0% found this document useful (0 votes)

10 views632 pages

Ec2 CLT

Uploaded by

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

10 views632 pages

Ec2 CLT

Uploaded by

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 632

Amazon Elastic Compute Cloud

CLI Reference
API Version 2012-06-15
Amazon Elastic Compute Cloud CLI Reference

Amazon Elastic Compute Cloud: CLI Reference

The following are trademarks or registered trademarks of Amazon: Amazon, Amazon.com, Amazon.com
Design, Amazon DevPay, Amazon EC2, Amazon Web Services Design, AWS, CloudFront, EC2, Elastic
Compute Cloud, Kindle, and Mechanical Turk. In addition, Amazon.com graphics, logos, page headers,
button icons, scripts, and service names are trademarks, or trade dress of Amazon in the U.S. and/or other
countries. Amazon's trademarks and trade dress may not be used in connection with any product or service
that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner
that disparages or discredits Amazon.

All other trademarks not owned by Amazon are the property of their respective owners, who may or may
not be affiliated with, connected to, or sponsored by Amazon.
Amazon Elastic Compute Cloud CLI Reference

Welcome ................................................................................................................................................. 1
API Tools Reference ............................................................................................................................... 2
Common Options for API Tools ............................................................................................................... 5
List of API Tools by Function ................................................................................................................... 7
ec2-allocate-address ............................................................................................................................ 13
ec2-assign-private-ip-addresses ........................................................................................................... 17
ec2-associate-address .......................................................................................................................... 21
ec2-associate-dhcp-options .................................................................................................................. 26
ec2-associate-route-table ..................................................................................................................... 30
ec2-attach-internet-gateway ................................................................................................................. 34
ec2-attach-network-interface ................................................................................................................ 37
ec2-attach-volume ................................................................................................................................ 40
ec2-attach-vpn-gateway ........................................................................................................................ 44
ec2-authorize ........................................................................................................................................ 48
ec2-bundle-instance ............................................................................................................................. 55
ec2-cancel-bundle-task ......................................................................................................................... 60
ec2-cancel-conversion-task .................................................................................................................. 63
ec2-cancel-export-task ......................................................................................................................... 67
ec2-cancel-spot-instance-requests ....................................................................................................... 70
ec2-confirm-product-instance ............................................................................................................... 73
ec2-create-customer-gateway .............................................................................................................. 76
ec2-create-dhcp-options ....................................................................................................................... 80
ec2-create-group .................................................................................................................................. 84
ec2-create-image .................................................................................................................................. 88
ec2-create-instance-export-task ........................................................................................................... 92
ec2-create-internet-gateway ................................................................................................................. 96
ec2-create-keypair ................................................................................................................................ 99
ec2-create-network-acl ....................................................................................................................... 103
ec2-create-network-acl-entry .............................................................................................................. 106
ec2-create-network-interface .............................................................................................................. 111
ec2-create-placement-group ............................................................................................................... 116
ec2-create-route ................................................................................................................................. 119
ec2-create-route-table ........................................................................................................................ 123
ec2-create-snapshot ........................................................................................................................... 126
ec2-create-spot-datafeed-subscription ............................................................................................... 130
ec2-create-subnet ............................................................................................................................... 133
ec2-create-tags ................................................................................................................................... 137
ec2-create-volume .............................................................................................................................. 141
ec2-create-vpc .................................................................................................................................... 145
ec2-create-vpn-connection ................................................................................................................. 149
ec2-create-vpn-gateway ..................................................................................................................... 154
ec2-delete-customer-gateway ............................................................................................................. 158
ec2-delete-dhcp-options ..................................................................................................................... 161
ec2-delete-disk-image ........................................................................................................................ 164
ec2-delete-group ................................................................................................................................. 168
ec2-delete-internet-gateway ............................................................................................................... 172
ec2-delete-keypair .............................................................................................................................. 175
ec2-delete-network-acl ....................................................................................................................... 178
ec2-delete-network-acl-entry .............................................................................................................. 181
ec2-delete-network-interface .............................................................................................................. 185
ec2-delete-placement-group ............................................................................................................... 188
ec2-delete-route .................................................................................................................................. 191
ec2-delete-route-table ......................................................................................................................... 194
ec2-delete-snapshot ........................................................................................................................... 197
ec2-delete-spot-datafeed-subscription ............................................................................................... 200
ec2-delete-subnet ............................................................................................................................... 203
ec2-delete-tags ................................................................................................................................... 206
ec2-delete-volume .............................................................................................................................. 210

