Adapter
Adapter for Integration to Amazon Web Services Elastic Compute Cloud (EC2)
Overview
This adapter is used to integrate the Itential Automation Platform (IAP) with the Awsec2 System. The API that was used to build the adapter for Awsec2 is usually available in the report directory of this adapter. The adapter utilizes the Awsec2 API to provide the integrations that are deemed pertinent to IAP. The ReadMe file is intended to provide information on this adapter it is generated from various other Markdown files.
Details
The AWS EC2 adapter from Itential is used to integrate the Itential Automation Platform (IAP) with AWS EC2. With this adapter you have the ability to perform operations such as:
- Configure and Manage VPCs.
For further technical details on how to install and use this adapter, please click the Technical Documentation tab.
Awsec2
Table of Contents
Getting Started
These instructions will help you get a copy of the project on your local machine for development and testing. Reading this section is also helpful for deployments as it provides you with pertinent information on prerequisites and properties.
Helpful Background Information
There is Adapter documentation available on the Itential Documentation Site. This documentation includes information and examples that are helpful for:
Authentication
IAP Service Instance Configuration
Code Files
Endpoint Configuration (Action & Schema)
Mock Data
Adapter Generic Methods
Headers
Security
Linting and Testing
Build an Adapter
Troubleshooting an AdapterOthers will be added over time. Want to build a new adapter? Use the Itential Adapter Builder
Prerequisites
The following is a list of required packages for installation on the system the adapter will run on:
Node.js
npm
GitThe following list of packages are required for Itential opensource adapters or custom adapters that have been built utilizing the Itential Adapter Builder. You can install these packages by running npm install inside the adapter directory.
| Package | Description |
|---|---|
| @itentialopensource/adapter-utils | Runtime library classes for all adapters; includes request handling, connection, authentication throttling, and translation. |
| ajv | Required for validation of adapter properties to integrate with Awsec2. |
| axios | Utilized by the node scripts that are included with the adapter; helps to build and extend the functionality. |
| commander | Utilized by the node scripts that are included with the adapter; helps to build and extend the functionality. |
| dns-lookup-promise | Utilized by the node scripts that are included with the adapter; helps to build and extend the functionality. |
| fs-extra | Utilized by the node scripts that are included with the adapter; helps to build and extend the functionality. |
| mocha | Testing library that is utilized by some of the node scripts that are included with the adapter. |
| mocha-param | Testing library that is utilized by some of the node scripts that are included with the adapter. |
| mongodb | Utilized by the node scripts that are included with the adapter; helps to build and extend the functionality. |
| nyc | Testing coverage library that is utilized by some of the node scripts that are included with the adapter. |
| ping | Utilized by the node scripts that are included with the adapter; helps to build and extend the functionality. |
| readline-sync | Utilized by the node script that comes with the adapter; helps to test unit and integration functionality. |
| semver | Utilized by the node scripts that are included with the adapter; helps to build and extend the functionality. |
| winston | Utilized by the node scripts that are included with the adapter; helps to build and extend the functionality. |
If you are developing and testing a custom adapter, or have testing capabilities on an Itential opensource adapter, you will need to install these packages as well.
chai
eslint
eslint-config-airbnb-base
eslint-plugin-import
eslint-plugin-json
testdoubleHow to Install
- Set up the name space location in your IAP node_modules.
cd /opt/pronghorn/current/node_modules (* could be in a different place)
if the @itentialopensource directory does not exist, create it:
mkdir @itentialopensource- Clone/unzip/tar the adapter into your IAP environment.
cd \@itentialopensource
git clone git@gitlab.com:\@itentialopensource/adapters/adapter-aws_ec2
or
unzip adapter-aws_ec2.zip
or
tar -xvf adapter-aws_ec2.tar- Run the adapter install script.
cd adapter-aws_ec2
npm install
npm run lint:errors
npm run test- Restart IAP
systemctl restart pronghornCreate an adapter service instance configuration in IAP Admin Essentials GUI
Copy the properties from the sampleProperties.json and paste them into the service instance configuration in the inner/second properties field.
Change the adapter service instance configuration (host, port, credentials, etc) in IAP Admin Essentials GUI
For an easier install of the adapter use npm run adapter:install, it will install the adapter in IAP. Please note that it can be dependent on where the adapter is installed and on the version of IAP so it is subject to fail. If using this, you can replace step 3-5 above with these:
- Install adapter dependencies and check the adapter.
cd adapter-aws_ec2
npm run adapter:install- Restart IAP
systemctl restart pronghorn- Change the adapter service instance configuration (host, port, credentials, etc) in IAP Admin Essentials GUI
Testing
Mocha is generally used to test all Itential Opensource Adapters. There are unit tests as well as integration tests performed. Integration tests can generally be run as standalone using mock data and running the adapter in stub mode, or as integrated. When running integrated, every effort is made to prevent environmental failures, however there is still a possibility.
Unit Testing
Unit Testing includes testing basic adapter functionality as well as error conditions that are triggered in the adapter prior to any integration. There are two ways to run unit tests. The prefered method is to use the testRunner script; however, both methods are provided here.
node utils/testRunner --unit
npm run test:unit
npm run test:baseunitTo add new unit tests, edit the test/unit/adapterTestUnit.js file. The tests that are already in this file should provide guidance for adding additional tests.
Integration Testing - Standalone
Standalone Integration Testing requires mock data to be provided with the entities. If this data is not provided, standalone integration testing will fail. When the adapter is set to run in stub mode (setting the stub property to true), the adapter will run through its code up to the point of making the request. It will then retrieve the mock data and return that as if it had received that data as the response from Awsec2. It will then translate the data so that the adapter can return the expected response to the rest of the Itential software. Standalone is the default integration test.
Similar to unit testing, there are two ways to run integration tests. Using the testRunner script is better because it prevents you from having to edit the test script; it will also resets information after testing is complete so that credentials are not saved in the file.
node utils/testRunner
answer no at the first prompt
npm run test:integrationTo add new integration tests, edit the test/integration/adapterTestIntegration.js file. The tests that are already in this file should provide guidance for adding additional tests.
Integration Testing
Integration Testing requires connectivity to Awsec2. By using the testRunner script it prevents you from having to edit the integration test. It also resets the integration test after the test is complete so that credentials are not saved in the file.
Note: These tests have been written as a best effort to make them work in most environments. However, the Adapter Builder often does not have the necessary information that is required to set up valid integration tests. For example, the order of the requests can be very important and data is often required for
createsandupdates. Hence, integration tests may have to be enhanced before they will work (integrate) with Awsec2. Even after tests have been set up properly, it is possible there are environmental constraints that could result in test failures. Some examples of possible environmental issues are customizations that have been made within Awsec2 which change order dependencies or required data.
node utils/testRunner
answer yes at the first prompt
answer all other questions on connectivity and credentialsTest should also be written to clean up after themselves. However, it is important to understand that in some cases this may not be possible. In addition, whenever exceptions occur, test execution may be stopped, which will prevent cleanup actions from running. It is recommended that tests be utilized in dev and test labs only.
Reminder: Do not check in code with actual credentials to systems.
Configuration
This section defines all the properties that are available for the adapter, including detailed information on what each property is for. If you are not using certain capabilities with this adapter, you do not need to define all of the properties. An example of how the properties for this adapter can be used with tests or IAP are provided in the sampleProperties.
Example Properties
"properties": {
"host": "ec2.us-east-1.amazonaws.com",
"region": "us-east-1",
"port": 443,
"choosepath": "",
"base_path": "/",
"version": "",
"cache_location": "none",
"encode_pathvars": true,
"encode_queryvars": true,
"save_metric": false,
"stub": true,
"protocol": "https",
"service": "ec2",
"xmlArrayKeys": [
"item"
],
"authentication": {
"auth_method": "aws_authentication",
"username": "username",
"password": "password",
"token": "",
"token_timeout": 180000,
"token_cache": "local",
"invalid_token_error": 401,
"auth_field": "header.headers.Cookie",
"auth_field_format": "Token {token}",
"auth_logging": false,
"client_id": "",
"client_secret": "",
"grant_type": "",
"sensitive": [],
"sso": {
"protocol": "",
"host": "",
"port": 0
},
"multiStepAuthCalls": [
{
"name": "",
"requestFields": {},
"responseFields": {},
"successfullResponseCode": 200
}
],
"aws_access_key": "aws_access_key",
"aws_secret_key": "aws_secret_key",
"aws_session_token": "aws_session_token",
"aws_iam_role": ""
},
"healthcheck": {
"type": "startup",
"frequency": 60000,
"query_object": {
"Action": "DescribeRegions",
"Version": "2016-11-15"
},
"addlHeaders": {}
},
"throttle": {
"throttle_enabled": false,
"number_pronghorns": 1,
"sync_async": "sync",
"max_in_queue": 1000,
"concurrent_max": 1,
"expire_timeout": 0,
"avg_runtime": 200,
"priorities": [
{
"value": 0,
"percent": 100
}
]
},
"request": {
"number_redirects": 0,
"number_retries": 3,
"limit_retry_error": 0,
"failover_codes": [],
"attempt_timeout": 5000,
"global_request": {
"payload": {},
"uriOptions": {},
"addlHeaders": {},
"authData": {}
},
"healthcheck_on_timeout": true,
"return_raw": false,
"archiving": false,
"return_request": false
},
"proxy": {
"enabled": false,
"host": "",
"port": 1,
"protocol": "http",
"username": "",
"password": ""
},
"ssl": {
"ecdhCurve": "",
"enabled": false,
"accept_invalid_cert": true,
"ca_file": "",
"key_file": "",
"cert_file": "",
"secure_protocol": "",
"ciphers": ""
},
"mongo": {
"host": "",
"port": 0,
"database": "",
"username": "",
"password": "",
"replSet": "",
"db_ssl": {
"enabled": false,
"accept_invalid_cert": false,
"ca_file": "",
"key_file": "",
"cert_file": ""
}
},
"devicebroker": {
"enabled": true,
"getDevice": [
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeVpcs",
"Version": "2016-11-15",
"VpcId.1": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "DescribeVpcsResponse.vpcSet.item",
"responseFields": {
"name": "{vpcId}",
"ostype": "{vpc}",
"ostypePrefix": "aws-",
"ipaddress": "{cidrBlock}",
"port": "n/a"
}
}
],
"getDevicesFiltered": [
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeVpcs",
"Version": "2016-11-15"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "DescribeVpcsResponse.vpcSet.item",
"responseFields": {
"name": "{vpcId}",
"ostype": "{vpc}",
"ostypePrefix": "aws-",
"ipaddress": "{cidrBlock}",
"port": "n/a",
"vpcId": "{vpcId}"
}
}
],
"isAlive": [
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeVpcs",
"Version": "2016-11-15",
"VpcId.1": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "DescribeVpcsResponse.vpcSet.item",
"responseFields": {
"status": "{state}",
"statusValue": "available"
}
}
],
"getConfig": [
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeInternetGateways",
"Version": "2016-11-15",
"Filter.1.Name": "attachment.vpc-id",
"Filter.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
},
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeSubnets",
"Version": "2016-11-15",
"Filter.1.Name": "vpc-id",
"Filter.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
},
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeRouteTables",
"Version": "2016-11-15",
"Filter.1.Name": "vpc-id",
"Filter.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
},
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeNetworkAcls",
"Version": "2016-11-15",
"Filter.1.Name": "vpc-id",
"Filter.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
},
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeVpcPeeringConnections",
"Version": "2016-11-15",
"Filter.1.Name": "requester-vpc-info.vpc-id",
"Filter.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
},
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeVpcEndpoints",
"Version": "2016-11-15",
"Filter.1.Name": "vpc-id",
"Filter.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
},
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeNatGateways",
"Version": "2016-11-15",
"Filter.1.Name": "vpc-id",
"Filter.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
},
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeSecurityGroups",
"Version": "2016-11-15",
"Filter.1.Name": "vpc-id",
"Filter.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
},
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeInstances",
"Version": "2016-11-15",
"Filter.1.Name": "vpc-id",
"Filter.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
},
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeVpnConnections",
"Version": "2016-11-15",
"VpnConnectionId.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
},
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeVpnGateways",
"Version": "2016-11-15",
"Filter.1.Name": "attachment.vpc-id",
"Filter.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
},
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeNetworkInterfaces",
"Version": "2016-11-15",
"Filter.1.Name": "vpc-id",
"Filter.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
},
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeVpcs",
"Version": "2016-11-15",
"Filter.1.Name": "vpc-id",
"Filter.1.Value": "{vpcId}"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "",
"responseFields": {}
}
],
"getCount": [
{
"path": "/",
"method": "GET",
"query": {
"Action": "DescribeVpcs",
"Version": "2016-11-15"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "DescribeVpcsResponse.vpcSet.item",
"responseFields": {
"name": "{vpcId}",
"ostype": "vpc",
"ostypePrefix": "aws-",
"ipaddress": "{cidrBlock}",
"port": "n/a",
"vpcId": "{vpcId}"
}
}
]
},
"cache": {
"enabled": false,
"entities": [
{
"entityType": "device",
"frequency": 3600,
"flushOnFail": false,
"limit": 1000,
"retryAttempts": 5,
"sort": true,
"populate": [
{
"path": "/",
"method": "GET",
"pagination": {
"offsetVar": "",
"limitVar": "",
"incrementBy": "limit",
"requestLocation": "query"
},
"query": {
"Action": "DescribeVpcs",
"Version": "2016-11-15"
},
"body": {},
"headers": {},
"handleFailure": "ignore",
"requestFields": {},
"responseDatakey": "result.response.DescribeVpcsResponse.vpcSet.item",
"responseFields": {
"cidrBlock": "{cidrBlock}",
"name": "{vpcId}",
"ostype": "{vpc}",
"ostypePrefix": "aws-",
"ipaddress": "{cidrBlock}",
"port": "n/a",
"vpcId": "{vpcId}"
}
}
],
"cachedTasks": [
{
"name": "",
"filterField": "",
"filterLoc": ""
}
]
}
]
}
}Connection Properties
These base properties are used to connect to Awsec2 upon the adapter initially coming up. It is important to set these properties appropriately.
| Property | Description |
|---|---|
| host | Required. A fully qualified domain name or IP address. |
| port | Required. Used to connect to the server. |
| base_path | Optional. Used to define part of a path that is consistent for all or most endpoints. It makes the URIs easier to use and maintain but can be overridden on individual calls. An example **base_path** might be `/rest/api`. Default is ``. |
| version | Optional. Used to set a global version for action endpoints. This makes it faster to update the adapter when endpoints change. As with the base-path, version can be overridden on individual endpoints. Default is ``. |
| cache_location | Optional. Used to define where the adapter cache is located. The cache is used to maintain an entity list to improve performance. Storage locally is lost when the adapter is restarted. Storage in Redis is preserved upon adapter restart. Default is none which means no caching of the entity list. |
| encode_pathvars | Optional. Used to tell the adapter to encode path variables or not. The default behavior is to encode them so this property can be used to stop that behavior. |
| encode_queryvars | Optional. Used to tell the adapter to encode query parameters or not. The default behavior is to encode them so this property can be used to stop that behavior. |
| save_metric | Optional. Used to tell the adapter to save metric information (this does not impact metrics returned on calls). This allows the adapter to gather metrics over time. Metric data can be stored in a database or on the file system. |
| stub | Optional. Indicates whether the stub should run instead of making calls to Awsec2 (very useful during basic testing). Default is false (which means connect to Awsec2). |
| protocol | Optional. Notifies the adapter whether to use HTTP or HTTPS. Default is HTTP. |
A connectivity check tells IAP the adapter has loaded successfully.
Authentication Properties
The following properties are used to define the authentication process to Awsec2.
Note: Depending on the method that is used to authenticate with Awsec2, you may not need to set all of the authentication properties.
| Property | Description |
|---|---|
| auth_method | Required. Used to define the type of authentication currently supported. Authentication methods currently supported are: `basic user_password`, `static_token`, `request_token`, and `no_authentication`. |
| username | Used to authenticate with Awsec2 on every request or when pulling a token that will be used in subsequent requests. |
| password | Used to authenticate with Awsec2 on every request or when pulling a token that will be used in subsequent requests. |
| token | Defines a static token that can be used on all requests. Only used with `static_token` as an authentication method (auth\_method). |
| invalid_token_error | Defines the HTTP error that is received when the token is invalid. Notifies the adapter to pull a new token and retry the request. Default is 401. |
| token_timeout | Defines how long a token is valid. Measured in milliseconds. Once a dynamic token is no longer valid, the adapter has to pull a new token. If the token_timeout is set to -1, the adapter will pull a token on every request to Awsec2. If the timeout_token is 0, the adapter will use the expiration from the token response to determine when the token is no longer valid. |
| token_cache | Used to determine where the token should be stored (local memory or in Redis). |
| auth_field | Defines the request field the authentication (e.g., token are basic auth credentials) needs to be placed in order for the calls to work. |
| auth_field_format | Defines the format of the auth\_field. See examples below. Items enclosed in {} inform the adapter to perofrm an action prior to sending the data. It may be to replace the item with a value or it may be to encode the item. |
| auth_logging | Setting this true will add some additional logs but this should only be done when trying to debug an issue as certain credential information may be logged out when this is true. |
| client_id | Provide a client id when needed, this is common on some types of OAuth. |
| client_secret | Provide a client secret when needed, this is common on some types of OAuth. |
| grant_type | Provide a grant type when needed, this is common on some types of OAuth. |
Examples of authentication field format
"{token}"
"Token {token}"
"{username}:{password}"
"Basic {b64}{username}:{password}{/b64}"Healthcheck Properties
The healthcheck properties defines the API that runs the healthcheck to tell the adapter that it can reach Awsec2. There are currently three types of healthchecks.
- None - Not recommended. Adapter will not run a healthcheck. Consequently, unable to determine before making a request if the adapter can reach Awsec2.
- Startup - Adapter will check for connectivity when the adapter initially comes up, but it will not check afterwards.
