Classic or a default VPC only. For a security group in a nondefault VPC, use the security group ID. For a referenced security group in another VPC, this value is not returned if the referenced security group is deleted.Optional
UserIdGroupPairsPeeringStatusThe status of a VPC peering connection, if applicable.Optional
UserIdGroupPairsUserIdThe ID of an AWS account. For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned. [EC2-Classic] Required when adding or removing rules that reference a security group in another AWS account.Optional
UserIdGroupPairsVpcIdThe ID of the VPC for the referenced security group, if applicable.Optional
UserIdGroupPairsVpcPeeringConnectionIdThe ID of the VPC peering connection, if applicable.Optional
regionThe AWS region. If not specified, the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
IpPermissionsFullFull IpPermissions argument as a string to more easily target rules (for example, """[{"IpProtocol": "-1", "IpRanges": [{"CidrIp": "0.0.0.0/0"}], "Ipv6Ranges": [], "PrefixListIds": [], "UserIdGroupPairs": []}]""").Optional

Context Output#

There is no context output for this command.

aws-ec2-allocate-hosts#


Allocates a Dedicated Host to your account.

Base Command#

aws-ec2-allocate-hosts

Input#

Argument NameDescriptionRequired
availability_zoneThe Availability Zone in which to allocate the Dedicated Host.Required
quantityThe number of Dedicated Hosts to allocate to your account with these parameters.Required
auto_placementIndicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID. The default is "on". Possible values are: on, off.Optional
client_tokenUnique, case-sensitive identifier that you provide to ensure the idempotency of the request.Optional
instance_typeSpecifies the instance type to be supported by the Dedicated Hosts. If you specify an instance type, the Dedicated Hosts support instances of the specified instance type only. If you want the Dedicated Hosts to support multiple instance types in a specific instance family, omit this parameter and specify InstanceFamily instead. You cannot specify InstanceType and InstanceFamily in the same request.Optional
instance_familySpecifies the instance family to be supported by the Dedicated Hosts. If you specify an instance family, the Dedicated Hosts support multiple instance types within that instance family. If you want the Dedicated Hosts to support a specific instance type only, omit this parameter and specify InstanceType instead. You cannot specify InstanceFamily and InstanceType in the same request.Optional
host_recoveryIndicates whether to enable or disable host recovery for the Dedicated Host. Host recovery is disabled by default. Possible values are: on, off.Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.EC2.Host.HostIdStringThe ID of the allocated Dedicated Host. This is used to launch an instance onto a specific host.
AWS.EC2.Host.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command Example#

!aws-ec2-allocate-hosts availability_zone="us-east-1b" quantity=1 instance_type="m5.large"

Human Readable Output#

AWS EC2 Dedicated Host ID#

HostId
h-00548908djdsgfs

aws-ec2-release-hosts#


Release on demand dedicated host.

Base Command#

aws-ec2-release-hosts

Input#

Argument NameDescriptionRequired
host_idA comma-separated list of IDs of the Dedicated Hosts to release.Required
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-ec2-release-hosts host_id="h-00548908djdsgfs"

Human Readable Output#

The host was successfully released.

aws-ec2-modify-snapshot-permission#


Adds or removes permission settings for the specified snapshot.

Base Command#

aws-ec2-modify-snapshot-permission

Input#

Argument NameDescriptionRequired
snapshotIdThe ID of the EBS snapshot.Required
operationTypeThe operation type, add or remove. Possible values are: add, remove.Required
groupNamesCSV of security group names. This parameter can be used only when UserIds not provided.Optional
userIdsCSV of AWS account IDs. This parameter can be used only when groupNames not provided.Optional
dryRunChecks whether you have the required permissions for the action, without actually making the request, and provides an error response. Possible values are: True, False.Optional
regionThe AWS Region, if not specified the default region will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command example#

!aws-ec2-modify-snapshot-permission operationType=remove snapshotId=snap-04b2d21f20d2388f2 userIds=123456789012

Human Readable Output#

Snapshot snap-04b2d21f20d2388f2 permissions was successfully updated.

aws-ec2-describe-ipam-resource-discoveries#


Describes IPAM resource discoveries. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.