API Version 2012-06-15

3
Amazon Elastic Compute Cloud CLI Reference

ec2-delete-vpc .................................................................................................................................... 213

ec2-delete-vpn-connection ................................................................................................................. 216
ec2-delete-vpn-gateway ...................................................................................................................... 219
ec2-deregister ..................................................................................................................................... 222
ec2-describe-addresses ..................................................................................................................... 225
ec2-describe-availability-zones ........................................................................................................... 231
ec2-describe-bundle-tasks .................................................................................................................. 235
ec2-describe-conversion-tasks ........................................................................................................... 240
ec2-describe-customer-gateways ....................................................................................................... 243
ec2-describe-dhcp-options ................................................................................................................. 248
ec2-describe-export-tasks .................................................................................................................. 253
ec2-describe-group ............................................................................................................................. 256
ec2-describe-image-attribute .............................................................................................................. 262
ec2-describe-images .......................................................................................................................... 266
ec2-describe-instance-attribute .......................................................................................................... 274
ec2-describe-instance-status .............................................................................................................. 279
ec2-describe-instances ....................................................................................................................... 285
ec2-describe-internet-gateways .......................................................................................................... 299
ec2-describe-keypairs ......................................................................................................................... 304
ec2-describe-network-acls .................................................................................................................. 308
ec2-describe-network-interface-attribute ............................................................................................ 314
ec2-describe-network-interfaces ......................................................................................................... 318
ec2-describe-placement-groups ......................................................................................................... 325
ec2-describe-regions .......................................................................................................................... 329
ec2-describe-reserved-instances ....................................................................................................... 333
ec2-describe-reserved-instances-offerings ......................................................................................... 339
ec2-describe-route-tables ................................................................................................................... 345
ec2-describe-snapshot-attribute ......................................................................................................... 351
ec2-describe-snapshots ..................................................................................................................... 354
ec2-describe-spot-datafeed-subscription ............................................................................................ 360
ec2-describe-spot-instance-requests ................................................................................................. 363
ec2-describe-spot-price-history .......................................................................................................... 371
ec2-describe-subnets ......................................................................................................................... 376
ec2-describe-tags ............................................................................................................................... 381
ec2-describe-volume-attribute ............................................................................................................ 386
ec2-describe-volume-status ................................................................................................................ 390
ec2-describe-volumes ......................................................................................................................... 396
ec2-describe-vpcs .............................................................................................................................. 402
ec2-describe-vpn-connections ............................................................................................................ 407
ec2-describe-vpn-gateways ................................................................................................................ 413
ec2-detach-internet-gateway .............................................................................................................. 418
ec2-detach-network-interface ............................................................................................................. 421
ec2-detach-volume ............................................................................................................................. 424
ec2-detach-vpn-gateway ..................................................................................................................... 428
ec2-disassociate-address ................................................................................................................... 431
ec2-disassociate-route-table ............................................................................................................... 435
ec2-enable-volume-io ......................................................................................................................... 438
ec2-fingerprint-key .............................................................................................................................. 441
ec2-get-console-output ....................................................................................................................... 444
ec2-get-password ............................................................................................................................... 448
ec2-import-instance ............................................................................................................................ 451
ec2-import-keypair .............................................................................................................................. 458
ec2-import-volume .............................................................................................................................. 462
ec2-migrate-image .............................................................................................................................. 468
ec2-modify-image-attribute ................................................................................................................. 473
ec2-modify-instance-attribute ............................................................................................................. 478
ec2-modify-network-interface-attribute ............................................................................................... 483
ec2-modify-snapshot-attribute ............................................................................................................ 487