- Intermittent - Adapter will check connectivity to Awsec2 at a frequency defined in the
frequencyproperty.
| Property | Description |
|---|---|
| type | Required. The type of health check to run. |
| frequency | Required if intermittent. Defines how often the health check should run. Measured in milliseconds. Default is 300000. |
| query_object | Query parameters to be added to the adapter healthcheck call. |
Request Properties
The request section defines properties to help handle requests.
| Property | Description |
|---|---|
| number_redirects | Optional. Tells the adapter that the request may be redirected and gives it a maximum number of redirects to allow before returning an error. Default is 0 - no redirects. |
| number_retries | Tells the adapter how many times to retry a request that has either aborted or reached a limit error before giving up and returning an error. |
| limit_retry_error | Optional. Can be either an integer or an array. Indicates the http error status number to define that no capacity was available and, after waiting a short interval, the adapter can retry the request. If an array is provvided, the array can contain integers or strings. Strings in the array are used to define ranges (e.g. "502-506"). Default is [0]. |
| failover_codes | An array of error codes for which the adapter will send back a failover flag to IAP so that the Platform can attempt the action in another adapter. |
| attempt_timeout | Optional. Tells how long the adapter should wait before aborting the attempt. On abort, the adapter will do one of two things: 1) return the error; or 2) if **healthcheck\_on\_timeout** is set to true, it will abort the request and run a Healthcheck until it re-establishes connectivity to Awsec2, and then will re-attempt the request that aborted. Default is 5000 milliseconds. |
| global_request | Optional. This is information that the adapter can include in all requests to the other system. This is easier to define and maintain than adding this information in either the code (adapter.js) or the action files. |
| global_request -> payload | Optional. Defines any information that should be included on all requests sent to the other system that have a payload/body. |
| global_request -> uriOptions | Optional. Defines any information that should be sent as untranslated query options (e.g. page, size) on all requests to the other system. |
| global_request -> addlHeaders | Optioonal. Defines any headers that should be sent on all requests to the other system. |
| global_request -> authData | Optional. Defines any additional authentication data used to authentice with the other system. This authData needs to be consistent on every request. |
| healthcheck_on_timeout | Required. Defines if the adapter should run a health check on timeout. If set to true, the adapter will abort the request and run a health check until it re-establishes connectivity and then it will re-attempt the request. |
| return_raw | Optional. Tells the adapter whether the raw response should be returned as well as the IAP response. This is helpful when running integration tests to save mock data. It does add overhead to the response object so it is not ideal from production. |
| archiving | Optional flag. Default is false. It archives the request, the results and the various times (wait time, Awsec2 time and overall time) in the `adapterid_results` collection in MongoDB. Although archiving might be desirable, be sure to develop a strategy before enabling this capability. Consider how much to archive and what strategy to use for cleaning up the collection in the database so that it does not become too large, especially if the responses are large. |
| return_request | Optional flag. Default is false. Will return the actual request that is made including headers. This should only be used during debugging issues as there could be credentials in the actual request. |
SSL Properties
The SSL section defines the properties utilized for ssl authentication with Awsec2. SSL can work two different ways: set the accept\_invalid\_certs flag to true (only recommended for lab environments), or provide a ca\_file.
| Property | Description |
|---|---|
| enabled | If SSL is required, set to true. |
| accept_invalid_certs | Defines if the adapter should accept invalid certificates (only recommended for lab environments). Required if SSL is enabled. Default is false. |
| ca_file | Defines the path name to the CA file used for SSL. If SSL is enabled and the accept invalid certifications is false, then ca_file is required. |
| key_file | Defines the path name to the Key file used for SSL. The key_file may be needed for some systems but it is not required for SSL. |
| cert_file | Defines the path name to the Certificate file used for SSL. The cert_file may be needed for some systems but it is not required for SSL. |
| secure_protocol | Defines the protocol (e.g., SSLv3_method) to use on the SSL request. |
| ciphers | Required if SSL enabled. Specifies a list of SSL ciphers to use. |
| ecdhCurve | During testing on some Node 8 environments, you need to set `ecdhCurve` to auto. If you do not, you will receive PROTO errors when attempting the calls. This is the only usage of this property and to our knowledge it only impacts Node 8 and 9. |
Throttle Properties
The throttle section is used when requests to Awsec2 must be queued (throttled). All of the properties in this section are optional.
| Property | Description |
|---|---|
| throttle_enabled | Default is false. Defines if the adapter should use throttling or not. |
| number_pronghorns | Default is 1. Defines if throttling is done in a single Itential instance or whether requests are being throttled across multiple Itential instances (minimum = 1, maximum = 20). Throttling in a single Itential instance uses an in-memory queue so there is less overhead. Throttling across multiple Itential instances requires placing the request and queue information into a shared resource (e.g. database) so that each instance can determine what is running and what is next to run. Throttling across multiple instances requires additional I/O overhead. |
| sync-async | This property is not used at the current time (it is for future expansion of the throttling engine). |
| max_in_queue | Represents the maximum number of requests the adapter should allow into the queue before rejecting requests (minimum = 1, maximum = 5000). This is not a limit on what the adapter can handle but more about timely responses to requests. The default is currently 1000. |
| concurrent_max | Defines the number of requests the adapter can send to Awsec2 at one time (minimum = 1, maximum = 1000). The default is 1 meaning each request must be sent to Awsec2 in a serial manner. |
| expire_timeout | Default is 0. Defines a graceful timeout of the request session. After a request has completed, the adapter will wait additional time prior to sending the next request. Measured in milliseconds (minimum = 0, maximum = 60000). |
| average_runtime | Represents the approximate average of how long it takes Awsec2 to handle each request. Measured in milliseconds (minimum = 50, maximum = 60000). Default is 200. This metric has performance implications. If the runtime number is set too low, it puts extra burden on the CPU and memory as the requests will continually try to run. If the runtime number is set too high, requests may wait longer than they need to before running. The number does not need to be exact but your throttling strategy depends heavily on this number being within reason. If averages range from 50 to 250 milliseconds you might pick an average run-time somewhere in the middle so that when Awsec2 performance is exceptional you might run a little slower than you might like, but when it is poor you still run efficiently. |
| priorities | An array of priorities and how to handle them in relation to the throttle queue. Array of objects that include priority value and percent of queue to put the item ex { value: 1, percent: 10 } |
Proxy Properties
The proxy section defines the properties to utilize when Awsec2 is behind a proxy server.
| Property | Description |
|---|---|
| enabled | Required. Default is false. If Awsec2 is behind a proxy server, set enabled flag to true. |
| host | Host information for the proxy server. Required if `enabled` is true. |
| port | Port information for the proxy server. Required if `enabled` is true. |
| protocol | The protocol (i.e., http, https, etc.) used to connect to the proxy. Default is http. |
| username | If there is authentication for the proxy, provide the username here. |
| password | If there is authentication for the proxy, provide the password here. |
Mongo Properties
The mongo section defines the properties used to connect to a Mongo database. Mongo can be used for throttling as well as to persist metric data. If not provided, metrics will be stored in the file system.
| Property | Description |
|---|---|
| host | Optional. Host information for the mongo server. |
| port | Optional. Port information for the mongo server. |
| database | Optional. The database for the adapter to use for its data. |
| username | Optional. If credentials are required to access mongo, this is the user to login as. |
| password | Optional. If credentials are required to access mongo, this is the password to login with. |
| replSet | Optional. If the database is set up to use replica sets, define it here so it can be added to the database connection. |
| db_ssl | Optional. Contains information for SSL connectivity to the database. |
| db_ssl -> enabled | If SSL is required, set to true. |
| db_ssl -> accept_invalid_cert | Defines if the adapter should accept invalid certificates (only recommended for lab environments). Required if SSL is enabled. Default is false. |
| db_ssl -> ca_file | Defines the path name to the CA file used for SSL. If SSL is enabled and the accept invalid certifications is false, then ca_file is required. |
| db_ssl -> key_file | Defines the path name to the Key file used for SSL. The key_file may be needed for some systems but it is not required for SSL. |
| db_ssl -> cert_file | Defines the path name to the Certificate file used for SSL. The cert_file may be needed for some systems but it is not required for SSL. |
Device Broker Properties
The device broker section defines the properties used integrate Awsec2 to the device broker. Each broker call is represented and has an array of calls that can be used to build the response. This describes the calls and then the fields which are available in the calls.
| Property | Description |
|---|---|
| getDevice | The array of calls used to get device details for the broker |
| getDevicesFiltered | The array of calls used to get devices for the broker |
| isAlive | The array of calls used to get device status for the broker |
| getConfig | The array of calls used to get device configuration for the broker |
| getCount | The array of calls used to get device configuration for the broker |
| getDevice/getDevicesFiltered/isAlive/getConfig/getCount -> path | The path, not including the base_path and version, for making this call |
| getDevice/getDevicesFiltered/isAlive/getConfig/getCount -> method | The rest method for making this call |
| getDevice/getDevicesFiltered/isAlive/getConfig/getCount -> query | Query object containing and query parameters and their values for this call |
| getDevice/getDevicesFiltered/isAlive/getConfig/getCount -> body | Body object containing the payload for this call |
| getDevice/getDevicesFiltered/isAlive/getConfig/getCount -> headers | Header object containing the headers for this call. |
| getDevice/getDevicesFiltered/isAlive/getConfig/getCount -> handleFailure | Tells the adapter whether to "fail" or "ignore" failures if they occur. |
| isAlive -> statusValue | Tells the adapter what value to look for in the status field to determine if the device is alive. |
| getDevice/getDevicesFiltered/isAlive/getConfig -> requestFields | Object containing fields the adapter should send on the request and where it should get the data. The where can be from a response to a getDevicesFiltered or a static value. |
| getDevice/getDevicesFiltered/isAlive/getConfig -> responseFields | Object containing fields the adapter should set to send back to iap and where the value should come from in the response or request data. |
Using this Adapter
The adapter.js file contains the calls the adapter makes available to the rest of the Itential Platform. The API detailed for these calls should be available through JSDOC. The following is a brief summary of the calls.
Generic Adapter Calls
These are adapter methods that IAP or you might use. There are some other methods not shown here that might be used for internal adapter functionality.
| Method Signature | Description | Workflow? |
|---|---|---|
| connect() | This call is run when the Adapter is first loaded by he Itential Platform. It validates the properties have been provided correctly. | No |
| healthCheck(callback) | This call ensures that the adapter can communicate with Adapter for Amazon Web Services Elastic Cloud Compute. The actual call that is used is defined in the adapter properties and .system entities action.json file. | No |
| refreshProperties(properties) | This call provides the adapter the ability to accept property changes without having to restart the adapter. | No |
| encryptProperty(property, technique, callback) | This call will take the provided property and technique, and return the property encrypted with the technique. This allows the property to be used in the adapterProps section for the credential password so that the password does not have to be in clear text. The adapter will decrypt the property as needed for communications with Adapter for Amazon Web Services Elastic Cloud Compute. | No |
| iapUpdateAdapterConfiguration(configFile, changes, entity, type, action, callback) | This call provides the ability to update the adapter configuration from IAP - includes actions, schema, mockdata and other configurations. | Yes |
| iapSuspendAdapter(mode, callback) | This call provides the ability to suspend the adapter and either have requests rejected or put into a queue to be processed after the adapter is resumed. | Yes |
| iapUnsuspendAdapter(callback) | This call provides the ability to resume a suspended adapter. Any requests in queue will be processed before new requests. | Yes |
| iapGetAdapterQueue(callback) | This call will return the requests that are waiting in the queue if throttling is enabled. | Yes |
| iapFindAdapterPath(apiPath, callback) | This call provides the ability to see if a particular API path is supported by the adapter. | Yes |
| iapTroubleshootAdapter(props, persistFlag, adapter, callback) | This call can be used to check on the performance of the adapter - it checks connectivity, healthcheck and basic get calls. | Yes |
| iapRunAdapterHealthcheck(adapter, callback) | This call will return the results of a healthcheck. | Yes |
| iapRunAdapterConnectivity(callback) | This call will return the results of a connectivity check. | Yes |
| iapRunAdapterBasicGet(callback) | This call will return the results of running basic get API calls. | Yes |
| iapMoveAdapterEntitiesToDB(callback) | This call will push the adapter configuration from the entities directory into the Adapter or IAP Database. | Yes |
| iapDeactivateTasks(tasks, callback) | This call provides the ability to remove tasks from the adapter. | Yes |
| iapActivateTasks(tasks, callback) | This call provides the ability to add deactivated tasks back into the adapter. | Yes |
| iapExpandedGenericAdapterRequest(metadata, uriPath, restMethod, pathVars, queryData, requestBody, addlHeaders, callback) | This is an expanded Generic Call. The metadata object allows us to provide many new capabilities within the generic request. | Yes |
| genericAdapterRequest(uriPath, restMethod, queryData, requestBody, addlHeaders, callback) | This call allows you to provide the path to have the adapter call. It is an easy way to incorporate paths that have not been built into the adapter yet. | Yes |
| genericAdapterRequestNoBasePath(uriPath, restMethod, queryData, requestBody, addlHeaders, callback) | This call is the same as the genericAdapterRequest only it does not add a base_path or version to the call. | Yes |
| iapRunAdapterLint(callback) | Runs lint on the addapter and provides the information back. | Yes |
| iapRunAdapterTests(callback) | Runs baseunit and unit tests on the adapter and provides the information back. | Yes |
| iapGetAdapterInventory(callback) | This call provides some inventory related information about the adapter. | Yes |
Adapter Cache Calls
These are adapter methods that are used for adapter caching. If configured, the adapter will cache based on the interval provided. However, you can force a population of the cache manually as well.
| Method Signature | Description | Workflow? |
|---|---|---|
| iapPopulateEntityCache(entityTypes, callback) | This call populates the adapter cache. | Yes |
| iapRetrieveEntitiesCache(entityType, options, callback) | This call retrieves the specific items from the adapter cache. | Yes |
Adapter Broker Calls
These are adapter methods that are used to integrate to IAP Brokers. This adapter currently supports the following broker calls.
| Method Signature | Description | Workflow? |
|---|---|---|
| hasEntities(entityType, entityList, callback) | This call is utilized by the IAP Device Broker to determine if the adapter has a specific entity and item of the entity. | No |
| getDevice(deviceName, callback) | This call returns the details of the requested device. | No |
| getDevicesFiltered(options, callback) | This call returns the list of devices that match the criteria provided in the options filter. | No |
| isAlive(deviceName, callback) | This call returns whether the device status is active | No |
| getConfig(deviceName, format, callback) | This call returns the configuration for the selected device. | No |
| iapGetDeviceCount(callback) | This call returns the count of devices. | No |
Specific Adapter Calls
Specific adapter calls are built based on the API of the Awsec2. The Adapter Builder creates the proper method comments for generating JS-DOC for the adapter. This is the best way to get information on the calls.
Note that each call with the STSRole suffix contains an input stsParams. This will contain information needed to authenticate by switching roles using the AWS STS Service. In addition to this information, you can optionally pass an alternate region than the one specified in the service instance configuration with the key region.
| Method Signature | Description | Path | Workflow? |
|---|---|---|---|
| acceptReservedInstancesExchangeQuoteSTSRole(dryRun, reservedInstanceId, targetConfiguration, stsParams, roleName, callback) | Accepts the Convertible Reserved Instance exchange quote described in the GetReservedInstancesExchangeQuote call. | {base_path}/{version}?{query} | Yes |
| acceptTransitGatewayVpcAttachmentSTSRole(transitGatewayAttachmentId, dryRun, stsParams, roleName, callback) | Accepts a request to attach a VPC to a transit gateway. The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment to reject a VPC attachment request. | {base_path}/{version}?{query} | Yes |
| acceptVpcEndpointConnectionsSTSRole(dryRun, serviceId, vpcEndpointId, stsParams, roleName, callback) | Accepts one or more interface VPC endpoint connection requests to your VPC endpoint service. | {base_path}/{version}?{query} | Yes |
| acceptVpcPeeringConnectionSTSRole(dryRun, vpcPeeringConnectionId, stsParams, roleName, callback) | Accept a VPC peering connection request. To accept a request, the VPC peering connection must be in the pending-acceptance state, and you must be the owner of the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC peering connection requests. For an inter-Region VPC peering connection request, you must accept the VPC peering connection in the Region of the accepter VPC. | {base_path}/{version}?{query} | Yes |
| advertiseByoipCidrSTSRole(cidr, dryRun, stsParams, roleName, callback) | Advertises an IPv4 address range that is provisioned for use with your AWS resources through bring your own IP addresses (BYOIP). You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time. We recommend that you stop advertising the BYOIP CIDR from other locations when you advertise it from AWS. To minimize down time, you can configure your AWS resources to use an address from a BYOIP CIDR before it is advertised, and then simultaneo...(description truncated) | {base_path}/{version}?{query} | Yes |
| allocateAddressSTSRole(domain = 'vpc', address, publicIpv4Pool, dryRun, stsParams, roleName, callback) | Allocates an Elastic IP address to your AWS account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different AWS account. You can allocate an Elastic IP address from an address pool owned by AWS or from an address pool created from a public IPv4 address range that you have brought to AWS for use with your AWS resources using bring you...(description truncated) | {base_path}/{version}?{query} | Yes |
| allocateHostsSTSRole(autoPlacement = 'on', availabilityZone, clientToken, instanceType, quantity, tagSpecification, stsParams, roleName, callback) | Allocates a Dedicated Host to your account. At a minimum, specify the instance size type, Availability Zone, and quantity of hosts to allocate. | {base_path}/{version}?{query} | Yes |
| applySecurityGroupsToClientVpnTargetNetworkSTSRole(clientVpnEndpointId, vpcId, securityGroupId, dryRun, stsParams, roleName, callback) | Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups. | {base_path}/{version}?{query} | Yes |
| assignIpv6AddressesSTSRole(ipv6AddressCount, ipv6Addresses, networkInterfaceId, stsParams, roleName, callback) | Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type. For information, see IP Addresses Per Network Interface Per Instance Type in the Amazon Elastic Compute C...(description truncated) | {base_path}/{version}?{query} | Yes |
| assignPrivateIpAddressesSTSRole(allowReassignment, networkInterfaceId, privateIpAddress, secondaryPrivateIpAddressCount, stsParams, roleName, callback) | Assigns one or more secondary private IP addresses to the specified network interface. You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet's CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For information about instance types, see Instance Types in the Amazon Elastic Compute Cloud User Guide . For more information...(description truncated) | {base_path}/{version}?{query} | Yes |
| associateAddressSTSRole(allocationId, instanceId, publicIp, allowReassociation, dryRun, networkInterfaceId, privateIpAddress, stsParams, roleName, callback) | Associates an Elastic IP address with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account. An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide . [EC2-Classic, VPC in an EC2-VPC-only account] If the Elastic IP address is already associated with a different instance, it is disassociated from that instance a...(description truncated) | {base_path}/{version}?{query} | Yes |
| associateClientVpnTargetNetworkSTSRole(clientVpnEndpointId, subnetId, dryRun, stsParams, roleName, callback) | Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy. | {base_path}/{version}?{query} | Yes |
| associateDhcpOptionsSTSRole(dhcpOptionsId, vpcId, dryRun, stsParams, roleName, callback) | Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC. After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don't need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operat...(description truncated) | {base_path}/{version}?{query} | Yes |
| associateIamInstanceProfileSTSRole(iamInstanceProfileArn, iamInstanceProfileName, instanceId, stsParams, roleName, callback) | Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance. | {base_path}/{version}?{query} | Yes |
| associateRouteTableSTSRole(dryRun, routeTableId, subnetId, stsParams, roleName, callback) | Associates a subnet with a route table. The subnet and route table must be in the same VPC. This association causes traffic originating from the subnet to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table from the subnet later. A route table can be associated with multiple subnets. For more information, see Route Tables in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| associateSubnetCidrBlockSTSRole(ipv6CidrBlock, subnetId, stsParams, roleName, callback) | Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of /64. | {base_path}/{version}?{query} | Yes |