Base Command#

aws-ec2-describe-ipam-resource-discoveries

Input#

Argument NameDescriptionRequired
IpamResourceDiscoveryIdsA comma-separated list of the IPAM resource discovery IDs.Optional
FiltersOne or more filters separated by ';'. See AWS documentation for details & filter options (https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html).Optional
MaxResultsThe maximum number of results to return in a single call. Specify a value between 5 and 1000.Optional
NextTokenThe token for the next set of results.Optional
AddressRegionThe Amazon Web Services region for the IP address.Optional

Context Output#

PathTypeDescription
AWS.EC2.IpamResourceDiscoveries.IpamResourceDiscoveryIdStringThe resource discovery ID.
AWS.EC2.IpamResourceDiscoveries.OwnerIdStringThe ID of the owner.
AWS.EC2.IpamResourceDiscoveries.IpamResourceDiscoveryRegionStringThe resource discovery region.
AWS.EC2.IpamResourceDiscoveries.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command example#

!aws-ec2-describe-ipam-resource-discoveries

Context Example#

{
"AWS": {
"EC2": {
"IpamResourceDiscoveries": {
"IpamResourceDiscoveryArn": "arn:aws:ec2::222222222222:ipam-resource-discovery/ipam-res-disco-11111111111111111",
"IpamResourceDiscoveryId": "ipam-res-disco-11111111111111111",
"IpamResourceDiscoveryRegion": "us-east-1",
"IsDefault": true,
"OperatingRegions": [
{
"RegionName": "ap-south-1"
},
{
"RegionName": "eu-north-1"
},
{
"RegionName": "eu-west-3"
},
{
"RegionName": "eu-west-2"
},
{
"RegionName": "eu-west-1"
},
{
"RegionName": "ap-northeast-3"
},
{
"RegionName": "ap-northeast-2"
},
{
"RegionName": "ap-northeast-1"
},
{
"RegionName": "ca-central-1"
},
{
"RegionName": "sa-east-1"
},
{
"RegionName": "ap-southeast-1"
},
{
"RegionName": "ap-southeast-2"
},
{
"RegionName": "eu-central-1"
},
{
"RegionName": "us-east-1"
},
{
"RegionName": "us-east-2"
},
{
"RegionName": "us-west-1"
},
{
"RegionName": "us-west-2"
}
],
"OwnerId": "222222222222",
"State": "create-complete",
"Tags": []
}
}
}
}

Human Readable Output#

Ipam Resource Discoveries#

IpamResourceDiscoveryArnIpamResourceDiscoveryIdIpamResourceDiscoveryRegionIsDefaultOperatingRegionsOwnerIdStateTags
arn:aws:ec2::222222222222:ipam-resource-discovery/ipam-res-disco-11111111111111111ipam-res-disco-11111111111111111us-east-1true{'RegionName': 'ap-south-1'},
{'RegionName': 'eu-north-1'},
{'RegionName': 'eu-west-3'},
{'RegionName': 'eu-west-2'},
{'RegionName': 'eu-west-1'},
{'RegionName': 'ap-northeast-3'},
{'RegionName': 'ap-northeast-2'},
{'RegionName': 'ap-northeast-1'},
{'RegionName': 'ca-central-1'},
{'RegionName': 'sa-east-1'},
{'RegionName': 'ap-southeast-1'},
{'RegionName': 'ap-southeast-2'},
{'RegionName': 'eu-central-1'},
{'RegionName': 'us-east-1'},
{'RegionName': 'us-east-2'},
{'RegionName': 'us-west-1'},
{'RegionName': 'us-west-2'}
222222222222create-complete

aws-ec2-describe-ipam-resource-discovery-associations#


Describes resource discovery association with an Amazon VPC IPAM. An associated resource discovery is a resource discovery that has been associated with an IPAM.

Base Command#

aws-ec2-describe-ipam-resource-discovery-associations

Input#

Argument NameDescriptionRequired
IpamResourceDiscoveryAssociationIdsA comma-separated list of the resource discovery association IDs.Optional
FiltersOne or more filters separated by ';'. See AWS documentation for details & filter options (https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html).Optional
MaxResultsThe maximum number of results to return in a single call. Specify a value between 5 and 1000.Optional
NextTokenThe token for the next set of results.Optional
AddressRegionThe Amazon Web Services region for the IP address.Optional

Context Output#

PathTypeDescription
AWS.EC2.IpamResourceDiscoveryAssociations.IpamResourceDiscoveryAssociationIdStringThe resource discovery association ID.
AWS.EC2.IpamResourceDiscoveryAssociations.IpamResourceDiscoveryIdStringThe resource discovery ID.
AWS.EC2.IpamResourceDiscoveryAssociations.IpamRegionStringThe IPAM home region.
AWS.EC2.IpamResourceDiscoveryAssociations.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command example#

!aws-ec2-describe-ipam-resource-discovery-associations

Context Example#

{
"AWS": {
"EC2": {
"IpamResourceDiscoveryAssociations": {
"IpamArn": "arn:aws:ec2::222222222222:ipam/ipam-11111111111111111",
"IpamId": "ipam-11111111111111111",
"IpamRegion": "us-east-1",
"IpamResourceDiscoveryAssociationArn": "arn:aws:ec2::222222222222:ipam-resource-discovery-association/ipam-res-disco-assoc-11111111111111111",
"IpamResourceDiscoveryAssociationId": "ipam-res-disco-assoc-11111111111111111",
"IpamResourceDiscoveryId": "ipam-res-disco-11111111111111111",
"IsDefault": true,
"OwnerId": "222222222222",
"ResourceDiscoveryStatus": "active",
"State": "associate-complete",
"Tags": []
}
}
}
}