API Version 2012-06-15

4
Amazon Elastic Compute Cloud CLI Reference

ec2-modify-volume-attribute ............................................................................................................... 491

ec2-monitor-instances ........................................................................................................................ 494
ec2-purchase-reserved-instances-offering ......................................................................................... 497
ec2-reboot-instances .......................................................................................................................... 501
ec2-register ......................................................................................................................................... 504
ec2-release-address ........................................................................................................................... 510
ec2-replace-network-acl-association .................................................................................................. 514
ec2-replace-network-acl-entry ............................................................................................................ 517
ec2-replace-route ................................................................................................................................ 521
ec2-replace-route-table-association ................................................................................................... 525
ec2-report-instance-status .................................................................................................................. 529
ec2-request-spot-instances ................................................................................................................ 533
ec2-reset-image-attribute .................................................................................................................... 542
ec2-reset-instance-attribute ................................................................................................................ 545
ec2-reset-network-interface-attribute .................................................................................................. 549
ec2-reset-snapshot-attribute ............................................................................................................... 553
ec2-resume-import ............................................................................................................................. 557
ec2-revoke .......................................................................................................................................... 562
ec2-run-instances ............................................................................................................................... 568
ec2-start-instances ............................................................................................................................. 579
ec2-stop-instances .............................................................................................................................. 583
ec2-terminate-instances ..................................................................................................................... 587
ec2-unassign-private-ip-addresses ..................................................................................................... 591
ec2-unmonitor-instances .................................................................................................................... 594
ec2-upload-disk-image ....................................................................................................................... 597
AMI Tools Reference ........................................................................................................................... 601
Common Options for AMI Tools .......................................................................................................... 601
ec2-bundle-image ............................................................................................................................... 602
ec2-bundle-vol .................................................................................................................................... 605
ec2-delete-bundle ............................................................................................................................... 609
ec2-download-bundle ......................................................................................................................... 611
ec2-migrate-bundle ............................................................................................................................. 613
ec2-migrate-manifest .......................................................................................................................... 616
ec2-unbundle ...................................................................................................................................... 618
ec2-upload-bundle .............................................................................................................................. 620
Document History ............................................................................................................................... 623

API Version 2012-06-15

5
Amazon Elastic Compute Cloud CLI Reference

Welcome

This is the Amazon Elastic Compute Cloud Command Line Reference. It provides the syntax, description,
options, and usage examples for each of the Amazon EC2 API tools and AMI tools. The API tools are
commands that wrap the Amazon EC2 API actions. The AMI tools are commands you install and run on
an instance for the purposes of managing AMIs. Often, these AMI tools are installed with the AMI.

Amazon EC2 is a web service that provides resizeable computing capacity that you use to build and host
your software systems.

Note

This guide also includes the commands for Amazon Virtual Private Cloud (Amazon VPC). For
more information about the service, go to the Amazon Virtual Private Cloud User Guide.

Amazon EC2 API Tools Download the Amazon EC2 API tools.

Amazon EC2 AMI Tools Download the Amazon EC2 AMI tools.

Getting Started with the CLI Instructions for installing the Amazon EC2 API tools.

Commands for AMI Tools (p. 601) Alphabetical list of all Amazon EC2 AMI tools commands.

Commands for API Tools (p. 7) Alphabetical list of all Amazon EC2 API tools commands.

Common Options for AMI Tools (p. 601) Options that all AMI tools commands can use.

Common Options for API Tools (p. 5) Options that all API tools commands can use.

Regions and Endpoints Itemized regions and endpoints for all AWS products.