| associateTransitGatewayRouteTableSTSRole(transitGatewayRouteTableId, transitGatewayAttachmentId, dryRun, stsParams, roleName, callback) | Associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment. | {base_path}/{version}?{query} | Yes |
| associateVpcCidrBlockSTSRole(amazonProvidedIpv6CidrBlock, cidrBlock, vpcId, stsParams, roleName, callback) | Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, or you can associate an Amazon-provided IPv6 CIDR block. The IPv6 CIDR block size is fixed at /56. For more information about associating CIDR blocks with your VPC and applicable restrictions, see VPC and Subnet Sizing in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| attachClassicLinkVpcSTSRole(dryRun, securityGroupId, instanceId, vpcId, stsParams, roleName, callback) | Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that's in the running state. An instance is automatically unlinked from a VPC when it's stopped - you can link it to the VPC again when you restart it. After you've linked an instance, you cannot change the VPC security groups that are associated with it. To change the security group...(description truncated) | {base_path}/{version}?{query} | Yes |
| attachInternetGatewaySTSRole(dryRun, internetGatewayId, vpcId, stsParams, roleName, callback) | Attaches an internet gateway to a VPC, enabling connectivity between the internet and the VPC. For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| attachNetworkInterfaceSTSRole(deviceIndex, dryRun, instanceId, networkInterfaceId, stsParams, roleName, callback) | Attaches a network interface to an instance. | {base_path}/{version}?{query} | Yes |
| attachVolumeSTSRole(device, instanceId, volumeId, dryRun, stsParams, roleName, callback) | Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name. Encrypted EBS volumes may only be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide . For a list of supported device names, see Attaching an EBS Volume to an Instance . Any device names that aren't reserved for instance store volumes can be used for EBS volumes. For mo...(description truncated) | {base_path}/{version}?{query} | Yes |
| attachVpnGatewaySTSRole(vpcId, vpnGatewayId, dryRun, stsParams, roleName, callback) | Attaches a virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time. For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide . | {base_path}/{version}?{query} | Yes |
| authorizeClientVpnIngressSTSRole(clientVpnEndpointId, targetNetworkCidr, accessGroupId, authorizeAllGroups, description, dryRun, stsParams, roleName, callback) | Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in AWS or on-premises networks. | {base_path}/{version}?{query} | Yes |
| authorizeSecurityGroupEgressSTSRole(dryRun, groupId, ipPermissions, cidrIp, fromPort, ipProtocol, toPort, sourceSecurityGroupName, sourceSecurityGroupOwnerId, stsParams, roleName, callback) | [VPC only] Adds the specified egress rules to a security group for use with a VPC. An outbound rule permits instances to send traffic to the specified destination IPv4 or IPv6 CIDR address ranges, or to the specified destination security groups for the same VPC. You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 fo...(description truncated) | {base_path}/{version}?{query} | Yes |
| authorizeSecurityGroupIngressSTSRole(cidrIp, fromPort, groupId, groupName, ipPermissions, ipProtocol, sourceSecurityGroupName, sourceSecurityGroupOwnerId, toPort, dryRun, stsParams, roleName, callback) | Adds the specified ingress rules to a security group. An inbound rule permits instances to receive traffic from the specified destination IPv4 or IPv6 CIDR address ranges, or from the specified destination security groups. You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes. Rule changes are prop...(description truncated) | {base_path}/{version}?{query} | Yes |
| bundleInstanceSTSRole(instanceId, storageS3, dryRun, stsParams, roleName, callback) | Bundles an Amazon instance store-backed Windows instance. During bundling, only the root device volume (C:\) is bundled. Data on other instance store volumes is not preserved. This action is not applicable for Linux/Unix instances or Windows instances that are backed by Amazon EBS. | {base_path}/{version}?{query} | Yes |
| cancelBundleTaskSTSRole(bundleId, dryRun, stsParams, roleName, callback) | Cancels a bundling operation for an instance store-backed Windows instance. | {base_path}/{version}?{query} | Yes |
| cancelCapacityReservationSTSRole(capacityReservationId, dryRun, stsParams, roleName, callback) | Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation's state to cancelled . Instances running in the reserved capacity continue running until you stop them. Stopped instances that target the Capacity Reservation can no longer launch. Modify these instances to either target a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation that has matching attributes and sufficient capacity...(description truncated) | {base_path}/{version}?{query} | Yes |
| cancelConversionTaskSTSRole(conversionTaskId, dryRun, reasonMessage, stsParams, roleName, callback) | Cancels an active conversion task. The task can be the import of an instance or volume. The action removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is in the process of transferring the final disk image, the command fails and returns an exception. For more information, see Importing a Virtual Machine Using the Amazon EC2 CLI . | {base_path}/{version}?{query} | Yes |
| cancelExportTaskSTSRole(exportTaskId, stsParams, roleName, callback) | Cancels an active export task. The request removes all artifacts of the export, including any partially-created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk image, the command fails and returns an error. | {base_path}/{version}?{query} | Yes |
| cancelImportTaskSTSRole(cancelReason, dryRun, importTaskId, stsParams, roleName, callback) | Cancels an in-process import virtual machine or import snapshot task. | {base_path}/{version}?{query} | Yes |
| cancelReservedInstancesListingSTSRole(reservedInstancesListingId, stsParams, roleName, callback) | Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace. For more information, see Reserved Instance Marketplace in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| cancelSpotFleetRequestsSTSRole(dryRun, spotFleetRequestId, terminateInstances, stsParams, roleName, callback) | Cancels the specified Spot Fleet requests. After you cancel a Spot Fleet request, the Spot Fleet launches no new Spot Instances. You must specify whether the Spot Fleet should also terminate its Spot Instances. If you terminate the instances, the Spot Fleet request enters the cancelled_terminating state. Otherwise, the Spot Fleet request enters the cancelled_running state and the instances continue to run until they are interrupted or you terminate them manually. | {base_path}/{version}?{query} | Yes |
| cancelSpotInstanceRequestsSTSRole(dryRun, spotInstanceRequestId, stsParams, roleName, callback) | Cancels one or more Spot Instance requests. Canceling a Spot Instance request does not terminate running Spot Instances associated with the request. | {base_path}/{version}?{query} | Yes |
| confirmProductInstanceSTSRole(instanceId, productCode, dryRun, stsParams, roleName, callback) | Determines whether a product code is associated with an instance. This action can only be used by the owner of the product code. It is useful when a product code owner must verify whether another user's instance is eligible for support. | {base_path}/{version}?{query} | Yes |
| copyFpgaImageSTSRole(dryRun, sourceFpgaImageId, description, name, sourceRegion, clientToken, stsParams, roleName, callback) | Copies the specified Amazon FPGA Image (AFI) to the current Region. | {base_path}/{version}?{query} | Yes |
| copyImageSTSRole(clientToken, description, encrypted, kmsKeyId, name, sourceImageId, sourceRegion, dryRun, stsParams, roleName, callback) | Initiates the copy of an AMI from the specified source Region to the current Region. You specify the destination Region by using its endpoint when making the request. Copies of encrypted backing snapshots for the AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, unless you set Encrypted during the copy operation. You cannot create an unencrypted copy of an encrypted backing snapshot. For more information about the prerequisites and limits when copying an AMI, ...(description truncated) | {base_path}/{version}?{query} | Yes |
| copySnapshotSTSRole(description, destinationRegion, encrypted, kmsKeyId, presignedUrl, sourceRegion, sourceSnapshotId, dryRun, stsParams, roleName, callback) | Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy the snapshot within the same Region or from one Region to another. You can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs). The snapshot is copied to the regional endpoint that you send the HTTP request to. Copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted snapshots remain unencrypted, unless the Encrypted flag is specified during the snapshot copy operati...(description truncated) | {base_path}/{version}?{query} | Yes |
| createCapacityReservationSTSRole(clientToken, instanceType, instancePlatform = 'Linux/UNIX', availabilityZone, tenancy = 'default', instanceCount, ebsOptimized, ephemeralStorage, endDate, endDateType = 'unlimited', instanceMatchCriteria = 'open', tagSpecifications, dryRun, stsParams, roleName, callback) | Creates a new Capacity Reservation with the specified attributes. Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. This gives you the flexibility to selectively add capacity reservations and still get the Regional RI discounts for that usage. By creating Capacity Reservations, you ensure that you always have access to Amazon EC2 capacity when you need it, for as long as you need it. For more information, see ...(description truncated) | {base_path}/{version}?{query} | Yes |
| createClientVpnEndpointSTSRole(clientCidrBlock, serverCertificateArn, authentication, connectionLogOptionsEnabled, connectionLogOptionsCloudwatchLogGroup, connectionLogOptionsCloudwatchLogStream, dnsServers, transportProtocol = 'tcp', description, dryRun, clientToken, tagSpecification, stsParams, roleName, callback) | Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated. | {base_path}/{version}?{query} | Yes |
| createClientVpnRouteSTSRole(clientVpnEndpointId, destinationCidrBlock, targetVpcSubnetId, description, dryRun, stsParams, roleName, callback) | Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks. | {base_path}/{version}?{query} | Yes |
| createCustomerGatewaySTSRole(bgpAsn, ipAddress, type = 'ipsec.1', dryRun, stsParams, roleName, callback) | Provides information to AWS about your VPN customer gateway device. The customer gateway is the appliance at your end of the VPN connection. (The device on the AWS side of the VPN connection is the virtual private gateway.) You must provide the Internet-routable IP address of the customer gateway's external interface. The IP address must be static and may be behind a device performing network address translation (NAT). For devices that use Border Gateway Protocol (BGP), you can also provide t...(description truncated) | {base_path}/{version}?{query} | Yes |
| createDefaultSubnetSTSRole(availabilityZone, dryRun, stsParams, roleName, callback) | Creates a default subnet with a size /20 IPv4 CIDR block in the specified Availability Zone in your default VPC. You can have only one default subnet per Availability Zone. For more information, see Creating a Default Subnet in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| createDefaultVpcSTSRole(dryRun, stsParams, roleName, callback) | Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPC and Default Subnets in the Amazon Virtual Private Cloud User Guide . You cannot specify the components of the default VPC yourself. If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region. If your account supports EC2-Classic, you cannot use t...(description truncated) | {base_path}/{version}?{query} | Yes |
| createDhcpOptionsSTSRole(dhcpConfiguration, dryRun, stsParams, roleName, callback) | Creates a set of DHCP options for your VPC. After creating the set, you must associate it with the VPC, causing all existing and new instances that you launch in the VPC to use this set of DHCP options. The following are the individual DHCP options you can specify. For more information about the options, see RFC 2132 . domain-name-servers - The IP addresses of up to four domain name servers, or AmazonProvidedDNS. The default DHCP option set specifies AmazonProvidedDNS. If specifying m...(description truncated) | {base_path}/{version}?{query} | Yes |
| createEgressOnlyInternetGatewaySTSRole(clientToken, dryRun, vpcId, stsParams, roleName, callback) | [IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance. | {base_path}/{version}?{query} | Yes |
| createFleetSTSRole(dryRun, clientToken, spotOptionsAllocationStrategy, spotOptionsInstanceInterruptionBehavior, spotOptionsInstancePoolsToUseCount, spotOptionsSingleInstanceType, spotOptionsSingleAvailabilityZone, spotOptionsMinTargetCapacity, onDemandOptionsAllocationStrategy, onDemandOptionsSingleInstanceType, onDemandOptionsSingleAvailabilityZone, onDemandOptionsMinTargetCapacity, excessCapacityTerminationPolicy = 'no-termination', launchTemplateConfigs, targetCapacitySpecificationTotalTargetCapacity, targetCapacitySpecificationOnDemandTargetCapacity, targetCapacitySpecificationSpotTargetCapacity, targetCapacitySpecificationDefaultTargetCapacityType, terminateInstancesWithExpiration, type = 'request', validFrom, validUntil, replaceUnhealthyInstances, tagSpecification, stsParams, roleName, callback) | Launches an EC2 Fleet. You can create a single EC2 Fleet that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet. For more information, see Launching an EC2 Fleet in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| createFlowLogsSTSRole(dryRun, clientToken, deliverLogsPermissionArn, logGroupName, resourceId, resourceType = 'VPC', trafficType = 'ACCEPT', logDestinationType = 'cloud-watch-logs', logDestination, stsParams, roleName, callback) | Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC. Flow log data for a monitored network interface is recorded as flow log records, which are log events consisting of fields that describe the traffic flow. For more information, see Flow Log Records in the Amazon Virtual Private Cloud User Guide . When publishing to CloudWatch Logs, flow log records are published to a log group, and each network interface has a unique l...(description truncated) | {base_path}/{version}?{query} | Yes |
| createFpgaImageSTSRole(dryRun, inputStorageLocationBucket, inputStorageLocationKey, logsStorageLocationBucket, logsStorageLocationKey, description, name, clientToken, stsParams, roleName, callback) | Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP). The create operation is asynchronous. To verify that the AFI is ready for use, check the output logs. An AFI contains the FPGA bitstream that is ready to download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated instances. For more information, see the AWS FPGA Hardware Development Kit . | {base_path}/{version}?{query} | Yes |
| createImageSTSRole(blockDeviceMapping, description, dryRun, instanceId, name, noReboot, stsParams, roleName, callback) | Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped. If you customized your instance with instance store volumes or EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes. For more information, see Creating Amazon EBS-Backed Linux AMIs in the Amazon Elastic Co...(description truncated) | {base_path}/{version}?{query} | Yes |
| createInstanceExportTaskSTSRole(description, exportToS3ContainerFormat, exportToS3DiskImageFormat, exportToS3S3Bucket, exportToS3S3Prefix, instanceId, targetEnvironment = 'citrix', stsParams, roleName, callback) | Exports a running or stopped instance to an S3 bucket. For information about the supported operating systems, image formats, and known limitations for the types of instances you can export, see Exporting an Instance as a VM Using VM Import/Export in the VM Import/Export User Guide . | {base_path}/{version}?{query} | Yes |
| createInternetGatewaySTSRole(dryRun, stsParams, roleName, callback) | Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway . For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| createKeyPairSTSRole(keyName, dryRun, stsParams, roleName, callback) | Creates a 2048-bit RSA key pair with the specified name. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key. If a key with the specified name already exists, Amazon EC2 returns an error. You can have up to five thousand key pairs per Region. The key pair returned to you is available only in the Region in which you create it. If you prefer, you can create your own key pair using...(description truncated) | {base_path}/{version}?{query} | Yes |
| createLaunchTemplateSTSRole(dryRun, clientToken, launchTemplateName, versionDescription, launchTemplateDataKernelId, launchTemplateDataEbsOptimized, launchTemplateDataIamInstanceProfile, launchTemplateDataBlockDeviceMappings, launchTemplateDataNetworkInterfaces, launchTemplateDataImageId, launchTemplateDataInstanceType, launchTemplateDataKeyName, launchTemplateDataMonitoring, launchTemplateDataPlacement, launchTemplateDataRamDiskId, launchTemplateDataDisableApiTermination, launchTemplateDataInstanceInitiatedShutdownBehavior, launchTemplateDataUserData, launchTemplateDataTagSpecifications, launchTemplateDataElasticGpuSpecifications, launchTemplateDataElasticInferenceAccelerators, launchTemplateDataSecurityGroupIds, launchTemplateDataSecurityGroups, launchTemplateDataInstanceMarketOptions, launchTemplateDataCreditSpecification, launchTemplateDataCpuOptions, launchTemplateDataCapacityReservationSpecification, launchTemplateDataLicenseSpecifications, launchTemplateDataHibernationOptions, stsParams, roleName, callback) | Creates a launch template. A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances , you can specify a launch template instead of providing the launch parameters in the request. | {base_path}/{version}?{query} | Yes |
| createLaunchTemplateVersionSTSRole(dryRun, clientToken, launchTemplateId, launchTemplateName, sourceVersion, versionDescription, launchTemplateDataKernelId, launchTemplateDataEbsOptimized, launchTemplateDataIamInstanceProfile, launchTemplateDataBlockDeviceMappings, launchTemplateDataNetworkInterfaces, launchTemplateDataImageId, launchTemplateDataInstanceType, launchTemplateDataKeyName, launchTemplateDataMonitoring, launchTemplateDataPlacement, launchTemplateDataRamDiskId, launchTemplateDataDisableApiTermination, launchTemplateDataInstanceInitiatedShutdownBehavior, launchTemplateDataUserData, launchTemplateDataTagSpecifications, launchTemplateDataElasticGpuSpecifications, launchTemplateDataElasticInferenceAccelerators, launchTemplateDataSecurityGroupIds, launchTemplateDataSecurityGroups, launchTemplateDataInstanceMarketOptions, launchTemplateDataCreditSpecification, launchTemplateDataCpuOptions, launchTemplateDataCapacityReservationSpecification, launchTemplateDataLicenseSpecifications, launchTemplateDataHibernationOptions, stsParams, roleName, callback) | Creates a new version for a launch template. You can specify an existing version of launch template from which to base the new version. Launch template versions are numbered in the order in which they are created. You cannot specify, change, or replace the numbering of launch template versions. | {base_path}/{version}?{query} | Yes |
| createNatGatewaySTSRole(allocationId, clientToken, subnetId, stsParams, roleName, callback) | Creates a NAT gateway in the specified public subnet. This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. Internet-bound traffic from a private subnet can be routed to the NAT gateway, therefore enabling instances in the private subnet to connect to the internet. For more information, see NAT Gateways in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| createNetworkAclSTSRole(dryRun, vpcId, stsParams, roleName, callback) | Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to security groups) for the instances in your VPC. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| createNetworkAclEntrySTSRole(cidrBlock, dryRun, egress, icmpCode, icmpType, ipv6CidrBlock, networkAclId, portRangeFrom, portRangeTo, protocol, ruleAction = 'allow', ruleNumber, stsParams, roleName, callback) | Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules. We recommend that you leave room between the rule numbers (f...(description truncated) | {base_path}/{version}?{query} | Yes |
| createNetworkInterfaceSTSRole(description, dryRun, securityGroupId, ipv6AddressCount, ipv6Addresses, privateIpAddress, privateIpAddresses, secondaryPrivateIpAddressCount, interfaceType = 'efa', subnetId, stsParams, roleName, callback) | Creates a network interface in the specified subnet. For more information about network interfaces, see Elastic Network Interfaces in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| createNetworkInterfacePermissionSTSRole(networkInterfaceId, awsAccountId, awsService, permission = 'INSTANCE-ATTACH', dryRun, stsParams, roleName, callback) | Grants an AWS-authorized account permission to attach the specified network interface to an instance in their account. You can grant permission to a single AWS account only, and only one account at a time. | {base_path}/{version}?{query} | Yes |
| createPlacementGroupSTSRole(dryRun, groupName, strategy = 'cluster', partitionCount, stsParams, roleName, callback) | Creates a placement group in which to launch instances. The strategy of the placement group determines how the instances are organized within the group. A cluster placement group is a logical grouping of instances within a single Availability Zone that benefit from low network latency, high network throughput. A spread placement group places instances on distinct hardware. A partition placement group places groups of instances in different partitions, where instances in one partition d...(description truncated) | {base_path}/{version}?{query} | Yes |
| createReservedInstancesListingSTSRole(clientToken, instanceCount, priceSchedules, reservedInstancesId, stsParams, roleName, callback) | Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace. You can submit one Standard Reserved Instance listing at a time. To get a list of your Standard Reserved Instances, you can use the DescribeReservedInstances operation. Only Standard Reserved Instances can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances cannot be sold. The Reserved Instance Marketplace matches sellers who want to resell Standard Re...(description truncated) | {base_path}/{version}?{query} | Yes |
| createRouteSTSRole(destinationCidrBlock, destinationIpv6CidrBlock, dryRun, egressOnlyInternetGatewayId, gatewayId, instanceId, natGatewayId, transitGatewayId, networkInterfaceId, routeTableId, vpcPeeringConnectionId, stsParams, roleName, callback) | Creates a route in a route table within a VPC. You must specify one of the following targets: internet gateway or virtual private gateway, NAT instance, NAT gateway, VPC peering connection, network interface, or egress-only internet gateway. When determining how to route traffic, we use the route with the most specific match. For example, traffic is destined for the IPv4 address 192.0.2.3 , and the route table includes the following two IPv4 routes: 192.0.2.0/24 (goes to some targ...(description truncated) | {base_path}/{version}?{query} | Yes |
| createRouteTableSTSRole(dryRun, vpcId, stsParams, roleName, callback) | Creates a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet. For more information, see Route Tables in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| createSecurityGroupSTSRole(groupDescription, groupName, vpcId, dryRun, stsParams, roleName, callback) | Creates a security group. A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see Amazon EC2 Security Groups in the Amazon Elastic Compute Cloud User Guide and Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide . When you create a security group, you specify a friendly name of your choice. You can have a security group for use in EC2-Classic with the same name as a security group for use...(description truncated) | {base_path}/{version}?{query} | Yes |