Human Readable Output#

Ipam Resource Discovery Associations#

IpamArnIpamIdIpamRegionIpamResourceDiscoveryAssociationArnIpamResourceDiscoveryAssociationIdIpamResourceDiscoveryIdIsDefaultOwnerIdResourceDiscoveryStatusStateTags
arn:aws:ec2::222222222222:ipam/ipam-11111111111111111ipam-11111111111111111us-east-1arn:aws:ec2::222222222222:ipam-resource-discovery-association/ipam-res-disco-assoc-11111111111111111ipam-res-disco-assoc-11111111111111111ipam-res-disco-11111111111111111true222222222222activeassociate-complete

aws-ec2-get-ipam-discovered-public-addresses#


Gets the public IP addresses that have been discovered by IPAM.

Base Command#

aws-ec2-get-ipam-discovered-public-addresses

Input#

Argument NameDescriptionRequired
IpamResourceDiscoveryIdAn IPAM resource discovery ID.Required
AddressRegionThe Amazon Web Services Region for the IP address.Required
FiltersOne or more filters separated by ';'. See AWS documentation for details & filter options (https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html).Optional
MaxResultsThe maximum number of results to return in a single call. Specify a value between 5 and 1000.Optional
NextTokenThe token for the next set of results.Optional

Context Output#

PathTypeDescription
AWS.EC2.IpamDiscoveredPublicAddresses.AddressStringIPAM discovered public addresses.
AWS.EC2.IpamDiscoveredPublicAddresses.AddressOwnerIdStringThe ID of the owner of the resource the IP address is assigned to.
AWS.EC2.IpamDiscoveredPublicAddresses.AddressTypeStringThe IP address type.
AWS.EC2.IpamDiscoveredPublicAddresses.AssociationStatusStringThe association status.
AWS.EC2.IpamDiscoveredPublicAddresses.InstanceIdStringThe instance ID of the instance the assigned IP address is assigned to.
AWS.EC2.IpamDiscoveredPublicAddresses.TagsUnknownTags associated with the IP address.
AWS.EC2.IpamDiscoveredPublicAddresses.AccountIdstringThe ID of the AWS account with which the EC2 instance is associated. This key is only present when the parameter "AWS organization accounts" is provided.

Command example#

!aws-ec2-get-ipam-discovered-public-addresses IpamResourceDiscoveryId=ipam-res-disco-11111111111111111 AddressRegion=us-east-1 Filters=Name=address,Values=1.1.1.1

Context Example#

{
"AWS": {
"EC2": {
"IpamDiscoveredPublicAddresses": {
"Address": "1.1.1.1",
"AddressAllocationId": "eipalloc-11111111111111111",
"AddressOwnerId": "222222222222",
"AddressRegion": "us-east-1",
"AddressType": "amazon-owned-eip",
"AssociationStatus": "associated",
"InstanceId": "i-11111111111111111",
"IpamResourceDiscoveryId": "ipam-res-disco-11111111111111111",
"NetworkBorderGroup": "us-east-1",
"NetworkInterfaceDescription": "",
"NetworkInterfaceId": "eni-11111111111111111",
"PublicIpv4PoolId": "amazon",
"SampleTime": "2023-11-26T02:00:45",
"SecurityGroups": [
{
"GroupId": "sg-11111111111111111",
"GroupName": "example_sg"
}
],
"SubnetId": "subnet-11111111111111111",
"Tags": {
"EipTags": []
},
"VpcId": "vpc-11111111111111111"
}
}
}
}

Human Readable Output#

Ipam Discovered Public Addresses#

AddressAddressAllocationIdAddressOwnerIdAddressRegionAddressTypeAssociationStatusInstanceIdIpamResourceDiscoveryIdNetworkBorderGroupNetworkInterfaceDescriptionNetworkInterfaceIdPublicIpv4PoolIdSampleTimeSecurityGroupsSubnetIdTagsVpcId
1.1.1.1eipalloc-11111111111111111222222222222us-east-1amazon-owned-eipassociatedi-11111111111111111ipam-res-disco-11111111111111111us-east-1eni-11111111111111111amazon2023-11-26T02:00:45{'GroupName': 'example_sg', 'GroupId': 'sg-11111111111111111'}subnet-11111111111111111EipTags:vpc-11111111111111111