API Version 2012-06-15

1
Amazon Elastic Compute Cloud CLI Reference

API Tools Reference

Topics
• Common Options for API Tools (p. 5)
• List of API Tools by Function (p. 7)
• ec2-allocate-address (p. 13)
• ec2-assign-private-ip-addresses (p. 17)
• ec2-associate-address (p. 21)
• ec2-associate-dhcp-options (p. 26)
• ec2-associate-route-table (p. 30)
• ec2-attach-internet-gateway (p. 34)
• ec2-attach-network-interface (p. 37)
• ec2-attach-volume (p. 40)
• ec2-attach-vpn-gateway (p. 44)
• ec2-authorize (p. 48)
• ec2-bundle-instance (p. 55)
• ec2-cancel-bundle-task (p. 60)
• ec2-cancel-conversion-task (p. 63)
• ec2-cancel-export-task (p. 67)
• ec2-cancel-spot-instance-requests (p. 70)
• ec2-confirm-product-instance (p. 73)
• ec2-create-customer-gateway (p. 76)
• ec2-create-dhcp-options (p. 80)
• ec2-create-group (p. 84)
• ec2-create-image (p. 88)
• ec2-create-instance-export-task (p. 92)
• ec2-create-internet-gateway (p. 96)
• ec2-create-keypair (p. 99)
• ec2-create-network-acl (p. 103)
• ec2-create-network-acl-entry (p. 106)
• ec2-create-network-interface (p. 111)
• ec2-create-placement-group (p. 116)
• ec2-create-route (p. 119)

API Version 2012-06-15

2
Amazon Elastic Compute Cloud CLI Reference

• ec2-create-route-table (p. 123)

• ec2-create-snapshot (p. 126)
• ec2-create-spot-datafeed-subscription (p. 130)
• ec2-create-subnet (p. 133)
• ec2-create-tags (p. 137)
• ec2-create-volume (p. 141)
• ec2-create-vpc (p. 145)
• ec2-create-vpn-connection (p. 149)
• ec2-create-vpn-gateway (p. 154)
• ec2-delete-customer-gateway (p. 158)
• ec2-delete-dhcp-options (p. 161)
• ec2-delete-disk-image (p. 164)
• ec2-delete-group (p. 168)
• ec2-delete-internet-gateway (p. 172)
• ec2-delete-keypair (p. 175)
• ec2-delete-network-acl (p. 178)
• ec2-delete-network-acl-entry (p. 181)
• ec2-delete-network-interface (p. 185)
• ec2-delete-placement-group (p. 188)
• ec2-delete-route (p. 191)
• ec2-delete-route-table (p. 194)
• ec2-delete-snapshot (p. 197)
• ec2-delete-spot-datafeed-subscription (p. 200)
• ec2-delete-subnet (p. 203)
• ec2-delete-tags (p. 206)
• ec2-delete-volume (p. 210)
• ec2-delete-vpc (p. 213)
• ec2-delete-vpn-connection (p. 216)
• ec2-delete-vpn-gateway (p. 219)
• ec2-deregister (p. 222)
• ec2-describe-addresses (p. 225)
• ec2-describe-availability-zones (p. 231)
• ec2-describe-bundle-tasks (p. 235)
• ec2-describe-conversion-tasks (p. 240)
• ec2-describe-customer-gateways (p. 243)
• ec2-describe-dhcp-options (p. 248)
• ec2-describe-export-tasks (p. 253)
• ec2-describe-group (p. 256)
• ec2-describe-image-attribute (p. 262)
• ec2-describe-images (p. 266)
• ec2-describe-instance-attribute (p. 274)
• ec2-describe-instance-status (p. 279)
• ec2-describe-instances (p. 285)
• ec2-describe-internet-gateways (p. 299)
• ec2-describe-keypairs (p. 304)
• ec2-describe-network-acls (p. 308)

API Version 2012-06-15

3
Amazon Elastic Compute Cloud CLI Reference

• ec2-describe-network-interface-attribute (p. 314)