| createSnapshotSTSRole(description, volumeId, tagSpecification, dryRun, stsParams, roleName, callback) | Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance. When a snapshot is created, any AWS Marketplace product codes that are associated with the source volume are propagated to the snapshot. You can take a snapshot of an attached volume that is in use. However, snapshots only capture data that has been written to your EBS volume at the time the snapshot command is i...(description truncated) | {base_path}/{version}?{query} | Yes |
| createSpotDatafeedSubscriptionSTSRole(bucket, dryRun, prefix, stsParams, roleName, callback) | Creates a data feed for Spot Instances, enabling you to view Spot Instance usage logs. You can create one data feed per AWS account. For more information, see Spot Instance Data Feed in the Amazon EC2 User Guide for Linux Instances . | {base_path}/{version}?{query} | Yes |
| createSubnetSTSRole(availabilityZone, availabilityZoneId, cidrBlock, ipv6CidrBlock, vpcId, dryRun, stsParams, roleName, callback) | Creates a subnet in an existing VPC. When you create each subnet, you provide the VPC ID and IPv4 CIDR block for the subnet. After you create a subnet, you can't change its CIDR block. The size of the subnet's IPv4 CIDR block can be the same as a VPC's IPv4 CIDR block, or a subset of a VPC's IPv4 CIDR block. If you create more than one subnet in a VPC, the subnets' CIDR blocks must not overlap. The smallest IPv4 subnet (and VPC) you can create uses a /28 netmask (16 IPv4 addresses), and the l...(description truncated) | {base_path}/{version}?{query} | Yes |
| createTagsSTSRole(dryRun, resourceId, tag, stsParams, roleName, callback) | Adds or overwrites the specified tags for the specified Amazon EC2 resource or resources. Each resource can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique per resource. For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide . For more information about creating IAM policies that control users' access to resources based on tags, see Supported Resource-Level Permissions for Amazon EC2 API ...(description truncated) | {base_path}/{version}?{query} | Yes |
| createTransitGatewaySTSRole(description, optionsAmazonSideAsn, optionsAutoAcceptSharedAttachments, optionsDefaultRouteTableAssociation, optionsDefaultRouteTablePropagation, optionsVpnEcmpSupport, optionsDnsSupport, tagSpecification, dryRun, stsParams, roleName, callback) | Creates a transit gateway. You can use a transit gateway to interconnect your virtual private clouds (VPC) and on-premises networks. After the transit gateway enters the available state, you can attach your VPCs and VPN connections to the transit gateway. To attach your VPCs, use CreateTransitGatewayVpcAttachment . To attach a VPN connection, use CreateCustomerGateway to create a customer gateway and specify the ID of the customer gateway and the ID of the transit gateway in a call t...(description truncated) | {base_path}/{version}?{query} | Yes |
| createTransitGatewayRouteSTSRole(destinationCidrBlock, transitGatewayRouteTableId, transitGatewayAttachmentId, blackhole, dryRun, stsParams, roleName, callback) | Creates a static route for the specified transit gateway route table. | {base_path}/{version}?{query} | Yes |
| createTransitGatewayRouteTableSTSRole(transitGatewayId, tagSpecifications, dryRun, stsParams, roleName, callback) | Creates a route table for the specified transit gateway. | {base_path}/{version}?{query} | Yes |
| createTransitGatewayVpcAttachmentSTSRole(transitGatewayId, vpcId, subnetIds, optionsDnsSupport, optionsIpv6Support, tagSpecifications, dryRun, stsParams, roleName, callback) | Attaches the specified VPC to the specified transit gateway. If you attach a VPC with a CIDR range that overlaps the CIDR range of a VPC that is already attached, the new VPC CIDR range is not propagated to the default propagation route table. To send VPC traffic to an attached transit gateway, add a route to the VPC route table using CreateRoute . | {base_path}/{version}?{query} | Yes |
| createVolumeSTSRole(availabilityZone, encrypted, iops, kmsKeyId, size, snapshotId, volumeType = 'standard', dryRun, tagSpecification, stsParams, roleName, callback) | Creates an EBS volume that can be attached to an instance in the same Availability Zone. The volume is created in the regional endpoint that you send the HTTP request to. For more information see Regions and Endpoints . You can create a new empty volume or restore a volume from an EBS snapshot. Any AWS Marketplace product codes from the snapshot are propagated to the volume. You can create encrypted volumes with the Encrypted parameter. Encrypted volumes may only be attached to instances...(description truncated) | {base_path}/{version}?{query} | Yes |
| createVpcSTSRole(cidrBlock, amazonProvidedIpv6CidrBlock, dryRun, instanceTenancy = 'default', stsParams, roleName, callback) | Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 netmask (65,536 IPv4 addresses). For more information about how large to make your VPC, see Your VPC and Subnets in the Amazon Virtual Private Cloud User Guide . You can optionally request an Amazon-provided IPv6 CIDR block for the VPC. The IPv6 CIDR block uses a /56 prefix length, and is allocated from Amazon's pool of IPv6 addresses. You can...(description truncated) | {base_path}/{version}?{query} | Yes |
| createVpcEndpointSTSRole(dryRun, vpcEndpointType = 'Interface', vpcId, serviceName, policyDocument, routeTableId, subnetId, securityGroupId, clientToken, privateDnsEnabled, stsParams, roleName, callback) | Creates a VPC endpoint for a specified service. An endpoint enables you to create a private connection between your VPC and the service. The service may be provided by AWS, an AWS Marketplace partner, or another AWS account. For more information, see VPC Endpoints in the Amazon Virtual Private Cloud User Guide . A gateway endpoint serves as a target for a route in your route table for traffic destined for the AWS service. You can specify an endpoint policy to attach to the endpoint that ...(description truncated) | {base_path}/{version}?{query} | Yes |
| createVpcEndpointConnectionNotificationSTSRole(dryRun, serviceId, vpcEndpointId, connectionNotificationArn, connectionEvents, clientToken, stsParams, roleName, callback) | Creates a connection notification for a specified VPC endpoint or VPC endpoint service. A connection notification notifies you of specific endpoint events. You must create an SNS topic to receive notifications. For more information, see Create a Topic in the Amazon Simple Notification Service Developer Guide . You can create a connection notification for interface endpoints only. | {base_path}/{version}?{query} | Yes |
| createVpcEndpointServiceConfigurationSTSRole(dryRun, acceptanceRequired, networkLoadBalancerArn, clientToken, stsParams, roleName, callback) | Creates a VPC endpoint service configuration to which service consumers (AWS accounts, IAM users, and IAM roles) can connect. Service consumers can create an interface VPC endpoint to connect to your service. To create an endpoint service configuration, you must first create a Network Load Balancer for your service. For more information, see VPC Endpoint Services in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| createVpcPeeringConnectionSTSRole(dryRun, peerOwnerId, peerVpcId, vpcId, peerRegion, stsParams, roleName, callback) | Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to another AWS account and can be in a different Region to the requester VPC. The requester VPC and accepter VPC cannot have overlapping CIDR blocks. Limitations and rules apply to a VPC peering connection. For more information, see the limitations section in the VPC Peering Guide . The owner of the accepter VPC must acc...(description truncated) | {base_path}/{version}?{query} | Yes |
| createVpnConnectionSTSRole(customerGatewayId, type, vpnGatewayId, transitGatewayId, dryRun, optionsStaticRoutesOnly, optionsTunnelOptions, stsParams, roleName, callback) | Creates a VPN connection between an existing virtual private gateway and a VPN customer gateway. The only supported connection type is ipsec.1 . The response includes information that you need to give to your network administrator to configure your customer gateway. We strongly recommend that you use HTTPS when calling this operation because the response contains sensitive cryptographic information for configuring your customer gateway. If you decide to shut down your VPN connection ...(description truncated) | {base_path}/{version}?{query} | Yes |
| createVpnConnectionRouteSTSRole(destinationCidrBlock, vpnConnectionId, stsParams, roleName, callback) | Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway. For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide . | {base_path}/{version}?{query} | Yes |
| createVpnGatewaySTSRole(availabilityZone, type = 'ipsec.1', amazonSideAsn, dryRun, stsParams, roleName, callback) | Creates a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself. For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide . | {base_path}/{version}?{query} | Yes |
| deleteClientVpnEndpointSTSRole(clientVpnEndpointId, dryRun, stsParams, roleName, callback) | Deletes the specified Client VPN endpoint. You must disassociate all target networks before you can delete a Client VPN endpoint. | {base_path}/{version}?{query} | Yes |
| deleteClientVpnRouteSTSRole(clientVpnEndpointId, targetVpcSubnetId, destinationCidrBlock, dryRun, stsParams, roleName, callback) | Deletes a route from a Client VPN endpoint. You can only delete routes that you manually added using the CreateClientVpnRoute action. You cannot delete routes that were automatically added when associating a subnet. To remove routes that have been automatically added, disassociate the target subnet from the Client VPN endpoint. | {base_path}/{version}?{query} | Yes |
| deleteCustomerGatewaySTSRole(customerGatewayId, dryRun, stsParams, roleName, callback) | Deletes the specified customer gateway. You must delete the VPN connection before you can delete the customer gateway. | {base_path}/{version}?{query} | Yes |
| deleteDhcpOptionsSTSRole(dhcpOptionsId, dryRun, stsParams, roleName, callback) | Deletes the specified set of DHCP options. You must disassociate the set of DHCP options before you can delete it. You can disassociate the set of DHCP options by associating either a new set of options or the default set of options with the VPC. | {base_path}/{version}?{query} | Yes |
| deleteEgressOnlyInternetGatewaySTSRole(dryRun, egressOnlyInternetGatewayId, stsParams, roleName, callback) | Deletes an egress-only internet gateway. | {base_path}/{version}?{query} | Yes |
| deleteFleetsSTSRole(dryRun, fleetId, terminateInstances, stsParams, roleName, callback) | Deletes the specified EC2 Fleet. After you delete an EC2 Fleet, it launches no new instances. You must specify whether an EC2 Fleet should also terminate its instances. If you terminate the instances, the EC2 Fleet enters the deleted_terminating state. Otherwise, the EC2 Fleet enters the deleted_running state, and the instances continue to run until they are interrupted or you terminate them manually. | {base_path}/{version}?{query} | Yes |
| deleteFlowLogsSTSRole(dryRun, flowLogId, stsParams, roleName, callback) | Deletes one or more flow logs. | {base_path}/{version}?{query} | Yes |
| deleteFpgaImageSTSRole(dryRun, fpgaImageId, stsParams, roleName, callback) | Deletes the specified Amazon FPGA Image (AFI). | {base_path}/{version}?{query} | Yes |
| deleteInternetGatewaySTSRole(dryRun, internetGatewayId, stsParams, roleName, callback) | Deletes the specified internet gateway. You must detach the internet gateway from the VPC before you can delete it. | {base_path}/{version}?{query} | Yes |
| deleteKeyPairSTSRole(keyName, dryRun, stsParams, roleName, callback) | Deletes the specified key pair, by removing the public key from Amazon EC2. | {base_path}/{version}?{query} | Yes |
| deleteLaunchTemplateSTSRole(dryRun, launchTemplateId, launchTemplateName, stsParams, roleName, callback) | Deletes a launch template. Deleting a launch template deletes all of its versions. | {base_path}/{version}?{query} | Yes |
| deleteLaunchTemplateVersionsSTSRole(dryRun, launchTemplateId, launchTemplateName, launchTemplateVersion, stsParams, roleName, callback) | Deletes one or more versions of a launch template. You cannot delete the default version of a launch template; you must first assign a different version as the default. If the default version is the only version for the launch template, you must delete the entire launch template using DeleteLaunchTemplate . | {base_path}/{version}?{query} | Yes |
| deleteNatGatewaySTSRole(natGatewayId, stsParams, roleName, callback) | Deletes the specified NAT gateway. Deleting a NAT gateway disassociates its Elastic IP address, but does not release the address from your account. Deleting a NAT gateway does not delete any NAT gateway routes in your route tables. | {base_path}/{version}?{query} | Yes |
| deleteNetworkAclSTSRole(dryRun, networkAclId, stsParams, roleName, callback) | Deletes the specified network ACL. You can't delete the ACL if it's associated with any subnets. You can't delete the default network ACL. | {base_path}/{version}?{query} | Yes |
| deleteNetworkAclEntrySTSRole(dryRun, egress, networkAclId, ruleNumber, stsParams, roleName, callback) | Deletes the specified ingress or egress entry (rule) from the specified network ACL. | {base_path}/{version}?{query} | Yes |
| deleteNetworkInterfaceSTSRole(dryRun, networkInterfaceId, stsParams, roleName, callback) | Deletes the specified network interface. You must detach the network interface before you can delete it. | {base_path}/{version}?{query} | Yes |
| deleteNetworkInterfacePermissionSTSRole(networkInterfacePermissionId, force, dryRun, stsParams, roleName, callback) | Deletes a permission for a network interface. By default, you cannot delete the permission if the account for which you're removing the permission has attached the network interface to an instance. However, you can force delete the permission, regardless of any attachment. | {base_path}/{version}?{query} | Yes |
| deletePlacementGroupSTSRole(dryRun, groupName, stsParams, roleName, callback) | Deletes the specified placement group. You must terminate all instances in the placement group before you can delete the placement group. For more information, see Placement Groups in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| deleteRouteSTSRole(destinationCidrBlock, destinationIpv6CidrBlock, dryRun, routeTableId, stsParams, roleName, callback) | Deletes the specified route from the specified route table. | {base_path}/{version}?{query} | Yes |
| deleteRouteTableSTSRole(dryRun, routeTableId, stsParams, roleName, callback) | Deletes the specified route table. You must disassociate the route table from any subnets before you can delete it. You can't delete the main route table. | {base_path}/{version}?{query} | Yes |
| deleteSecurityGroupSTSRole(groupId, groupName, dryRun, stsParams, roleName, callback) | Deletes a security group. If you attempt to delete a security group that is associated with an instance, or is referenced by another security group, the operation fails with InvalidGroup.InUse in EC2-Classic or DependencyViolation in EC2-VPC. | {base_path}/{version}?{query} | Yes |
| deleteSnapshotSTSRole(snapshotId, dryRun, stsParams, roleName, callback) | Deletes the specified snapshot. When you make periodic snapshots of a volume, the snapshots are incremental, and only the blocks on the device that have changed since your last snapshot are saved in the new snapshot. When you delete a snapshot, only the data not needed for any other snapshot is removed. So regardless of which prior snapshots have been deleted, all active snapshots will have access to all the information needed to restore the volume. You cannot delete a snapshot of the root ...(description truncated) | {base_path}/{version}?{query} | Yes |
| deleteSpotDatafeedSubscriptionSTSRole(dryRun, stsParams, roleName, callback) | Deletes the data feed for Spot Instances. | {base_path}/{version}?{query} | Yes |
| deleteSubnetSTSRole(subnetId, dryRun, stsParams, roleName, callback) | Deletes the specified subnet. You must terminate all running instances in the subnet before you can delete the subnet. | {base_path}/{version}?{query} | Yes |
| deleteTagsSTSRole(dryRun, resourceId, tag, stsParams, roleName, callback) | Deletes the specified set of tags from the specified set of resources. To list the current tags, use DescribeTags . For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| deleteTransitGatewaySTSRole(transitGatewayId, dryRun, stsParams, roleName, callback) | Deletes the specified transit gateway. | {base_path}/{version}?{query} | Yes |
| deleteTransitGatewayRouteSTSRole(transitGatewayRouteTableId, destinationCidrBlock, dryRun, stsParams, roleName, callback) | Deletes the specified route from the specified transit gateway route table. | {base_path}/{version}?{query} | Yes |
| deleteTransitGatewayRouteTableSTSRole(transitGatewayRouteTableId, dryRun, stsParams, roleName, callback) | Deletes the specified transit gateway route table. You must disassociate the route table from any transit gateway route tables before you can delete it. | {base_path}/{version}?{query} | Yes |
| deleteTransitGatewayVpcAttachmentSTSRole(transitGatewayAttachmentId, dryRun, stsParams, roleName, callback) | Deletes the specified VPC attachment. | {base_path}/{version}?{query} | Yes |
| deleteVolumeSTSRole(volumeId, dryRun, stsParams, roleName, callback) | Deletes the specified EBS volume. The volume must be in the available state (not attached to an instance). The volume can remain in the deleting state for several minutes. For more information, see Deleting an Amazon EBS Volume in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| deleteVpcSTSRole(vpcId, dryRun, stsParams, roleName, callback) | Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on. | {base_path}/{version}?{query} | Yes |
| deleteVpcEndpointConnectionNotificationsSTSRole(dryRun, connectionNotificationId, stsParams, roleName, callback) | Deletes one or more VPC endpoint connection notifications. | {base_path}/{version}?{query} | Yes |
| deleteVpcEndpointServiceConfigurationsSTSRole(dryRun, serviceId, stsParams, roleName, callback) | Deletes one or more VPC endpoint service configurations in your account. Before you delete the endpoint service configuration, you must reject any Available or PendingAcceptance interface endpoint connections that are attached to the service. | {base_path}/{version}?{query} | Yes |
| deleteVpcEndpointsSTSRole(dryRun, vpcEndpointId, stsParams, roleName, callback) | Deletes one or more specified VPC endpoints. Deleting a gateway endpoint also deletes the endpoint routes in the route tables that were associated with the endpoint. Deleting an interface endpoint deletes the endpoint network interfaces. | {base_path}/{version}?{query} | Yes |
| deleteVpcPeeringConnectionSTSRole(dryRun, vpcPeeringConnectionId, stsParams, roleName, callback) | Deletes a VPC peering connection. Either the owner of the requester VPC or the owner of the accepter VPC can delete the VPC peering connection if it's in the active state. The owner of the requester VPC can delete a VPC peering connection in the pending-acceptance state. You cannot delete a VPC peering connection that's in the failed state. | {base_path}/{version}?{query} | Yes |
| deleteVpnConnectionSTSRole(vpnConnectionId, dryRun, stsParams, roleName, callback) | Deletes the specified VPN connection. If you're deleting the VPC and its associated components, we recommend that you detach the virtual private gateway from the VPC and delete the VPC before deleting the VPN connection. If you believe that the tunnel credentials for your VPN connection have been compromised, you can delete the VPN connection and create a new one that has new keys, without needing to delete the VPC or virtual private gateway. If you create a new VPN connection, you must recon...(description truncated) | {base_path}/{version}?{query} | Yes |
| deleteVpnConnectionRouteSTSRole(destinationCidrBlock, vpnConnectionId, stsParams, roleName, callback) | Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway. | {base_path}/{version}?{query} | Yes |
| deleteVpnGatewaySTSRole(vpnGatewayId, dryRun, stsParams, roleName, callback) | Deletes the specified virtual private gateway. We recommend that before you delete a virtual private gateway, you detach it from the VPC and delete the VPN connection. Note that you don't need to delete the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and your network. | {base_path}/{version}?{query} | Yes |
| deprovisionByoipCidrSTSRole(cidr, dryRun, stsParams, roleName, callback) | Releases the specified address range that you provisioned for use with your AWS resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool. Before you can release an address range, you must stop advertising it using WithdrawByoipCidr and you must not have any IP addresses allocated from its address range. | {base_path}/{version}?{query} | Yes |
| deregisterImageSTSRole(imageId, dryRun, stsParams, roleName, callback) | Deregisters the specified AMI. After you deregister an AMI, it can't be used to launch new instances; however, it doesn't affect any instances that you've already launched from the AMI. You'll continue to incur usage costs for those instances until you terminate them. When you deregister an Amazon EBS-backed AMI, it doesn't affect the snapshot that was created for the root volume of the instance during the AMI creation process. When you deregister an instance store-backed AMI, it doesn't affe...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeAccountAttributesSTSRole(attributeName, dryRun, stsParams, roleName, callback) | Describes attributes of your AWS account. The following are the supported account attributes: supported-platforms : Indicates whether your account can launch instances into EC2-Classic and EC2-VPC, or only into EC2-VPC. default-vpc : The ID of the default VPC for your account, or none . max-instances : The maximum number of On-Demand Instances that you can run. vpc-max-security-groups-per-interface : The maximum number of security groups that you can assign to a...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeAddressesSTSRole(filter, publicIp, allocationId, dryRun, stsParams, roleName, callback) | Describes the specified Elastic IP addresses or all of your Elastic IP addresses. An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeAggregateIdFormatSTSRole(dryRun, stsParams, roleName, callback) | Describes the longer ID format settings for all resource types in a specific Region. This request is useful for performing a quick audit to determine whether a specific Region is fully opted in for longer IDs (17-character IDs). This request only returns information about resource types that support longer IDs. The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-tas...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeAvailabilityZonesSTSRole(filter, zoneName, zoneId, dryRun, stsParams, roleName, callback) | Describes the Availability Zones that are available to you. The results include zones only for the Region you're currently using. If there is an event impacting an Availability Zone, you can use this request to view the state and any provided message for that Availability Zone. For more information, see Regions and Availability Zones in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeBundleTasksSTSRole(bundleId, filter, dryRun, stsParams, roleName, callback) | Describes the specified bundle tasks or all of your bundle tasks. Completed bundle tasks are listed for only a limited time. If your bundle task is no longer in the list, you can still register an AMI from it. Just use RegisterImage with the Amazon S3 bucket name and image manifest name you provided to the bundle task. | {base_path}/{version}?{query} | Yes |
| describeByoipCidrsSTSRole(dryRun, maxResults, nextToken, stsParams, roleName, callback) | Describes the IP address ranges that were specified in calls to ProvisionByoipCidr . To describe the address pools that were created when you provisioned the address ranges, use DescribePublicIpv4Pools . | {base_path}/{version}?{query} | Yes |