• ec2-describe-network-interfaces (p. 318)
• ec2-describe-placement-groups (p. 325)
• ec2-describe-regions (p. 329)
• ec2-describe-reserved-instances (p. 333)
• ec2-describe-reserved-instances-offerings (p. 339)
• ec2-describe-route-tables (p. 345)
• ec2-describe-snapshot-attribute (p. 351)
• ec2-describe-snapshots (p. 354)
• ec2-describe-spot-datafeed-subscription (p. 360)
• ec2-describe-spot-instance-requests (p. 363)
• ec2-describe-spot-price-history (p. 371)
• ec2-describe-subnets (p. 376)
• ec2-describe-tags (p. 381)
• ec2-describe-volume-attribute (p. 386)
• ec2-describe-volume-status (p. 390)
• ec2-describe-volumes (p. 396)
• ec2-describe-vpcs (p. 402)
• ec2-describe-vpn-connections (p. 407)
• ec2-describe-vpn-gateways (p. 413)
• ec2-detach-internet-gateway (p. 418)
• ec2-detach-network-interface (p. 421)
• ec2-detach-volume (p. 424)
• ec2-detach-vpn-gateway (p. 428)
• ec2-disassociate-address (p. 431)
• ec2-disassociate-route-table (p. 435)
• ec2-enable-volume-io (p. 438)
• ec2-fingerprint-key (p. 441)
• ec2-get-console-output (p. 444)
• ec2-get-password (p. 448)
• ec2-import-instance (p. 451)
• ec2-import-keypair (p. 458)
• ec2-import-volume (p. 462)
• ec2-migrate-image (p. 468)
• ec2-modify-image-attribute (p. 473)
• ec2-modify-instance-attribute (p. 478)
• ec2-modify-network-interface-attribute (p. 483)
• ec2-modify-snapshot-attribute (p. 487)
• ec2-modify-volume-attribute (p. 491)
• ec2-monitor-instances (p. 494)
• ec2-purchase-reserved-instances-offering (p. 497)
• ec2-reboot-instances (p. 501)
• ec2-register (p. 504)
• ec2-release-address (p. 510)
• ec2-replace-network-acl-association (p. 514)
• ec2-replace-network-acl-entry (p. 517)

API Version 2012-06-15

4
Amazon Elastic Compute Cloud CLI Reference
Common Options for API Tools

• ec2-replace-route (p. 521)

• ec2-replace-route-table-association (p. 525)
• ec2-report-instance-status (p. 529)
• ec2-request-spot-instances (p. 533)
• ec2-reset-image-attribute (p. 542)
• ec2-reset-instance-attribute (p. 545)
• ec2-reset-network-interface-attribute (p. 549)
• ec2-reset-snapshot-attribute (p. 553)
• ec2-resume-import (p. 557)
• ec2-revoke (p. 562)
• ec2-run-instances (p. 568)
• ec2-start-instances (p. 579)
• ec2-stop-instances (p. 583)
• ec2-terminate-instances (p. 587)
• ec2-unassign-private-ip-addresses (p. 591)
• ec2-unmonitor-instances (p. 594)
• ec2-upload-disk-image (p. 597)

Common Options for API Tools

Most API tools described in this section accept the set of optional parameters described in the following
table.

Option Description

--region REGION Overrides the Region specified in the EC2_URL environment variable and
the URL specified by the -U option.
Default: The EC2_URL environment variable, or us-east-1 if the
environment variable is not set.
Example: --region eu-west-1

-U, --url URL URL is the uniform resource locator of the Amazon EC2 web service entry
point.
Default: The EC2_URL environment variable, or
https://ec2.amazonaws.com if the environment variable is not set.
Example: -U https://ec2.amazonaws.com

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

5
Amazon Elastic Compute Cloud CLI Reference
Deprecated Options

Option Description

-W, --aws-secret-key The secret access key associated with your Amazon account.
AWS_SECRET_KEY Default: The value of the AWS_SECRET_KEY environment variable.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Deprecated Options
For a limited time period, you can still use the private key and X.509 certificate in place of your AWS
access key and secret access key. However, we recommend that you start using the secret access key
and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

-K, --private-key The private key to use when constructing requests to Amazon EC2.
EC2-PRIVATE-KEY Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem

API Version 2012-06-15

6
Amazon Elastic Compute Cloud CLI Reference
List of API Tools by Function

Option Description

-C, --cert EC2-CERT The X.509 certificate to use when constructing requests to Amazon EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem

List of API Tools by Function

Amazon DevPay

• ec2-confirm-product-instance (p. 73)