| describeCapacityReservationsSTSRole(capacityReservationId, nextToken, maxResults, filter, dryRun, stsParams, roleName, callback) | Describes one or more of your Capacity Reservations. The results describe only the Capacity Reservations in the AWS Region that you're currently using. | {base_path}/{version}?{query} | Yes |
| describeClassicLinkInstancesSTSRole(filter, dryRun, instanceId, maxResults, nextToken, stsParams, roleName, callback) | Describes one or more of your linked EC2-Classic instances. This request only returns information about EC2-Classic instances linked to a VPC through ClassicLink. You cannot use this request to return information about other instances. | {base_path}/{version}?{query} | Yes |
| describeClientVpnAuthorizationRulesSTSRole(clientVpnEndpointId, dryRun, nextToken, filter, maxResults, stsParams, roleName, callback) | Describes the authorization rules for a specified Client VPN endpoint. | {base_path}/{version}?{query} | Yes |
| describeClientVpnConnectionsSTSRole(clientVpnEndpointId, filter, nextToken, maxResults, dryRun, stsParams, roleName, callback) | Describes active client connections and connections that have been terminated within the last 60 minutes for the specified Client VPN endpoint. | {base_path}/{version}?{query} | Yes |
| describeClientVpnEndpointsSTSRole(clientVpnEndpointId, maxResults, nextToken, filter, dryRun, stsParams, roleName, callback) | Describes one or more Client VPN endpoints in the account. | {base_path}/{version}?{query} | Yes |
| describeClientVpnRoutesSTSRole(clientVpnEndpointId, filter, maxResults, nextToken, dryRun, stsParams, roleName, callback) | Describes the routes for the specified Client VPN endpoint. | {base_path}/{version}?{query} | Yes |
| describeClientVpnTargetNetworksSTSRole(clientVpnEndpointId, associationIds, maxResults, nextToken, filter, dryRun, stsParams, roleName, callback) | Describes the target networks associated with the specified Client VPN endpoint. | {base_path}/{version}?{query} | Yes |
| describeConversionTasksSTSRole(conversionTaskId, dryRun, stsParams, roleName, callback) | Describes the specified conversion tasks or all your conversion tasks. For more information, see the VM Import/Export User Guide . For information about the import manifest referenced by this API action, see VM Import Manifest . | {base_path}/{version}?{query} | Yes |
| describeCustomerGatewaysSTSRole(customerGatewayId, filter, dryRun, stsParams, roleName, callback) | Describes one or more of your VPN customer gateways. For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide . | {base_path}/{version}?{query} | Yes |
| describeDhcpOptionsSTSRole(dhcpOptionsId, filter, dryRun, nextToken, maxResults, stsParams, roleName, callback) | Describes one or more of your DHCP options sets. For more information, see DHCP Options Sets in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeEgressOnlyInternetGatewaysSTSRole(dryRun, egressOnlyInternetGatewayId, maxResults, nextToken, stsParams, roleName, callback) | Describes one or more of your egress-only internet gateways. | {base_path}/{version}?{query} | Yes |
| describeElasticGpusSTSRole(elasticGpuId, dryRun, filter, maxResults, nextToken, stsParams, roleName, callback) | Describes the Elastic Graphics accelerator associated with your instances. For more information about Elastic Graphics, see Amazon Elastic Graphics . | {base_path}/{version}?{query} | Yes |
| describeExportTasksSTSRole(exportTaskId, stsParams, roleName, callback) | Describes the specified export tasks or all your export tasks. | {base_path}/{version}?{query} | Yes |
| describeFleetHistorySTSRole(dryRun, eventType = 'instance-change', maxResults, nextToken, fleetId, startTime, stsParams, roleName, callback) | Describes the events for the specified EC2 Fleet during the specified time. | {base_path}/{version}?{query} | Yes |
| describeFleetInstancesSTSRole(dryRun, maxResults, nextToken, fleetId, filter, stsParams, roleName, callback) | Describes the running instances for the specified EC2 Fleet. | {base_path}/{version}?{query} | Yes |
| describeFleetsSTSRole(dryRun, maxResults, nextToken, fleetId, filter, stsParams, roleName, callback) | Describes the specified EC2 Fleets or all your EC2 Fleets. | {base_path}/{version}?{query} | Yes |
| describeFlowLogsSTSRole(dryRun, filter, flowLogId, maxResults, nextToken, stsParams, roleName, callback) | Describes one or more flow logs. To view the information in your flow logs (the log streams for the network interfaces), you must use the CloudWatch Logs console or the CloudWatch Logs API. | {base_path}/{version}?{query} | Yes |
| describeFpgaImageAttributeSTSRole(dryRun, fpgaImageId, attribute = 'description', stsParams, roleName, callback) | Describes the specified attribute of the specified Amazon FPGA Image (AFI). | {base_path}/{version}?{query} | Yes |
| describeFpgaImagesSTSRole(dryRun, fpgaImageId, owner, filter, nextToken, maxResults, stsParams, roleName, callback) | Describes the Amazon FPGA Images (AFIs) available to you. These include public AFIs, private AFIs that you own, and AFIs owned by other AWS accounts for which you have load permissions. | {base_path}/{version}?{query} | Yes |
| describeHostReservationOfferingsSTSRole(filter, maxDuration, maxResults, minDuration, nextToken, offeringId, stsParams, roleName, callback) | Describes the Dedicated Host reservations that are available to purchase. The results describe all the Dedicated Host reservation offerings, including offerings that may not match the instance family and Region of your Dedicated Hosts. When purchasing an offering, ensure that the instance family and Region of the offering matches that of the Dedicated Hosts with which it is to be associated. For more information about supported instance types, see Dedicated Hosts Overview in the Amazon Ela...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeHostReservationsSTSRole(filter, hostReservationIdSet, maxResults, nextToken, stsParams, roleName, callback) | Describes reservations that are associated with Dedicated Hosts in your account. | {base_path}/{version}?{query} | Yes |
| describeHostsSTSRole(filter, hostId, maxResults, nextToken, stsParams, roleName, callback) | Describes the specified Dedicated Hosts or all your Dedicated Hosts. The results describe only the Dedicated Hosts in the Region you're currently using. All listed instances consume capacity on your Dedicated Host. Dedicated Hosts that have recently been released are listed with the state released . | {base_path}/{version}?{query} | Yes |
| describeIamInstanceProfileAssociationsSTSRole(associationId, filter, maxResults, nextToken, stsParams, roleName, callback) | Describes your IAM instance profile associations. | {base_path}/{version}?{query} | Yes |
| describeIdFormatSTSRole(resource, stsParams, roleName, callback) | Describes the ID format settings for your resources on a per-Region basis, for example, to view which resource types are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types. The following resource types support longer IDs: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | ...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeIdentityIdFormatSTSRole(principalArn, resource, stsParams, roleName, callback) | Describes the ID format settings for resources for the specified IAM user, IAM role, or root user. For example, you can view the resource types that are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide . The following resource types support longer IDs: bundle | conversion-task...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeImageAttributeSTSRole(attribute = 'description', imageId, dryRun, stsParams, roleName, callback) | Describes the specified attribute of the specified AMI. You can specify only one attribute at a time. | {base_path}/{version}?{query} | Yes |
| describeImagesSTSRole(executableBy, filter, imageId, owner, dryRun, stsParams, roleName, callback) | Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you. The images available to you include public images, private images that you own, and private images owned by other AWS accounts for which you have explicit launch permissions. Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the ima...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeImportImageTasksSTSRole(dryRun, filters, importTaskId, maxResults, nextToken, stsParams, roleName, callback) | Displays details about an import virtual machine or import snapshot tasks that are already created. | {base_path}/{version}?{query} | Yes |
| describeImportSnapshotTasksSTSRole(dryRun, filters, importTaskId, maxResults, nextToken, stsParams, roleName, callback) | Describes your import snapshot tasks. | {base_path}/{version}?{query} | Yes |
| describeInstanceAttributeSTSRole(attribute = 'instanceType', dryRun, instanceId, stsParams, roleName, callback) | Describes the specified attribute of the specified instance. You can specify only one attribute at a time. Valid attribute values are: instanceType | kernel | ramdisk | userData | disableApiTermination | instanceInitiatedShutdownBehavior | rootDeviceName | blockDeviceMapping | productCodes | sourceDestCheck | groupSet | ebsOptimized | sriovNetSupport | {base_path}/{version}?{query} | Yes |
| describeInstanceCreditSpecificationsSTSRole(dryRun, filter, instanceId, maxResults, nextToken, stsParams, roleName, callback) | Describes the credit option for CPU usage of the specified T2 or T3 instances. The credit options are standard and unlimited . If you do not specify an instance ID, Amazon EC2 returns T2 and T3 instances with the unlimited credit option, as well as instances that were previously configured as T2 or T3 with the unlimited credit option. For example, if you resize a T2 instance, while it is configured as unlimited , to an M4 instance, Amazon EC2 returns the M4 instance. If you specify ...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeInstanceStatusSTSRole(filter, instanceId, maxResults, nextToken, dryRun, includeAllInstances, stsParams, roleName, callback) | Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances. Instance status includes the following components: Status checks - Amazon EC2 performs status checks on running EC2 instances to identify hardware and software issues. For more information, see Status Checks for Your Instances and Troubleshooting Instances with Failed Status Checks in th...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeInstancesSTSRole(filter, instanceId, dryRun, maxResults, nextToken, stsParams, roleName, callback) | Describes the specified instances or all of your instances. If you specify one or more instance IDs, Amazon EC2 returns information for those instances. If you do not specify instance IDs, Amazon EC2 returns information for all relevant instances. If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the returned results. Recently terminated instances might appear in the returned results. This interval is...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeInternetGatewaysSTSRole(filter, dryRun, internetGatewayId, nextToken, maxResults, stsParams, roleName, callback) | Describes one or more of your internet gateways. | {base_path}/{version}?{query} | Yes |
| describeKeyPairsSTSRole(filter, keyName, dryRun, stsParams, roleName, callback) | Describes the specified key pairs or all of your key pairs. For more information about key pairs, see Key Pairs in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeLaunchTemplateVersionsSTSRole(dryRun, launchTemplateId, launchTemplateName, launchTemplateVersion, minVersion, maxVersion, nextToken, maxResults, filter, stsParams, roleName, callback) | Describes one or more versions of a specified launch template. You can describe all versions, individual versions, or a range of versions. | {base_path}/{version}?{query} | Yes |
| describeLaunchTemplatesSTSRole(dryRun, launchTemplateId, launchTemplateName, filter, nextToken, maxResults, stsParams, roleName, callback) | Describes one or more launch templates. | {base_path}/{version}?{query} | Yes |
| describeMovingAddressesSTSRole(filter, dryRun, maxResults, nextToken, publicIp, stsParams, roleName, callback) | Describes your Elastic IP addresses that are being moved to the EC2-VPC platform, or that are being restored to the EC2-Classic platform. This request does not return information about any other Elastic IP addresses in your account. | {base_path}/{version}?{query} | Yes |
| describeNatGatewaysSTSRole(filter, maxResults, natGatewayId, nextToken, stsParams, roleName, callback) | Describes one or more of your NAT gateways. | {base_path}/{version}?{query} | Yes |
| describeNetworkAclsSTSRole(filter, dryRun, networkAclId, nextToken, maxResults, stsParams, roleName, callback) | Describes one or more of your network ACLs. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeNetworkInterfaceAttributeSTSRole(attribute = 'description', dryRun, networkInterfaceId, stsParams, roleName, callback) | Describes a network interface attribute. You can specify only one attribute at a time. | {base_path}/{version}?{query} | Yes |
| describeNetworkInterfacePermissionsSTSRole(networkInterfacePermissionId, filter, nextToken, maxResults, stsParams, roleName, callback) | Describes the permissions for your network interfaces. | {base_path}/{version}?{query} | Yes |
| describeNetworkInterfacesSTSRole(filter, dryRun, networkInterfaceId, nextToken, maxResults, stsParams, roleName, callback) | Describes one or more of your network interfaces. | {base_path}/{version}?{query} | Yes |
| describePlacementGroupsSTSRole(filter, dryRun, groupName, stsParams, roleName, callback) | Describes the specified placement groups or all of your placement groups. For more information, see Placement Groups in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describePrefixListsSTSRole(dryRun, filter, maxResults, nextToken, prefixListId, stsParams, roleName, callback) | Describes available AWS services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service. A prefix list ID is required for creating an outbound security group rule that allows traffic from a VPC to access an AWS service through a gateway VPC endpoint. Currently, the services that support this action are Amazon S3 and Amazon DynamoDB. | {base_path}/{version}?{query} | Yes |
| describePrincipalIdFormatSTSRole(dryRun, resource, maxResults, nextToken, stsParams, roleName, callback) | Describes the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference. By default, all IAM roles and IAM users default to the same ID settings as the root user, unless they explicitly override the settings. This request is useful for identifying those IAM users and IAM roles that have overridden the default ID settings. The following resource types support longer IDs: bundle | conversion-task | custom...(description truncated) | {base_path}/{version}?{query} | Yes |
| describePublicIpv4PoolsSTSRole(poolId, nextToken, maxResults, stsParams, roleName, callback) | Describes the specified IPv4 address pools. | {base_path}/{version}?{query} | Yes |
| describeRegionsSTSRole(filter, regionName, dryRun, stsParams, roleName, callback) | Describes the Regions that are currently available to you. The API returns a list of all the Regions, including Regions that are disabled for your account. For information about enabling Regions for your account, see Enabling and Disabling Regions in the AWS Billing and Cost Management User Guide . For a list of the Regions supported by Amazon EC2, see Regions and Endpoints . | {base_path}/{version}?{query} | Yes |
| describeReservedInstancesSTSRole(filter, offeringClass = 'standard', reservedInstancesId, dryRun, offeringType = 'Heavy Utilization', stsParams, roleName, callback) | Describes one or more of the Reserved Instances that you purchased. For more information about Reserved Instances, see Reserved Instances in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeReservedInstancesListingsSTSRole(filter, reservedInstancesId, reservedInstancesListingId, stsParams, roleName, callback) | Describes your account's Reserved Instance listings in the Reserved Instance Marketplace. The Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances. As a seller, you choose to list some or all of your Reserved Instances, and you specify the upfront price to rece...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeReservedInstancesModificationsSTSRole(filter, reservedInstancesModificationId, nextToken, stsParams, roleName, callback) | Describes the modifications made to your Reserved Instances. If no parameter is specified, information about all your Reserved Instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned. For more information, see Modifying Reserved Instances in the Amazon Elastic Compute Cloud User Guide. | {base_path}/{version}?{query} | Yes |
| describeReservedInstancesOfferingsSTSRole(availabilityZone, filter, includeMarketplace, instanceType = 't1.micro', maxDuration, maxInstanceCount, minDuration, offeringClass = 'standard', productDescription = 'Linux/UNIX', reservedInstancesOfferingId, dryRun, instanceTenancy = 'default', maxResults, nextToken, offeringType = 'Heavy Utilization', stsParams, roleName, callback) | Describes Reserved Instance offerings that are available for purchase. With Reserved Instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used. If you have listed your own Reserved Instances for sale in the Reserved Instance Marketplace, they will be excluded from these results. This is to ensure that ...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeRouteTablesSTSRole(filter, dryRun, routeTableId, nextToken, maxResults, stsParams, roleName, callback) | Describes one or more of your route tables. Each subnet in your VPC must be associated with a route table. If a subnet is not explicitly associated with any route table, it is implicitly associated with the main route table. This command does not return the subnet ID for implicit associations. For more information, see Route Tables in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeScheduledInstanceAvailabilitySTSRole(dryRun, filter, firstSlotStartTimeRangeEarliestTime, firstSlotStartTimeRangeLatestTime, maxResults, maxSlotDurationInHours, minSlotDurationInHours, nextToken, recurrenceFrequency, recurrenceInterval, recurrenceOccurrenceDays, recurrenceOccurrenceRelativeToEnd, recurrenceOccurrenceUnit, stsParams, roleName, callback) | Finds available schedules that meet the specified criteria. You can search for an available schedule no more than 3 months in advance. You must meet the minimum required duration of 1,200 hours per year. For example, the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the minimum monthly schedule is 100 hours. After you find a schedule that meets your needs, call PurchaseScheduledInstances to purchase Scheduled Instances with that schedule. | {base_path}/{version}?{query} | Yes |
| describeScheduledInstancesSTSRole(dryRun, filter, maxResults, nextToken, scheduledInstanceId, slotStartTimeRangeEarliestTime, slotStartTimeRangeLatestTime, stsParams, roleName, callback) | Describes the specified Scheduled Instances or all your Scheduled Instances. | {base_path}/{version}?{query} | Yes |
| describeSecurityGroupReferencesSTSRole(dryRun, groupId, stsParams, roleName, callback) | [VPC only] Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you've specified in this request. | {base_path}/{version}?{query} | Yes |
| describeSecurityGroupsSTSRole(filter, groupId, groupName, dryRun, nextToken, maxResults, stsParams, roleName, callback) | Describes the specified security groups or all of your security groups. A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For more information, see Amazon EC2 Security Groups in the Amazon Elastic Compute Cloud User Guide and Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeSnapshotAttributeSTSRole(attribute = 'productCodes', snapshotId, dryRun, stsParams, roleName, callback) | Describes the specified attribute of the specified snapshot. You can specify only one attribute at a time. For more information about EBS snapshots, see Amazon EBS Snapshots in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeSnapshotsSTSRole(filter, maxResults, nextToken, owner, restorableBy, snapshotId, dryRun, stsParams, roleName, callback) | Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you. The snapshots available to you include public snapshots, private snapshots that you own, and private snapshots owned by other AWS accounts for which you have explicit create volume permissions. The create volume permissions fall into the following categories: public : The owner of the snapshot granted create volume permissions for the snapshot to the all group. All AWS accounts hav...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeSpotDatafeedSubscriptionSTSRole(dryRun, stsParams, roleName, callback) | Describes the data feed for Spot Instances. For more information, see Spot Instance Data Feed in the Amazon EC2 User Guide for Linux Instances . | {base_path}/{version}?{query} | Yes |
| describeSpotFleetInstancesSTSRole(dryRun, maxResults, nextToken, spotFleetRequestId, stsParams, roleName, callback) | Describes the running instances for the specified Spot Fleet. | {base_path}/{version}?{query} | Yes |
| describeSpotFleetRequestHistorySTSRole(dryRun, eventType = 'instanceChange', maxResults, nextToken, spotFleetRequestId, startTime, stsParams, roleName, callback) | Describes the events for the specified Spot Fleet request during the specified time. Spot Fleet events are delayed by up to 30 seconds before they can be described. This ensures that you can query by the last evaluated time and not miss a recorded event. Spot Fleet events are available for 48 hours. | {base_path}/{version}?{query} | Yes |
| describeSpotFleetRequestsSTSRole(dryRun, maxResults, nextToken, spotFleetRequestId, stsParams, roleName, callback) | Describes your Spot Fleet requests. Spot Fleet requests are deleted 48 hours after they are canceled and their instances are terminated. | {base_path}/{version}?{query} | Yes |
| describeSpotInstanceRequestsSTSRole(filter, dryRun, spotInstanceRequestId, nextToken, maxResults, stsParams, roleName, callback) | Describes the specified Spot Instance requests. You can use DescribeSpotInstanceRequests to find a running Spot Instance by examining the response. If the status of the Spot Instance is fulfilled , the instance ID appears in the response and contains the identifier of the instance. Alternatively, you can use DescribeInstances with a filter to look for instances where the instance lifecycle is spot . We recommend that you set MaxResults to a value between 5 and 1000 to limit the numb...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeSpotPriceHistorySTSRole(filter, availabilityZone, dryRun, endTime, instanceType, maxResults, nextToken, productDescription, startTime, stsParams, roleName, callback) | Describes the Spot price history. For more information, see Spot Instance Pricing History in the Amazon EC2 User Guide for Linux Instances . When you specify a start and end time, this operation returns the prices of the instance types within the time range that you specified and the time when the price changed. The price is valid within the time period that you specified; the response merely indicates the last time that the price changed. | {base_path}/{version}?{query} | Yes |
| describeStaleSecurityGroupsSTSRole(dryRun, maxResults, nextToken, vpcId, stsParams, roleName, callback) | [VPC only] Describes the stale security group rules for security groups in a specified VPC. Rules are stale when they reference a deleted security group in a peer VPC, or a security group in a peer VPC for which the VPC peering connection has been deleted. | {base_path}/{version}?{query} | Yes |
| describeSubnetsSTSRole(filter, subnetId, dryRun, nextToken, maxResults, stsParams, roleName, callback) | Describes one or more of your subnets. For more information, see Your VPC and Subnets in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeTagsSTSRole(dryRun, filter, maxResults, nextToken, stsParams, roleName, callback) | Describes the specified tags for your EC2 resources. For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeTransitGatewayAttachmentsSTSRole(transitGatewayAttachmentIds, filter, maxResults, nextToken, dryRun, stsParams, roleName, callback) | Describes one or more attachments between resources and transit gateways. By default, all attachments are described. Alternatively, you can filter the results by attachment ID, attachment state, resource ID, or resource owner. | {base_path}/{version}?{query} | Yes |