AMIs/Images

• ec2-create-image (p. 88)

• ec2-deregister (p. 222)
• ec2-describe-image-attribute (p. 262)
• ec2-describe-images (p. 266)
• ec2-migrate-image (p. 468)
• ec2-modify-image-attribute (p. 473)
• ec2-register (p. 504)
• ec2-reset-image-attribute (p. 542)

Availability Zones and Regions

• ec2-describe-availability-zones (p. 231)

• ec2-describe-regions (p. 329)

Customer Gateways (Amazon VPC)

• ec2-create-customer-gateway (p. 76)

• ec2-delete-customer-gateway (p. 158)
• ec2-describe-customer-gateways (p. 243)

DHCP Options (Amazon VPC)

• ec2-associate-dhcp-options (p. 26)

• ec2-create-dhcp-options (p. 80)
• ec2-delete-dhcp-options (p. 161)
• ec2-describe-dhcp-options (p. 248)

Amazon Elastic Block Store

• ec2-attach-volume (p. 40)

API Version 2012-06-15

7
Amazon Elastic Compute Cloud CLI Reference
List of API Tools by Function

• ec2-create-snapshot (p. 126)

• ec2-create-volume (p. 141)
• ec2-delete-disk-image (p. 164)
• ec2-delete-snapshot (p. 197)
• ec2-delete-volume (p. 210)
• ec2-describe-snapshot-attribute (p. 351)
• ec2-describe-snapshots (p. 354)
• ec2-describe-volumes (p. 396)
• ec2-detach-volume (p. 424)
• ec2-import-volume (p. 462)
• ec2-modify-snapshot-attribute (p. 487)
• ec2-reset-snapshot-attribute (p. 553)

Elastic IP Addresses

• ec2-allocate-address (p. 13)

• ec2-associate-address (p. 21)
• ec2-describe-addresses (p. 225)
• ec2-disassociate-address (p. 431)
• ec2-release-address (p. 510)

Elastic Network Interfaces

• ec2-attach-network-interface (p. 37)

• ec2-create-network-interface (p. 111)
• ec2-delete-network-interface (p. 185)
• ec2-describe-network-interfaces (p. 318)
• ec2-describe-network-interface-attribute (p. 314)
• ec2-detach-network-interface (p. 421)
• ec2-modify-network-interface-attribute (p. 483)
• ec2-reset-network-interface-attribute (p. 549)

General

• ec2-get-console-output (p. 444)

Instances

• ec2-describe-instance-attribute (p. 274)

• ec2-describe-instances (p. 285)
• ec2-import-instance (p. 451)
• ec2-modify-instance-attribute (p. 478)

API Version 2012-06-15

8
Amazon Elastic Compute Cloud CLI Reference
List of API Tools by Function

• ec2-reboot-instances (p. 501)

• ec2-reset-instance-attribute (p. 545)
• ec2-run-instances (p. 568)
• ec2-start-instances (p. 579)
• ec2-stop-instances (p. 583)
• ec2-terminate-instances (p. 587)

Internet Gateways (Amazon VPC)

• ec2-attach-internet-gateway (p. 34)

• ec2-create-internet-gateway (p. 96)
• ec2-delete-internet-gateway (p. 172)
• ec2-describe-internet-gateways (p. 299)
• ec2-detach-internet-gateway (p. 418)

Key Pairs

• ec2-create-keypair (p. 99)

• ec2-delete-keypair (p. 175)
• ec2-describe-keypairs (p. 304)
• ec2-fingerprint-key (p. 441)
• ec2-import-keypair (p. 458)

Monitoring

• ec2-monitor-instances (p. 494)

• ec2-unmonitor-instances (p. 594)

Network ACLs (Amazon VPC)

• ec2-create-network-acl (p. 103)

• ec2-create-network-acl-entry (p. 106)
• ec2-delete-network-acl (p. 178)
• ec2-delete-network-acl-entry (p. 181)
• ec2-describe-network-acls (p. 308)
• ec2-replace-network-acl-association (p. 514)
• ec2-replace-network-acl-entry (p. 517)

Placement Groups

• ec2-create-placement-group (p. 116)

• ec2-delete-placement-group (p. 188)
• ec2-describe-placement-groups (p. 325)

API Version 2012-06-15

9
Amazon Elastic Compute Cloud CLI Reference
List of API Tools by Function

Reserved Instances

• ec2-describe-reserved-instances (p. 333)

• ec2-describe-reserved-instances-offerings (p. 339)
• ec2-purchase-reserved-instances-offering (p. 497)

Route Tables (Amazon VPC)

• ec2-associate-route-table (p. 30)

• ec2-create-route (p. 119)
• ec2-create-route-table (p. 123)
• ec2-delete-route (p. 191)
• ec2-delete-route-table (p. 194)
• ec2-describe-route-tables (p. 345)
• ec2-disassociate-route-table (p. 435)
• ec2-replace-route (p. 521)
• ec2-replace-route-table-association (p. 525)

Security Groups

• ec2-authorize (p. 48)

• ec2-create-group (p. 84)
• ec2-delete-group (p. 168)
• ec2-describe-group (p. 256)
• ec2-revoke (p. 562)

Spot Instances

• ec2-cancel-spot-instance-requests (p. 70)

• ec2-create-spot-datafeed-subscription (p. 130)
• ec2-delete-spot-datafeed-subscription (p. 200)
• ec2-describe-spot-datafeed-subscription (p. 360)
• ec2-describe-spot-instance-requests (p. 363)
• ec2-describe-spot-price-history (p. 371)
• ec2-request-spot-instances (p. 533)

Subnets (Amazon VPC)

• ec2-create-subnet (p. 133)

• ec2-delete-subnet (p. 203)
• ec2-describe-subnets (p. 376)

API Version 2012-06-15

10
Amazon Elastic Compute Cloud CLI Reference
List of API Tools by Function

• ec2-create-tags (p. 137)

• ec2-delete-tags (p. 206)
• ec2-describe-tags (p. 381)

VM Import

• ec2-cancel-conversion-task (p. 63)

• ec2-delete-disk-image (p. 164)
• ec2-describe-conversion-tasks (p. 240)
• ec2-import-instance (p. 451)
• ec2-import-volume (p. 462)
• ec2-resume-import (p. 557)

VM Export

• ec2-cancel-export-task (p. 67)

• ec2-create-instance-export-task (p. 92)
• ec2-describe-export-tasks (p. 253)

VPCs (Amazon VPC)

• ec2-create-vpc (p. 145)

• ec2-delete-vpc (p. 213)
• ec2-describe-vpcs (p. 402)

VPN Connections (Amazon VPC)

• ec2-create-vpn-connection (p. 149)

• ec2-delete-vpn-connection (p. 216)
• ec2-describe-vpn-connections (p. 407)

Virtual Private Gateways (Amazon VPC)

• ec2-attach-vpn-gateway (p. 44)

• ec2-create-vpn-gateway (p. 154)
• ec2-delete-vpn-gateway (p. 219)
• ec2-describe-vpn-gateways (p. 413)
• ec2-detach-vpn-gateway (p. 428)

Windows

• ec2-bundle-instance (p. 55)

• ec2-cancel-bundle-task (p. 60)

API Version 2012-06-15

11
Amazon Elastic Compute Cloud CLI Reference
List of API Tools by Function

• ec2-describe-bundle-tasks (p. 235)

• ec2-get-password (p. 448)

API Version 2012-06-15

12
Amazon Elastic Compute Cloud CLI Reference
ec2-allocate-address

ec2-allocate-address
Description
For EC2 Elastic IP addresses: Acquires an Elastic IP address for use with your AWS account. For more
information about EC2 Elastic IP addresses, see Instance Addressing in the Amazon Elastic Compute
Cloud User Guide.

For VPC addresses: Acquires an Elastic IP address for use with your VPC. For information about VPC
addresses and how they differ from EC2 addresses, see Elastic IP Addresses in the Amazon Virtual
Private Cloud User Guide.