| describeTransitGatewayRouteTablesSTSRole(transitGatewayRouteTableIds, filter, maxResults, nextToken, dryRun, stsParams, roleName, callback) | Describes one or more transit gateway route tables. By default, all transit gateway route tables are described. Alternatively, you can filter the results. | {base_path}/{version}?{query} | Yes |
| describeTransitGatewayVpcAttachmentsSTSRole(transitGatewayAttachmentIds, filter, maxResults, nextToken, dryRun, stsParams, roleName, callback) | Describes one or more VPC attachments. By default, all VPC attachments are described. Alternatively, you can filter the results. | {base_path}/{version}?{query} | Yes |
| describeTransitGatewaysSTSRole(transitGatewayIds, filter, maxResults, nextToken, dryRun, stsParams, roleName, callback) | Describes one or more transit gateways. By default, all transit gateways are described. Alternatively, you can filter the results. | {base_path}/{version}?{query} | Yes |
| describeVolumeAttributeSTSRole(attribute = 'autoEnableIO', volumeId, dryRun, stsParams, roleName, callback) | Describes the specified attribute of the specified volume. You can specify only one attribute at a time. For more information about EBS volumes, see Amazon EBS Volumes in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeVolumeStatusSTSRole(filter, maxResults, nextToken, volumeId, dryRun, stsParams, roleName, callback) | Describes the status of the specified volumes. Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume's underlying host. If the volume's underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions ...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeVolumesSTSRole(filter, volumeId, dryRun, maxResults, nextToken, stsParams, roleName, callback) | Describes the specified EBS volumes or all of your EBS volumes. If you are describing a long list of volumes, you can paginate the output to make the list more manageable. The MaxResults parameter sets the maximum number of results returned in a single page. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeVolumes request to retrieve the remaining results. For more in...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeVolumesModificationsSTSRole(dryRun, volumeId, filter, nextToken, maxResults, stsParams, roleName, callback) | Reports the current modification status of EBS volumes. Current-generation EBS volumes support modification of attributes including type, size, and (for io1 volumes) IOPS provisioning while either attached to or detached from an instance. Following an action from the API or the console to modify a volume, the status of the modification may be modifying , optimizing , completed , or failed . If a volume has never been modified, then certain elements of the returned VolumeModification o...(description truncated) | {base_path}/{version}?{query} | Yes |
| describeVpcAttributeSTSRole(attribute = 'enableDnsSupport', vpcId, dryRun, stsParams, roleName, callback) | Describes the specified attribute of the specified VPC. You can specify only one attribute at a time. | {base_path}/{version}?{query} | Yes |
| describeVpcClassicLinkSTSRole(filter, dryRun, vpcId, stsParams, roleName, callback) | Describes the ClassicLink status of one or more VPCs. | {base_path}/{version}?{query} | Yes |
| describeVpcClassicLinkDnsSupportSTSRole(maxResults, nextToken, vpcIds, stsParams, roleName, callback) | Describes the ClassicLink DNS support status of one or more VPCs. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it's linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| describeVpcEndpointConnectionNotificationsSTSRole(dryRun, connectionNotificationId, filter, maxResults, nextToken, stsParams, roleName, callback) | Describes the connection notifications for VPC endpoints and VPC endpoint services. | {base_path}/{version}?{query} | Yes |
| describeVpcEndpointConnectionsSTSRole(dryRun, filter, maxResults, nextToken, stsParams, roleName, callback) | Describes the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance. | {base_path}/{version}?{query} | Yes |
| describeVpcEndpointServiceConfigurationsSTSRole(dryRun, serviceId, filter, maxResults, nextToken, stsParams, roleName, callback) | Describes the VPC endpoint service configurations in your account (your services). | {base_path}/{version}?{query} | Yes |
| describeVpcEndpointServicePermissionsSTSRole(dryRun, serviceId, filter, maxResults, nextToken, stsParams, roleName, callback) | Describes the principals (service consumers) that are permitted to discover your VPC endpoint service. | {base_path}/{version}?{query} | Yes |
| describeVpcEndpointServicesSTSRole(dryRun, serviceName, filter, maxResults, nextToken, stsParams, roleName, callback) | Describes available services to which you can create a VPC endpoint. | {base_path}/{version}?{query} | Yes |
| describeVpcEndpointsSTSRole(dryRun, vpcEndpointId, filter, maxResults, nextToken, stsParams, roleName, callback) | Describes one or more of your VPC endpoints. | {base_path}/{version}?{query} | Yes |
| describeVpcPeeringConnectionsSTSRole(filter, dryRun, vpcPeeringConnectionId, nextToken, maxResults, stsParams, roleName, callback) | Describes one or more of your VPC peering connections. | {base_path}/{version}?{query} | Yes |
| describeVpcsSTSRole(filter, vpcId, dryRun, nextToken, maxResults, stsParams, roleName, callback) | Describes one or more of your VPCs. | {base_path}/{version}/{pathv1}?{query} | Yes |
| describeVpnConnectionsSTSRole(filter, vpnConnectionId, dryRun, stsParams, roleName, callback) | Describes one or more of your VPN connections. For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide . | {base_path}/{version}?{query} | Yes |
| describeVpnGatewaysSTSRole(filter, vpnGatewayId, dryRun, stsParams, roleName, callback) | Describes one or more of your virtual private gateways. For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide . | {base_path}/{version}?{query} | Yes |
| detachClassicLinkVpcSTSRole(dryRun, instanceId, vpcId, stsParams, roleName, callback) | Unlinks (detaches) a linked EC2-Classic instance from a VPC. After the instance has been unlinked, the VPC security groups are no longer associated with it. An instance is automatically unlinked from a VPC when it's stopped. | {base_path}/{version}?{query} | Yes |
| detachInternetGatewaySTSRole(dryRun, internetGatewayId, vpcId, stsParams, roleName, callback) | Detaches an internet gateway from a VPC, disabling connectivity between the internet and the VPC. The VPC must not contain any running instances with Elastic IP addresses or public IPv4 addresses. | {base_path}/{version}?{query} | Yes |
| detachNetworkInterfaceSTSRole(attachmentId, dryRun, force, stsParams, roleName, callback) | Detaches a network interface from an instance. | {base_path}/{version}?{query} | Yes |
| detachVolumeSTSRole(device, force, instanceId, volumeId, dryRun, stsParams, roleName, callback) | Detaches an EBS volume from an instance. Make sure to unmount any file systems on the device within your operating system before detaching the volume. Failure to do so can result in the volume becoming stuck in the busy state while detaching. If this happens, detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot the instance, or all three. If an EBS volume is the root device of an instance, it can't be detached while the instance is running. To detach t...(description truncated) | {base_path}/{version}?{query} | Yes |
| detachVpnGatewaySTSRole(vpcId, vpnGatewayId, dryRun, stsParams, roleName, callback) | Detaches a virtual private gateway from a VPC. You do this if you're planning to turn off the VPC and not use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by describing the virtual private gateway (any attachments to the virtual private gateway are also described). You must wait for the attachment's state to switch to detached before you can delete the VPC or attach a different VPC to the virtual private gateway. | {base_path}/{version}?{query} | Yes |
| disableTransitGatewayRouteTablePropagationSTSRole(transitGatewayRouteTableId, transitGatewayAttachmentId, dryRun, stsParams, roleName, callback) | Disables the specified resource attachment from propagating routes to the specified propagation route table. | {base_path}/{version}?{query} | Yes |
| disableVgwRoutePropagationSTSRole(gatewayId, routeTableId, stsParams, roleName, callback) | Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC. | {base_path}/{version}?{query} | Yes |
| disableVpcClassicLinkSTSRole(dryRun, vpcId, stsParams, roleName, callback) | Disables ClassicLink for a VPC. You cannot disable ClassicLink for a VPC that has EC2-Classic instances linked to it. | {base_path}/{version}?{query} | Yes |
| disableVpcClassicLinkDnsSupportSTSRole(vpcId, stsParams, roleName, callback) | Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve to public IP addresses when addressed between a linked EC2-Classic instance and instances in the VPC to which it's linked. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| disassociateAddressSTSRole(associationId, publicIp, dryRun, stsParams, roleName, callback) | Disassociates an Elastic IP address from the instance or network interface it's associated with. An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide . This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn't return an error. | {base_path}/{version}?{query} | Yes |
| disassociateClientVpnTargetNetworkSTSRole(clientVpnEndpointId, associationId, dryRun, stsParams, roleName, callback) | Disassociates a target network from the specified Client VPN endpoint. When you disassociate the last target network from a Client VPN, the following happens: The route that was automatically added for the VPC is deleted All active client connections are terminated New client connections are disallowed The Client VPN endpoint's status changes to pending-associate | {base_path}/{version}?{query} | Yes |
| disassociateIamInstanceProfileSTSRole(associationId, stsParams, roleName, callback) | Disassociates an IAM instance profile from a running or stopped instance. Use DescribeIamInstanceProfileAssociations to get the association ID. | {base_path}/{version}?{query} | Yes |
| disassociateRouteTableSTSRole(associationId, dryRun, stsParams, roleName, callback) | Disassociates a subnet from a route table. After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the routes in the VPC's main route table. For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| disassociateSubnetCidrBlockSTSRole(associationId, stsParams, roleName, callback) | Disassociates a CIDR block from a subnet. Currently, you can disassociate an IPv6 CIDR block only. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it. | {base_path}/{version}?{query} | Yes |
| disassociateTransitGatewayRouteTableSTSRole(transitGatewayRouteTableId, transitGatewayAttachmentId, dryRun, stsParams, roleName, callback) | Disassociates a resource attachment from a transit gateway route table. | {base_path}/{version}?{query} | Yes |
| disassociateVpcCidrBlockSTSRole(associationId, stsParams, roleName, callback) | Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must specify its association ID. You can get the association ID by using DescribeVpcs . You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it. You cannot disassociate the CIDR block with which you originally created the VPC (the primary CIDR block). | {base_path}/{version}?{query} | Yes |
| enableTransitGatewayRouteTablePropagationSTSRole(transitGatewayRouteTableId, transitGatewayAttachmentId, dryRun, stsParams, roleName, callback) | Enables the specified attachment to propagate routes to the specified propagation route table. | {base_path}/{version}?{query} | Yes |
| enableVgwRoutePropagationSTSRole(gatewayId, routeTableId, stsParams, roleName, callback) | Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC. | {base_path}/{version}?{query} | Yes |
| enableVolumeIOSTSRole(dryRun, volumeId, stsParams, roleName, callback) | Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent. | {base_path}/{version}?{query} | Yes |
| enableVpcClassicLinkSTSRole(dryRun, vpcId, stsParams, roleName, callback) | Enables a VPC for ClassicLink. You can then link EC2-Classic instances to your ClassicLink-enabled VPC to allow communication over private IP addresses. You cannot enable your VPC for ClassicLink if any of your VPC route tables have existing routes for address ranges within the 10.0.0.0/8 IP address range, excluding local routes for VPCs in the 10.0.0.0/16 and 10.1.0.0/16 IP address ranges. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| enableVpcClassicLinkDnsSupportSTSRole(vpcId, stsParams, roleName, callback) | Enables a VPC to support DNS hostname resolution for ClassicLink. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it's linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| exportClientVpnClientCertificateRevocationListSTSRole(clientVpnEndpointId, dryRun, stsParams, roleName, callback) | Downloads the client certificate revocation list for the specified Client VPN endpoint. | {base_path}/{version}?{query} | Yes |
| exportClientVpnClientConfigurationSTSRole(clientVpnEndpointId, dryRun, stsParams, roleName, callback) | Downloads the contents of the Client VPN endpoint configuration file for the specified Client VPN endpoint. The Client VPN endpoint configuration file includes the Client VPN endpoint and certificate information clients need to establish a connection with the Client VPN endpoint. | {base_path}/{version}?{query} | Yes |
| exportTransitGatewayRoutesSTSRole(transitGatewayRouteTableId, filter, s3Bucket, dryRun, stsParams, roleName, callback) | Exports routes from the specified transit gateway route table to the specified S3 bucket. By default, all routes are exported. Alternatively, you can filter by CIDR range. | {base_path}/{version}?{query} | Yes |
| getConsoleOutputSTSRole(instanceId, dryRun, latest, stsParams, roleName, callback) | Gets the console output for the specified instance. For Linux instances, the instance console output displays the exact console output that would normally be displayed on a physical monitor attached to a computer. For Windows instances, the instance console output includes the last three system event log errors. By default, the console output returns buffered information that was posted shortly after an instance transition state (start, stop, reboot, or terminate). This information is availab...(description truncated) | {base_path}/{version}?{query} | Yes |
| getConsoleScreenshotSTSRole(dryRun, instanceId, wakeUp, stsParams, roleName, callback) | Retrieve a JPG-format screenshot of a running instance to help with troubleshooting. The returned content is Base64-encoded. | {base_path}/{version}?{query} | Yes |
| getHostReservationPurchasePreviewSTSRole(hostIdSet, offeringId, stsParams, roleName, callback) | Preview a reservation purchase with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation. This is a preview of the PurchaseHostReservation action and does not result in the offering being purchased. | {base_path}/{version}?{query} | Yes |
| getLaunchTemplateDataSTSRole(dryRun, instanceId, stsParams, roleName, callback) | Retrieves the configuration data of the specified instance. You can use this data to create a launch template. | {base_path}/{version}?{query} | Yes |
| getPasswordDataSTSRole(instanceId, dryRun, stsParams, roleName, callback) | Retrieves the encrypted administrator password for a running Windows instance. The Windows password is generated at boot by the EC2Config service or EC2Launch scripts (Windows Server 2016 and later). This usually only happens the first time an instance is launched. For more information, see EC2Config and EC2Launch in the Amazon Elastic Compute Cloud User Guide. For the EC2Config service, the password is not generated for rebundled AMIs unless Ec2SetPassword is enabled before bun...(description truncated) | {base_path}/{version}?{query} | Yes |
| getReservedInstancesExchangeQuoteSTSRole(dryRun, reservedInstanceId, targetConfiguration, stsParams, roleName, callback) | Returns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance. If the exchange cannot be performed, the reason is returned in the response. Use AcceptReservedInstancesExchangeQuote to perform the exchange. | {base_path}/{version}?{query} | Yes |
| getTransitGatewayAttachmentPropagationsSTSRole(transitGatewayAttachmentId, filter, maxResults, nextToken, dryRun, stsParams, roleName, callback) | Lists the route tables to which the specified resource attachment propagates routes. | {base_path}/{version}?{query} | Yes |
| getTransitGatewayRouteTableAssociationsSTSRole(transitGatewayRouteTableId, filter, maxResults, nextToken, dryRun, stsParams, roleName, callback) | Gets information about the associations for the specified transit gateway route table. | {base_path}/{version}?{query} | Yes |
| getTransitGatewayRouteTablePropagationsSTSRole(transitGatewayRouteTableId, filter, maxResults, nextToken, dryRun, stsParams, roleName, callback) | Gets information about the route table propagations for the specified transit gateway route table. | {base_path}/{version}?{query} | Yes |
| importClientVpnClientCertificateRevocationListSTSRole(clientVpnEndpointId, certificateRevocationList, dryRun, stsParams, roleName, callback) | Uploads a client certificate revocation list to the specified Client VPN endpoint. Uploading a client certificate revocation list overwrites the existing client certificate revocation list. Uploading a client certificate revocation list resets existing client connections. | {base_path}/{version}?{query} | Yes |
| importImageSTSRole(architecture, clientDataComment, clientDataUploadEnd, clientDataUploadSize, clientDataUploadStart, clientToken, description, diskContainer, dryRun, encrypted, hypervisor, kmsKeyId, licenseType, platform, roleName, stsParams, callback) | Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI). For more information, see Importing a VM as an Image Using VM Import/Export in the VM Import/Export User Guide . | {base_path}/{version}?{query} | Yes |
| importInstanceSTSRole(description, diskImage, dryRun, launchSpecificationAdditionalInfo, launchSpecificationArchitecture, launchSpecificationGroupIds, launchSpecificationGroupNames, launchSpecificationInstanceInitiatedShutdownBehavior, launchSpecificationInstanceType, launchSpecificationMonitoring, launchSpecificationPlacement, launchSpecificationPrivateIpAddress, launchSpecificationSubnetId, launchSpecificationUserData, platform = 'Windows', stsParams, roleName, callback) | Creates an import instance task using metadata from the specified disk image. ImportInstance only supports single-volume VMs. To import multi-volume VMs, use ImportImage . For more information, see Importing a Virtual Machine Using the Amazon EC2 CLI . For information about the import manifest referenced by this API action, see VM Import Manifest . | {base_path}/{version}?{query} | Yes |
| importKeyPairSTSRole(dryRun, keyName, publicKeyMaterial, stsParams, roleName, callback) | Imports the public key from an RSA key pair that you created with a third-party tool. Compare this with CreateKeyPair , in which AWS creates the key pair and gives the keys to you (AWS keeps a copy of the public key). With ImportKeyPair, you create the key pair and give AWS just the public key. The private key is never transferred between you and AWS. For more information about key pairs, see Key Pairs in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| importSnapshotSTSRole(clientDataComment, clientDataUploadEnd, clientDataUploadSize, clientDataUploadStart, clientToken, description, diskContainerDescription, diskContainerFormat, diskContainerUrl, diskContainerUserBucket, dryRun, encrypted, kmsKeyId, roleName, stsParams, callback) | Imports a disk into an EBS snapshot. | {base_path}/{version}?{query} | Yes |
| importVolumeSTSRole(availabilityZone, description, dryRun, imageBytes, imageFormat, imageImportManifestUrl, volumeSize, stsParams, roleName, callback) | Creates an import volume task using metadata from the specified disk image.For more information, see Importing Disks to Amazon EBS . For information about the import manifest referenced by this API action, see VM Import Manifest . | {base_path}/{version}?{query} | Yes |
| modifyCapacityReservationSTSRole(capacityReservationId, instanceCount, endDate, endDateType = 'unlimited', dryRun, stsParams, roleName, callback) | Modifies a Capacity Reservation's capacity and the conditions under which it is to be released. You cannot change a Capacity Reservation's instance type, EBS optimization, instance store settings, platform, Availability Zone, or instance eligibility. If you need to modify any of these attributes, we recommend that you cancel the Capacity Reservation, and then create a new one with the required attributes. | {base_path}/{version}?{query} | Yes |
| modifyClientVpnEndpointSTSRole(clientVpnEndpointId, serverCertificateArn, connectionLogOptionsEnabled, connectionLogOptionsCloudwatchLogGroup, connectionLogOptionsCloudwatchLogStream, dnsServersCustomDnsServers, dnsServersEnabled, description, dryRun, stsParams, roleName, callback) | Modifies the specified Client VPN endpoint. You can only modify an endpoint's server certificate information, client connection logging information, DNS server, and description. Modifying the DNS server resets existing client connections. | {base_path}/{version}?{query} | Yes |
| modifyFleetSTSRole(dryRun, excessCapacityTerminationPolicy = 'no-termination', fleetId, targetCapacitySpecificationTotalTargetCapacity, targetCapacitySpecificationOnDemandTargetCapacity, targetCapacitySpecificationSpotTargetCapacity, targetCapacitySpecificationDefaultTargetCapacityType, stsParams, roleName, callback) | Modifies the specified EC2 Fleet. While the EC2 Fleet is being modified, it is in the modifying state. | {base_path}/{version}?{query} | Yes |
| modifyFpgaImageAttributeSTSRole(dryRun, fpgaImageId, attribute = 'description', operationType = 'add', userId, userGroup, productCode, loadPermissionAdd, loadPermissionRemove, description, name, stsParams, roleName, callback) | Modifies the specified attribute of the specified Amazon FPGA Image (AFI). | {base_path}/{version}?{query} | Yes |
| modifyHostsSTSRole(autoPlacement = 'on', hostId, stsParams, roleName, callback) | Modify the auto-placement setting of a Dedicated Host. When auto-placement is enabled, any instances that you launch with a tenancy of host but without a specific host ID are placed onto any available Dedicated Host in your account that has auto-placement enabled. When auto-placement is disabled, you need to provide a host ID to have the instance launch onto a specific host. If no host ID is provided, the instance is launched onto a suitable host with auto-placement enabled. | {base_path}/{version}?{query} | Yes |
| modifyIdFormatSTSRole(resource, useLongIds, stsParams, roleName, callback) | Modifies the ID format for the specified resource on a per-Region basis. You can specify that resources should receive longer IDs (17-character IDs) when they are created. This request can only be used to modify longer ID settings for resource types that are within the opt-in period. Resources currently in their opt-in period include: bundle | conversion-task | customer-gateway | dhcp-options | elastic-ip-allocation | elastic-ip-association | export-task | flow-log | image |...(description truncated) | {base_path}/{version}?{query} | Yes |
| modifyIdentityIdFormatSTSRole(principalArn, resource, useLongIds, stsParams, roleName, callback) | Modifies the ID format of a resource for a specified IAM user, IAM role, or the root user for an account; or all IAM users, IAM roles, and the root user for an account. You can specify that resources should receive longer IDs (17-character IDs) when they are created. This request can only be used to modify longer ID settings for resource types that are within the opt-in period. Resources currently in their opt-in period include: bundle | conversion-task | customer-gateway | dhcp-optio...(description truncated) | {base_path}/{version}?{query} | Yes |
| modifyImageAttributeSTSRole(attribute, descriptionValue, imageId, launchPermissionAdd, launchPermissionRemove, operationType = 'add', productCode, userGroup, userId, value, dryRun, stsParams, roleName, callback) | Modifies the specified attribute of the specified AMI. You can specify only one attribute at a time. You can use the Attribute parameter to specify the attribute or one of the following parameters: Description , LaunchPermission , or ProductCode . AWS Marketplace product codes cannot be modified. Images with an AWS Marketplace product code cannot be made public. To enable the SriovNetSupport enhanced networking attribute of an image, enable SriovNetSupport on an instance and create an ...(description truncated) | {base_path}/{version}?{query} | Yes |
| modifyInstanceAttributeSTSRole(sourceDestCheckValue, attribute = 'instanceType', blockDeviceMapping, disableApiTerminationValue, dryRun, ebsOptimizedValue, enaSupportValue, groupId, instanceId, instanceInitiatedShutdownBehaviorValue, instanceTypeValue, kernelValue, ramdiskValue, sriovNetSupportValue, userDataValue, value, stsParams, roleName, callback) | Modifies the specified attribute of the specified instance. You can specify only one attribute at a time. Note: Using this action to change the security groups associated with an elastic network interface (ENI) attached to an instance in a VPC can result in an error if the instance has more than one ENI. To change the security groups associated with an ENI attached to an instance that has multiple ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action. To modify som...(description truncated) | {base_path}/{version}?{query} | Yes |
| modifyInstanceCapacityReservationAttributesSTSRole(instanceId, capacityReservationSpecificationCapacityReservationPreference, capacityReservationSpecificationCapacityReservationTarget, dryRun, stsParams, roleName, callback) | Modifies the Capacity Reservation settings for a stopped instance. Use this action to configure an instance to target a specific Capacity Reservation, run in any open Capacity Reservation with matching attributes, or run On-Demand Instance capacity. | {base_path}/{version}?{query} | Yes |
| modifyInstanceCreditSpecificationSTSRole(dryRun, clientToken, instanceCreditSpecification, stsParams, roleName, callback) | Modifies the credit option for CPU usage on a running or stopped T2 or T3 instance. The credit options are standard and unlimited . For more information, see Burstable Performance Instances in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| modifyInstanceEventStartTimeSTSRole(dryRun, instanceId, instanceEventId, notBefore, stsParams, roleName, callback) | Modifies the start time for a scheduled Amazon EC2 instance event. | {base_path}/{version}?{query} | Yes |
| modifyInstancePlacementSTSRole(affinity = 'default', groupName, hostId, instanceId, tenancy = 'dedicated', partitionNumber, stsParams, roleName, callback) | Modifies the placement attributes for a specified instance. You can do the following: Modify the affinity between an instance and a Dedicated Host . When affinity is set to host and the instance is not associated with a specific Dedicated Host, the next time the instance is launched, it is automatically associated with the host on which it lands. If the instance is restarted or rebooted, this relationship persists. Change the Dedicated Host with which an instance is associated. ...(description truncated) | {base_path}/{version}?{query} | Yes |
| modifyLaunchTemplateSTSRole(dryRun, clientToken, launchTemplateId, launchTemplateName, setDefaultVersion, stsParams, roleName, callback) | Modifies a launch template. You can specify which version of the launch template to set as the default version. When launching an instance, the default version applies when a launch template version is not specified. | {base_path}/{version}?{query} | Yes |
| modifyNetworkInterfaceAttributeSTSRole(attachmentAttachmentId, attachmentDeleteOnTermination, descriptionValue, dryRun, securityGroupId, networkInterfaceId, sourceDestCheckValue, stsParams, roleName, callback) | Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance. | {base_path}/{version}?{query} | Yes |
| modifyReservedInstancesSTSRole(reservedInstancesId, clientToken, reservedInstancesConfigurationSetItemType, stsParams, roleName, callback) | Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type. For more information, see Modifying Reserved Instances in the Amazon Elastic Compute Cloud User Guide. | {base_path}/{version}?{query} | Yes |
| modifySnapshotAttributeSTSRole(attribute = 'productCodes', createVolumePermissionAdd, createVolumePermissionRemove, userGroup, operationType = 'add', snapshotId, userId, dryRun, stsParams, roleName, callback) | Adds or removes permission settings for the specified snapshot. You may add or remove specified AWS account IDs from a snapshot's list of create volume permissions, but you cannot do both in a single API call. If you need to both add and remove account IDs for a snapshot, you must use multiple API calls. Encrypted snapshots and snapshots with AWS Marketplace product codes cannot be made public. Snapshots encrypted with your default CMK cannot be shared with other accounts. For more informat...(description truncated) | {base_path}/{version}?{query} | Yes |
| modifySpotFleetRequestSTSRole(excessCapacityTerminationPolicy = 'noTermination', spotFleetRequestId, targetCapacity, stsParams, roleName, callback) | Modifies the specified Spot Fleet request. While the Spot Fleet request is being modified, it is in the modifying state. To scale up your Spot Fleet, increase its target capacity. The Spot Fleet launches the additional Spot Instances according to the allocation strategy for the Spot Fleet request. If the allocation strategy is lowestPrice , the Spot Fleet launches instances using the Spot pool with the lowest price. If the allocation strategy is diversified , the Spot Fleet distributes ...(description truncated) | {base_path}/{version}?{query} | Yes |
| modifySubnetAttributeSTSRole(assignIpv6AddressOnCreationValue, mapPublicIpOnLaunchValue, subnetId, stsParams, roleName, callback) | Modifies a subnet attribute. You can only modify one attribute at a time. | {base_path}/{version}?{query} | Yes |
| modifyTransitGatewayVpcAttachmentSTSRole(transitGatewayAttachmentId, addSubnetIds, removeSubnetIds, optionsDnsSupport, optionsIpv6Support, dryRun, stsParams, roleName, callback) | Modifies the specified VPC attachment. | {base_path}/{version}?{query} | Yes |
| modifyVolumeSTSRole(dryRun, volumeId, size, volumeType = 'standard', iops, stsParams, roleName, callback) | You can modify several parameters of an existing EBS volume, including volume size, volume type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance type, you may be able to apply these changes without stopping the instance or detaching the volume from it. For more information about modifying an EBS volume running Linux, see Modifying the Size, IOPS, or Type of an EBS Volume on Linux . For more information about modifying an EBS volume running Windows, see M...(description truncated) | {base_path}/{version}?{query} | Yes |
| modifyVolumeAttributeSTSRole(autoEnableIOValue, volumeId, dryRun, stsParams, roleName, callback) | Modifies a volume attribute. By default, all I/O operations for the volume are suspended when the data on the volume is determined to be potentially inconsistent, to prevent undetectable, latent data corruption. The I/O access to the volume can be resumed by first enabling I/O access and then checking the data consistency on your volume. You can change the default behavior to resume I/O operations. We recommend that you change this only for boot volumes or for volumes that are stateless or ...(description truncated) | {base_path}/{version}?{query} | Yes |
| modifyVpcAttributeSTSRole(enableDnsHostnamesValue, enableDnsSupportValue, vpcId, stsParams, roleName, callback) | Modifies the specified attribute of the specified VPC. | {base_path}/{version}?{query} | Yes |
| modifyVpcEndpointSTSRole(dryRun, vpcEndpointId, resetPolicy, policyDocument, addRouteTableId, removeRouteTableId, addSubnetId, removeSubnetId, addSecurityGroupId, removeSecurityGroupId, privateDnsEnabled, stsParams, roleName, callback) | Modifies attributes of a specified VPC endpoint. The attributes that you can modify depend on the type of VPC endpoint (interface or gateway). For more information, see VPC Endpoints in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| modifyVpcEndpointConnectionNotificationSTSRole(dryRun, connectionNotificationId, connectionNotificationArn, connectionEvents, stsParams, roleName, callback) | Modifies a connection notification for VPC endpoint or VPC endpoint service. You can change the SNS topic for the notification, or the events for which to be notified. | {base_path}/{version}?{query} | Yes |
| modifyVpcEndpointServiceConfigurationSTSRole(dryRun, serviceId, acceptanceRequired, addNetworkLoadBalancerArn, removeNetworkLoadBalancerArn, stsParams, roleName, callback) | Modifies the attributes of your VPC endpoint service configuration. You can change the Network Load Balancers for your service, and you can specify whether acceptance is required for requests to connect to your endpoint service through an interface VPC endpoint. | {base_path}/{version}?{query} | Yes |
| modifyVpcEndpointServicePermissionsSTSRole(dryRun, serviceId, addAllowedPrincipals, removeAllowedPrincipals, stsParams, roleName, callback) | Modifies the permissions for your VPC endpoint service . You can add or remove permissions for service consumers (IAM users, IAM roles, and AWS accounts) to connect to your endpoint service. If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved. | {base_path}/{version}?{query} | Yes |
| modifyVpcPeeringConnectionOptionsSTSRole(accepterPeeringConnectionOptionsAllowDnsResolutionFromRemoteVpc, accepterPeeringConnectionOptionsAllowEgressFromLocalClassicLinkToRemoteVpc, accepterPeeringConnectionOptionsAllowEgressFromLocalVpcToRemoteClassicLink, dryRun, requesterPeeringConnectionOptionsAllowDnsResolutionFromRemoteVpc, requesterPeeringConnectionOptionsAllowEgressFromLocalClassicLinkToRemoteVpc, requesterPeeringConnectionOptionsAllowEgressFromLocalVpcToRemoteClassicLink, vpcPeeringConnectionId, stsParams, roleName, callback) | Modifies the VPC peering connection options on one side of a VPC peering connection. You can do the following: Enable/disable communication over the peering connection between an EC2-Classic instance that's linked to your VPC (using ClassicLink) and instances in the peer VPC. Enable/disable communication over the peering connection between instances in your VPC and an EC2-Classic instance that's linked to the peer VPC. Enable/disable the ability to resolve public DNS hostnames...(description truncated) | {base_path}/{version}?{query} | Yes |
| modifyVpcTenancySTSRole(vpcId, instanceTenancy = 'default', dryRun, stsParams, roleName, callback) | Modifies the instance tenancy attribute of the specified VPC. You can change the instance tenancy attribute of a VPC to default only. You cannot change the instance tenancy attribute to dedicated . After you modify the tenancy of the VPC, any new instances that you launch into the VPC have a tenancy of default , unless you specify otherwise during launch. The tenancy of any existing instances in the VPC is not affected. For more information, see Dedicated Instances in the Amazon Elas...(description truncated) | {base_path}/{version}?{query} | Yes |
| modifyVpnConnectionSTSRole(vpnConnectionId, transitGatewayId, vpnGatewayId, dryRun, stsParams, roleName, callback) | Modifies the target gateway of a AWS Site-to-Site VPN connection. The following migration options are available: An existing virtual private gateway to a new virtual private gateway An existing virtual private gateway to a transit gateway An existing transit gateway to a new transit gateway An existing transit gateway to a virtual private gateway Before you perform the migration to the new gateway, you must configure the new gateway. Use CreateVpnGateway to creat...(description truncated) | {base_path}/{version}?{query} | Yes |
| monitorInstancesSTSRole(instanceId, dryRun, stsParams, roleName, callback) | Enables detailed monitoring for a running instance. Otherwise, basic monitoring is enabled. For more information, see Monitoring Your Instances and Volumes in the Amazon Elastic Compute Cloud User Guide . To disable detailed monitoring, see . | {base_path}/{version}?{query} | Yes |
| moveAddressToVpcSTSRole(dryRun, publicIp, stsParams, roleName, callback) | Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform. The Elastic IP address must be allocated to your account for more than 24 hours, and it must not be associated with an instance. After the Elastic IP address is moved, it is no longer available for use in the EC2-Classic platform, unless you move it back using the RestoreAddressToClassic request. You cannot move an Elastic IP address that was originally allocated for use in the EC2-VPC platform to the EC2-Classi...(description truncated) | {base_path}/{version}?{query} | Yes |
| provisionByoipCidrSTSRole(cidr, cidrAuthorizationContextMessage, cidrAuthorizationContextSignature, description, dryRun, stsParams, roleName, callback) | Provisions an address range for use with your AWS resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr . AWS verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more...(description truncated) | {base_path}/{version}?{query} | Yes |
| purchaseHostReservationSTSRole(clientToken, currencyCode = 'USD', hostIdSet, limitPrice, offeringId, stsParams, roleName, callback) | Purchase a reservation with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation. This action results in the specified reservation being purchased and charged to your account. | {base_path}/{version}?{query} | Yes |
| purchaseReservedInstancesOfferingSTSRole(instanceCount, reservedInstancesOfferingId, dryRun, limitPriceAmount, limitPriceCurrencyCode, stsParams, roleName, callback) | Purchases a Reserved Instance for use with your account. With Reserved Instances, you pay a lower hourly rate compared to On-Demand instance pricing. Use DescribeReservedInstancesOfferings to get a list of Reserved Instance offerings that match your specifications. After you've purchased a Reserved Instance, you can check for your new Reserved Instance with DescribeReservedInstances . For more information, see Reserved Instances and Reserved Instance Marketplace in the Amazon Elasti...(description truncated) | {base_path}/{version}?{query} | Yes |
| purchaseScheduledInstancesSTSRole(clientToken, dryRun, purchaseRequest, stsParams, roleName, callback) | Purchases the Scheduled Instances with the specified schedule. Scheduled Instances enable you to purchase Amazon EC2 compute capacity by the hour for a one-year term. Before you can purchase a Scheduled Instance, you must call DescribeScheduledInstanceAvailability to check for available schedules and obtain a purchase token. After you purchase a Scheduled Instance, you must call RunScheduledInstances during each scheduled time period. After you purchase a Scheduled Instance, you can't c...(description truncated) | {base_path}/{version}?{query} | Yes |
| rebootInstancesSTSRole(instanceId, dryRun, stsParams, roleName, callback) | Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored. If an instance does not cleanly shut down within four minutes, Amazon EC2 performs a hard reboot. For more information about troubleshooting, see Getting Console Output and Rebooting Instances in the Amazon Elastic Compute Cloud Use...(description truncated) | {base_path}/{version}?{query} | Yes |
| registerImageSTSRole(imageLocation, architecture = 'i386', blockDeviceMapping, description, dryRun, enaSupport, kernelId, name, billingProduct, ramdiskId, rootDeviceName, sriovNetSupport, virtualizationType, stsParams, roleName, callback) | Registers an AMI. When you're creating an AMI, this is the final step you must complete before you can launch an instance from the AMI. For more information about creating AMIs, see Creating Your Own AMIs in the Amazon Elastic Compute Cloud User Guide . For Amazon EBS-backed instances, CreateImage creates and registers the AMI in a single request, so you don't have to register the AMI yourself. You can also use RegisterImage to create an Amazon EBS-backed Linux AMI from a snapsho...(description truncated) | {base_path}/{version}?{query} | Yes |
| rejectTransitGatewayVpcAttachmentSTSRole(transitGatewayAttachmentId, dryRun, stsParams, roleName, callback) | Rejects a request to attach a VPC to a transit gateway. The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachment to accept a VPC attachment request. | {base_path}/{version}?{query} | Yes |
| rejectVpcEndpointConnectionsSTSRole(dryRun, serviceId, vpcEndpointId, stsParams, roleName, callback) | Rejects one or more VPC endpoint connection requests to your VPC endpoint service. | {base_path}/{version}?{query} | Yes |
| rejectVpcPeeringConnectionSTSRole(dryRun, vpcPeeringConnectionId, stsParams, roleName, callback) | Rejects a VPC peering connection request. The VPC peering connection must be in the pending-acceptance state. Use the DescribeVpcPeeringConnections request to view your outstanding VPC peering connection requests. To delete an active VPC peering connection, or to delete a VPC peering connection request that you initiated, use DeleteVpcPeeringConnection . | {base_path}/{version}?{query} | Yes |
| releaseAddressSTSRole(allocationId, publicIp, dryRun, stsParams, roleName, callback) | Releases the specified Elastic IP address. [EC2-Classic, default VPC] Releasing an Elastic IP address automatically disassociates it from any instance that it's associated with. To disassociate an Elastic IP address without releasing it, use DisassociateAddress . [Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic IP address before you can release it. Otherwise, Amazon EC2 returns an error ( InvalidIPAddress.InUse ). After releasing an Elastic IP address, it i...(description truncated) | {base_path}/{version}?{query} | Yes |
| releaseHostsSTSRole(hostId, stsParams, roleName, callback) | When you no longer want to use an On-Demand Dedicated Host it can be released. On-Demand billing is stopped and the host goes into released state. The host ID of Dedicated Hosts that have been released can no longer be specified in another request, for example, to modify the host. You must stop or terminate all instances on a host before it can be released. When Dedicated Hosts are released, it may take some time for them to stop counting toward your limit and you may receive capacity error...(description truncated) | {base_path}/{version}?{query} | Yes |
| replaceIamInstanceProfileAssociationSTSRole(iamInstanceProfileArn, iamInstanceProfileName, associationId, stsParams, roleName, callback) | Replaces an IAM instance profile for the specified running instance. You can use this action to change the IAM instance profile that's associated with an instance without having to disassociate the existing IAM instance profile first. Use DescribeIamInstanceProfileAssociations to get the association ID. | {base_path}/{version}?{query} | Yes |
| replaceNetworkAclAssociationSTSRole(associationId, dryRun, networkAclId, stsParams, roleName, callback) | Changes which network ACL a subnet is associated with. By default when you create a subnet, it's automatically associated with the default network ACL. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide . This is an idempotent operation. | {base_path}/{version}?{query} | Yes |
| replaceNetworkAclEntrySTSRole(cidrBlock, dryRun, egress, icmpCode, icmpType, ipv6CidrBlock, networkAclId, portRangeFrom, portRangeTo, protocol, ruleAction = 'allow', ruleNumber, stsParams, roleName, callback) | Replaces an entry (rule) in a network ACL. For more information, see Network ACLs in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| replaceRouteSTSRole(destinationCidrBlock, destinationIpv6CidrBlock, dryRun, egressOnlyInternetGatewayId, gatewayId, instanceId, natGatewayId, transitGatewayId, networkInterfaceId, routeTableId, vpcPeeringConnectionId, stsParams, roleName, callback) | Replaces an existing route within a route table in a VPC. You must provide only one of the following: internet gateway or virtual private gateway, NAT instance, NAT gateway, VPC peering connection, network interface, or egress-only internet gateway. For more information, see Route Tables in the Amazon Virtual Private Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| replaceRouteTableAssociationSTSRole(associationId, dryRun, routeTableId, stsParams, roleName, callback) | Changes the route table associated with a given subnet in a VPC. After the operation completes, the subnet uses the routes in the new route table it's associated with. For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User Guide . You can also use ReplaceRouteTableAssociation to change which table is the main route table in the VPC. You just specify the main route table's association ID and the route table to be the new main route table. | {base_path}/{version}?{query} | Yes |
| replaceTransitGatewayRouteSTSRole(destinationCidrBlock, transitGatewayRouteTableId, transitGatewayAttachmentId, blackhole, dryRun, stsParams, roleName, callback) | Replaces the specified route in the specified transit gateway route table. | {base_path}/{version}?{query} | Yes |
| reportInstanceStatusSTSRole(description, dryRun, endTime, instanceId, reasonCode, startTime, status = 'ok', stsParams, roleName, callback) | Submits feedback about the status of an instance. The instance must be in the running state. If your experience with the instance differs from the instance status returned by DescribeInstanceStatus , use ReportInstanceStatus to report your experience with the instance. Amazon EC2 collects this information to improve the accuracy of status checks. Use of this action does not change the value returned by DescribeInstanceStatus . | {base_path}/{version}?{query} | Yes |
| requestSpotFleetSTSRole(dryRun, spotFleetRequestConfigAllocationStrategy, spotFleetRequestConfigOnDemandAllocationStrategy, spotFleetRequestConfigClientToken, spotFleetRequestConfigExcessCapacityTerminationPolicy, spotFleetRequestConfigFulfilledCapacity, spotFleetRequestConfigOnDemandFulfilledCapacity, spotFleetRequestConfigIamFleetRole, spotFleetRequestConfigLaunchSpecifications, spotFleetRequestConfigLaunchTemplateConfigs, spotFleetRequestConfigSpotPrice, spotFleetRequestConfigTargetCapacity, spotFleetRequestConfigOnDemandTargetCapacity, spotFleetRequestConfigTerminateInstancesWithExpiration, spotFleetRequestConfigType, spotFleetRequestConfigValidFrom, spotFleetRequestConfigValidUntil, spotFleetRequestConfigReplaceUnhealthyInstances, spotFleetRequestConfigInstanceInterruptionBehavior, spotFleetRequestConfigLoadBalancersConfig, spotFleetRequestConfigInstancePoolsToUseCount, stsParams, roleName, callback) | Creates a Spot Fleet request. The Spot Fleet request specifies the total target capacity and the On-Demand target capacity. Amazon EC2 calculates the difference between the total capacity and On-Demand capacity, and launches the difference as Spot capacity. You can submit a single request that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet. By default, the Spot Fleet requests Spot Instances in the Spot pool where the price per unit is...(description truncated) | {base_path}/{version}?{query} | Yes |
| requestSpotInstancesSTSRole(availabilityZoneGroup, blockDurationMinutes, clientToken, dryRun, instanceCount, launchGroup, launchSpecificationSecurityGroupIds, launchSpecificationSecurityGroups, launchSpecificationAddressingType, launchSpecificationBlockDeviceMappings, launchSpecificationEbsOptimized, launchSpecificationIamInstanceProfile, launchSpecificationImageId, launchSpecificationInstanceType, launchSpecificationKernelId, launchSpecificationKeyName, launchSpecificationMonitoring, launchSpecificationNetworkInterfaces, launchSpecificationPlacement, launchSpecificationRamdiskId, launchSpecificationSubnetId, launchSpecificationUserData, spotPrice, type = 'one-time', validFrom, validUntil, instanceInterruptionBehavior = 'hibernate', stsParams, roleName, callback) | Creates a Spot Instance request. For more information, see Spot Instance Requests in the Amazon EC2 User Guide for Linux Instances . | {base_path}/{version}?{query} | Yes |
| resetFpgaImageAttributeSTSRole(dryRun, fpgaImageId, attribute = 'loadPermission', stsParams, roleName, callback) | Resets the specified attribute of the specified Amazon FPGA Image (AFI) to its default value. You can only reset the load permission attribute. | {base_path}/{version}?{query} | Yes |
| resetImageAttributeSTSRole(attribute = 'launchPermission', imageId, dryRun, stsParams, roleName, callback) | Resets an attribute of an AMI to its default value. The productCodes attribute can't be reset. | {base_path}/{version}?{query} | Yes |
| resetInstanceAttributeSTSRole(attribute = 'instanceType', dryRun, instanceId, stsParams, roleName, callback) | Resets an attribute of an instance to its default value. To reset the kernel or ramdisk , the instance must be in a stopped state. To reset the sourceDestCheck , the instance can be either running or stopped. The sourceDestCheck attribute controls whether source/destination checking is enabled. The default value is true , which means checking is enabled. This value must be false for a NAT instance to perform NAT. For more information, see NAT Instances in the Amazon Virtual Privat...(description truncated) | {base_path}/{version}?{query} | Yes |
| resetNetworkInterfaceAttributeSTSRole(dryRun, networkInterfaceId, sourceDestCheck, stsParams, roleName, callback) | Resets a network interface attribute. You can specify only one attribute at a time. | {base_path}/{version}?{query} | Yes |
| resetSnapshotAttributeSTSRole(attribute = 'productCodes', snapshotId, dryRun, stsParams, roleName, callback) | Resets permission settings for the specified snapshot. For more information about modifying snapshot permissions, see Sharing Snapshots in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| restoreAddressToClassicSTSRole(dryRun, publicIp, stsParams, roleName, callback) | Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform. You cannot move an Elastic IP address that was originally allocated for use in EC2-VPC. The Elastic IP address must not be associated with an instance or network interface. | {base_path}/{version}?{query} | Yes |
| revokeClientVpnIngressSTSRole(clientVpnEndpointId, targetNetworkCidr, accessGroupId, revokeAllGroups, dryRun, stsParams, roleName, callback) | Removes an ingress authorization rule from a Client VPN endpoint. | {base_path}/{version}?{query} | Yes |
| revokeSecurityGroupEgressSTSRole(dryRun, groupId, ipPermissions, cidrIp, fromPort, ipProtocol, toPort, sourceSecurityGroupName, sourceSecurityGroupOwnerId, stsParams, roleName, callback) | [VPC only] Removes the specified egress rules from a security group for EC2-VPC. This action doesn't apply to security groups for use in EC2-Classic. To remove a rule, the values that you specify (for example, ports) must match the existing rule's values exactly. Each rule consists of the protocol and the IPv4 or IPv6 CIDR range or source security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify th...(description truncated) | {base_path}/{version}?{query} | Yes |
| revokeSecurityGroupIngressSTSRole(cidrIp, fromPort, groupId, groupName, ipPermissions, ipProtocol, sourceSecurityGroupName, sourceSecurityGroupOwnerId, toPort, dryRun, stsParams, roleName, callback) | Removes the specified ingress rules from a security group. To remove a rule, the values that you specify (for example, ports) must match the existing rule's values exactly. [EC2-Classic only] If the values you specify do not match the existing rule's values, no error is returned. Use DescribeSecurityGroups to verify that the rule has been removed. Each rule consists of the protocol and the CIDR range or source security group. For the TCP and UDP protocols, you must also specify the de...(description truncated) | {base_path}/{version}?{query} | Yes |
| runInstancesSTSRole(blockDeviceMapping, imageId, instanceType = 't1.micro', ipv6AddressCount, ipv6Address, kernelId, keyName, maxCount, minCount, monitoringEnabled, placementAvailabilityZone, placementAffinity, placementGroupName, placementPartitionNumber, placementHostId, placementTenancy, placementSpreadDomain, ramdiskId, securityGroupId, securityGroup, subnetId, userData, additionalInfo, clientToken, disableApiTermination, dryRun, ebsOptimized, iamInstanceProfileArn, iamInstanceProfileName, instanceInitiatedShutdownBehavior = 'stop', networkInterface, privateIpAddress, elasticGpuSpecification, elasticInferenceAccelerator, tagSpecification, launchTemplateLaunchTemplateId, launchTemplateLaunchTemplateName, launchTemplateVersion, instanceMarketOptionsMarketType, instanceMarketOptionsSpotOptions, creditSpecificationCpuCredits, cpuOptionsCoreCount, cpuOptionsThreadsPerCore, capacityReservationSpecificationCapacityReservationPreference, capacityReservationSpecificationCapacityReservationTarget, hibernationOptionsConfigured, licenseSpecification, stsParams, roleName, callback) | Launches the specified number of instances using an AMI for which you have permissions. You can specify a number of options, or leave the default options. The following rules apply: [EC2-VPC] If you don't specify a subnet ID, we choose a default subnet from your default VPC for you. If you don't have a default VPC, you must specify a subnet ID in the request. [EC2-Classic] If don't specify an Availability Zone, we choose one for you. Some instance types must be launched int...(description truncated) | {base_path}/{version}?{query} | Yes |
| runScheduledInstancesSTSRole(clientToken, dryRun, instanceCount, launchSpecificationBlockDeviceMappings, launchSpecificationEbsOptimized, launchSpecificationIamInstanceProfile, launchSpecificationImageId, launchSpecificationInstanceType, launchSpecificationKernelId, launchSpecificationKeyName, launchSpecificationMonitoring, launchSpecificationNetworkInterfaces, launchSpecificationPlacement, launchSpecificationRamdiskId, launchSpecificationSecurityGroupIds, launchSpecificationSubnetId, launchSpecificationUserData, scheduledInstanceId, stsParams, roleName, callback) | Launches the specified Scheduled Instances. Before you can launch a Scheduled Instance, you must purchase it and obtain an identifier using PurchaseScheduledInstances . You must launch a Scheduled Instance during its scheduled time period. You can't stop or reboot a Scheduled Instance, but you can terminate it as needed. If you terminate a Scheduled Instance before the current scheduled time period ends, you can launch it again after a few minutes. For more information, see Scheduled Inst...(description truncated) | {base_path}/{version}?{query} | Yes |
| searchTransitGatewayRoutesSTSRole(transitGatewayRouteTableId, filter, maxResults, dryRun, stsParams, roleName, callback) | Searches for routes in the specified transit gateway route table. | {base_path}/{version}?{query} | Yes |
| startInstancesSTSRole(instanceId, additionalInfo, dryRun, stsParams, roleName, callback) | Starts an Amazon EBS-backed instance that you've previously stopped. Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for instance usage. However, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Every time you start your Windows instance...(description truncated) | {base_path}/{version}?{query} | Yes |
| stopInstancesSTSRole(instanceId, hibernate, dryRun, force, stsParams, roleName, callback) | Stops an Amazon EBS-backed instance. You can use the Stop action to hibernate an instance if the instance is enabled for hibernation and it meets the hibernation prerequisites . For more information, see Hibernate Your Instance in the Amazon Elastic Compute Cloud User Guide . We don't charge usage for a stopped instance, or data transfer fees; however, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. Eve...(description truncated) | {base_path}/{version}?{query} | Yes |
| terminateClientVpnConnectionsSTSRole(clientVpnEndpointId, connectionId, username, dryRun, stsParams, roleName, callback) | Terminates active Client VPN endpoint connections. This action can be used to terminate a specific client connection, or up to five connections established by a specific user. | {base_path}/{version}?{query} | Yes |
| terminateInstancesSTSRole(instanceId, dryRun, stsParams, roleName, callback) | Shuts down the specified instances. This operation is idempotent; if you terminate an instance more than once, each call succeeds. If you specify multiple instances and the request fails (for example, because of a single incorrect instance ID), none of the instances are terminated. Terminated instances remain visible after termination (for approximately one hour). By default, Amazon EC2 deletes all EBS volumes that were attached when the instance launched. Volumes attached after instance...(description truncated) | {base_path}/{version}?{query} | Yes |
| unassignIpv6AddressesSTSRole(ipv6Addresses, networkInterfaceId, stsParams, roleName, callback) | Unassigns one or more IPv6 addresses from a network interface. | {base_path}/{version}?{query} | Yes |
| unassignPrivateIpAddressesSTSRole(networkInterfaceId, privateIpAddress, stsParams, roleName, callback) | Unassigns one or more secondary private IP addresses from a network interface. | {base_path}/{version}?{query} | Yes |
| unmonitorInstancesSTSRole(instanceId, dryRun, stsParams, roleName, callback) | Disables detailed monitoring for a running instance. For more information, see Monitoring Your Instances and Volumes in the Amazon Elastic Compute Cloud User Guide . | {base_path}/{version}?{query} | Yes |
| updateSecurityGroupRuleDescriptionsEgressSTSRole(dryRun, groupId, groupName, ipPermissions, stsParams, roleName, callback) | [VPC only] Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You specify the description as part of the IP permissions structure. You can remove a description for a security group rule by omitting the description parameter in the request. | {base_path}/{version}?{query} | Yes |
| updateSecurityGroupRuleDescriptionsIngressSTSRole(dryRun, groupId, groupName, ipPermissions, stsParams, roleName, callback) | Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You specify the description as part of the IP permissions structure. You can remove a description for a security group rule by omitting the description parameter in the request. | {base_path}/{version}?{query} | Yes |
| withdrawByoipCidrSTSRole(cidr, dryRun, stsParams, roleName, callback) | Stops advertising an IPv4 address range that is provisioned as an address pool. You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time. It can take a few minutes before traffic to the specified addresses stops routing to AWS because of BGP propagation delays. | {base_path}/{version}?{query} | Yes |
Authentication
This document will go through the steps for authenticating the AWS EC2 adapter with AWS Signature 4 Authentication. Properly configuring the properties for an adapter in IAP is critical for getting the adapter online. You can read more about adapter authentication HERE.
AWS Authentication
The AWS EC2 adapter requires AWS Authentication it does not utilize any of the autnetication methods provided by the adapter library as a result, the auth_method should be set to no_authentication. The adapter utilizes AWS signature 4 authentication. There are 3 flavors of doing this.
The first way is using a "service" account and its AWS keys to authentication as that account. In this case, you will get the aws_access_key, aws_secret_key, and aws_session_token from AWS and configure them into the adapter service instance as shown below.
The second way is using AWS STS. this still requires a "service" account and its AWS keys to authentication as that account. In this case, you will get the aws_access_key, aws_secret_key, and aws_session_token from AWS and configure them into the adapter service instance as shown below. In addition, you will provide STS paramaters in the workflow tasks that tell the adapter the role you want used on the particular call.
The third authentication method is to use an IAM role. With this method, you do not need any authentication keys as the adapter will utilize an "internal" AWS call to get the things that it needs for authentication. Since the adapter needs to make the call to this "internal" AWS IP address, the IAP server needs to be where it has access to that address or you will not be able to use this method.
If you change authentication methods, you should change this section accordingly and merge it back into the adapter repository.
AWS Signature 4 Service Account Authentication
The AWS EC2 adapter requires AWS Signature 4 Authentication. If you change authentication methods, you should change this section accordingly and merge it back into the adapter repository.
This authentication is done in the adapter itself and not in the adapter libraries. This is why the auth_method is set to "no_authentication".
STEPS
- Ensure you have access to a AWS EC2 server and that it is running
- Follow the steps in the README.md to import the adapter into IAP if you have not already done so
- Use the properties below for the
properties.authenticationfield"authentication": { "auth_method": "no_authentication", "aws_access_key": "aws_access_key", "aws_secret_key": "aws_secret_key", "aws_session_token": "aws_session_token" }you can leave all of the other properties in the authentication section, they will not be used for AWS EC2 authentication.
- Restart the adapter. If your properties were set correctly, the adapter should go online.
AWS Security Token Service
The AWS EC2 adapter also supports AWS Security Token Service (STS) Authentication. For using this authentication, you need to use the calls in the Adapter that have the STSRole suffix on them and pass the STS information into the method.
AWS IAM Role
The AWS EC2 adapter also supports AWS IAM Role Authentication. For using this authentication, you need to use the calls in the Adapter that have the STSRole suffix on them and pass the RoleName into the method.
AMAZON STEPS FOR IAM ROLE
Increase number of hops if running IAP inside of docker on EC2 instance
aws sso login --profile aws-bota-1
<export aws keys for CLI access>
aws ec2 modify-instance-metadata-options --instance-id i-0e150236026b7c45d --http-put-response-hop-limit 3 --http-endpoint enabled --region us-east-1Create a new role and attach to it policies:
- go to your EC2 instance, select it
- Actions->Security->Modify IAM Role
- Click 'Create New IAM Role'
- Create a role:
Trusted entity type: AWS service Use Case: EC2
Add policies to the role
- AmazonEC2FullAccess (Provides full access to Amazon EC2 via the AWS Management Console.)
Save the role
Go back to your EC2 instance and Actions->Security->Modify IAM Role, associate newly created role with your EC2 instance
Troubleshooting
- Make sure you copied over the correct access key, secret key and session token.
- Turn on debug level logs for the adapter in IAP Admin Essentials.
- Turn on auth_logging for the adapter in IAP Admin Essentials (adapter properties).
- Investigate the logs - in particular:
- The FULL REQUEST log to make sure the proper headers are being sent with the request.
- The FULL BODY log to make sure the payload is accurate.
- The CALL RETURN log to see what the other system is telling us.
- Credentials should be masked by the adapter so make sure you verify the username and password - including that there are erroneous spaces at the front or end.
- Remember when you are done to turn auth_logging off as you do not want to log credentials.
- For IAM, you can run this on the IAP server to verify you are getting to the "internal" AWS Server
TOKEN=`curl -v -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` && curl -v -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/iam/security-credentials/<rolename>Additional Information
Enhancements
Adding a Second Instance of an Adapter
You can add a second instance of this adapter without adding new code on the file system. To do this go into the IAP Admin Essentials and add a new service config for this adapter. The two instances of the adapter should have unique ids. In addition, they should point to different instances (unique host and port) of the other system.
Adding Adapter Calls
There are multiple ways to add calls to an existing adapter.
The easiest way would be to use the Adapter Builder update process. This process takes in a Swagger or OpenAPI document, allows you to select the calls you want to add and then generates a zip file that can be used to update the adapter. Once you have the zip file simply put it in the adapter directory and execute npm run adapter:update.
mv updatePackage.zip adapter-aws_ec2
cd adapter-aws_ec2
npm run adapter:updateIf you do not have a Swagger or OpenAPI document, you can use a Postman Collection and convert that to an OpenAPI document using APIMatic and then follow the first process.
If you want to manually update the adapter that can also be done the key thing is to make sure you update all of the right files. Within the entities directory you will find 1 or more entities. You can create a new entity or add to an existing entity. Each entity has an action.json file, any new call will need to be put in the action.json file. It will also need to be added to the enum for the ph_request_type in the appropriate schema files. Once this configuration is complete you will need to add the call to the adapter.js file and, in order to make it available as a workflow task in IAP, it should also be added to the pronghorn.json file. You can optionally add it to the unit and integration test files. There is more information on how to work on each of these files in the Adapter Technical Resources on our Documentation Site.
Files to update
* entities/<entity>/action.json: add an action
* entities/<entity>/schema.json (or the schema defined on the action): add action to the enum for ph_request_type
* adapter.js: add the new method and make sure it calls the proper entity and action
* pronghorn.json: add the new method
* test/unit/adapterTestUnit.js (optional but best practice): add unit test(s) - function is there, any required parameters error when not passed in
* test/integration/adapterTestIntegration.js (optional but best practice): add integration testAdding Adapter Properties
While changing adapter properties is done in the service instance configuration section of IAP, adding properties has to be done in the adapter. To add a property you should edit the propertiesSchema.json with the proper information for the property. In addition, you should modify the sampleProperties to have the new property in it.
Files to update
* propertiesSchema.json: add the new property and how it is defined
* sampleProperties: add the new property with a default value
* test/unit/adapterTestUnit.js (optional but best practice): add the property to the global properties
* test/integration/adapterTestIntegration.js (optional but best practice): add the property to the global propertiesChanging Adapter Authentication
Often an adapter is built before knowing the authentication and authentication processes can also change over time. The adapter supports many different kinds of authentication but it does require configuration. Some forms of authentication can be defined entirely with the adapter properties but others require configuration.
Files to update
* entities/.system/action.json: change the getToken action as needed
* entities/.system/schemaTokenReq.json: add input parameters (external name is name in other system)
* entities/.system/schemaTokenResp.json: add response parameters (external name is name in other system)
* propertiesSchema.json: add any new property and how it is defined
* sampleProperties: add any new property with a default value
* test/unit/adapterTestUnit.js (optional but best practice): add the property to the global properties
* test/integration/adapterTestIntegration.js (optional but best practice): add the property to the global propertiesEnhancing Adapter Integration Tests
The adapter integration tests are written to be able to test in either stub (standalone) mode or integrated to the other system. However, if integrating to the other system, you may need to provide better data than what the adapter provides by default as that data is likely to fail for create and update. To provide better data, edit the adapter integration test file. Make sure you do not remove the marker and keep custom code below the marker so you do not impact future migrations. Once the edits are complete, run the integration test as it instructs you to above. When you run integrated to the other system, you can also save mockdata for future use by changing the isSaveMockData flag to true.
Files to update
* test/integration/adapterTestIntegration.js: add better data for the create and update calls so that they will not fail.As mentioned previously, for most of these changes as well as other possible changes, there is more information on how to work on an adapter in the Adapter Technical Resources on our Documentation Site.
Contributing
First off, thanks for taking the time to contribute!
The following is a set of rules for contributing.
Code of Conduct
This project and everyone participating in it is governed by the Code of Conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to support@itential.com.
How to Contribute
Follow the contributing guide (here)[https://gitlab.com/itentialopensource/adapters/contributing-guide]
Helpful Links
Node Scripts
There are several node scripts that now accompany the adapter. These scripts are provided to make several activities easier. Many of these scripts can have issues with different versions of IAP as they have dependencies on IAP and Mongo. If you have issues with the scripts please report them to the Itential Adapter Team. Each of these scripts are described below.
| Run | Description |
|---|---|
| npm run adapter:install | Provides an easier way to install the adapter. |
| npm run adapter:checkMigrate | Checks whether your adapter can and should be migrated to the latest foundation. |
| npm run adapter:findPath | Can be used to see if the adapter supports a particular API call. |
| npm run adapter:migrate | Provides an easier way to update your adapter after you download the migration zip from Itential DevSite. |
| npm run adapter:update | Provides an easier way to update your adapter after you download the update zip from Itential DevSite. |
| npm run adapter:revert | Allows you to revert after a migration or update if it resulted in issues. |
| npm run troubleshoot | Provides a way to troubleshoot the adapter - runs connectivity, healthcheck and basic get. |
| npm run connectivity | Provides a connectivity check to the Servicenow system. |
| npm run healthcheck | Checks whether the configured healthcheck call works to Servicenow. |
| npm run basicget | Checks whether the basic get calls works to Servicenow. |
Troubleshoot
Run npm run troubleshoot to start the interactive troubleshooting process. The command allows you to verify and update connection, authentication as well as healthcheck configuration. After that it will test these properties by sending HTTP request to the endpoint. If the tests pass, it will persist these changes into IAP.
You also have the option to run individual commands to perform specific test:
npm run healthcheckwill perform a healthcheck request of with current setting.npm run basicgetwill perform some non-parameter GET request with current setting.npm run connectivitywill perform networking diagnostics of the adatper endpoint.
Connectivity Issues
- You can run the adapter troubleshooting script which will check connectivity, run the healthcheck and run basic get calls.
npm run troubleshoot- Verify the adapter properties are set up correctly.
Go into the Itential Platform GUI and verify/update the properties- Verify there is connectivity between the Itential Platform Server and Awsec2 Server.
ping the ip address of Awsec2 server
try telnet to the ip address port of Awsec2
execute a curl command to the other system- Verify the credentials provided for Awsec2.
login to Awsec2 using the provided credentials- Verify the API of the call utilized for Awsec2 Healthcheck.
Go into the Itential Platform GUI and verify/update the propertiesFunctional Issues
Adapter logs are located in /var/log/pronghorn. In older releases of the Itential Platform, there is a pronghorn.log file which contains logs for all of the Itential Platform. In newer versions, adapters can be configured to log into their own files.