The short version of this command is ec2allocaddr.

Syntax
ec2-allocate-address [-d domain]

Options
Name Description Required

-d, --domain domain Set to vpc to allocate the address for use with VPC Conditional
instances.
Type: String
Default: Address is standard (allocated to EC2).
Valid values: vpc
Condition: Required when allocating an address for
use with VPC instances.
Example: -d vpc

Common Options
Option Description

API Version 2012-06-15

13
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

14
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The ADDRESS identifier

• The Elastic IP address for use with your account
• The address's domain (standard or vpc)
• The allocation ID (an ID that AWS assigns to represent the allocation of the address for use with Amazon
VPC; returned only for VPC Elastic IP addresses)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example returns an EC2 Elastic IP address for use with the account.

PROMPT> ec2-allocate-address
ADDRESS 192.0.2.1

Example Request
This example returns a VPC Elastic IP address for use with your VPC.

PROMPT> ec2-allocate-address -d vpc

ADDRESS 198.51.100.1 vpc eipalloc-5723d13e

Related Topics
Download
• Getting Started with the Command Line Tools

API Version 2012-06-15

15
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Action
• AllocateAddress

Related Commands
• ec2-associate-address (p. 21)
• ec2-describe-addresses (p. 225)
• ec2-disassociate-address (p. 431)
• ec2-release-address (p. 510)

API Version 2012-06-15

16
Amazon Elastic Compute Cloud CLI Reference
ec2-assign-private-ip-addresses

ec2-assign-private-ip-addresses
Description
Assigns one or more secondary private IP addresses to a network interface in Amazon VPC. You can
specify one or more specific secondary IP addresses that you want to assign, or you can specify a number
of secondary IP addresses to be automatically assigned within the subnet’s CIDR block range. The
number of secondary IP addresses that you can assign to an instance varies by instance type. For
information on Amazon EC2 instance types, see Available Instance Types in the Amazon Elastic Compute
Cloud User Guide. For more information about Elastic IP addresses for Amazon VPC, see Elastic IP
Addresses in the Amazon Virtual Private Cloud User Guide.

This command is only available in Amazon VPC.

The short version of this command is ec2apip.

Syntax
ec2-assign-private-ip-addresses --network-interface NetworkInterface
{[--secondary-private-ip-address-count COUNT] | [--secondary-private-ip-address
IP Address]}

Options
Name Description Required

-n, The network interface to associate with the IP address. Yes

--network-interface Type: String
interface_Id Default: None
Example: -n eni-bc7299d4

-secondary-private-ip-address Assigns the specified IP address as a secondary Conditional

IP_ADDRESS private IP address to the network interface. This option
can be used multiple times to assign multiple
secondary IP addresses.
You can do one of the following:

• Use the -–secondary-private–ip-address

option without a value, and AWS will automatically
assign a secondary private IP address within the
subnet range.
• Use the--secondary-private-ip-address
option, and provide a specific IP address that you
want to assign.

You cannot specify this parameter when also

specifying
--secondary-private-ip-address-count
Type: String
Default: None
Example: --secondary-private-ip-address 10.0.2.18
--secondary-private-ip-address 10.0.2.28

API Version 2012-06-15

17
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-secondary-private-ip-address-count The number of secondary IP addresses to assign to Conditional

COUNT the network interface. You cannot specify this
parameter when also specifying
--secondary-private-ip-address.
Type: Integer
Default: None
Example: --secondary-private-ip-address-count 2

--allow-reassignment Specifies whether to allow an IP address that is No

already assigned to another network interface to be
reassigned to the specified network interface.
Type: Boolean
Default: False

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

18
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
The command returns true if the operation succeeds or an error if the operation does not succeed.

Amazon EC2 command line tools display errors on stderr.

API Version 2012-06-15

19
Amazon Elastic Compute Cloud CLI Reference
Examples

Examples
Example Request
This example assigns two secondary private IP addresses (10.0.0.118 and 10.0.0.119) to the network
interface eni-c08a35a9.

PROMPT> ec2-assign-private-ip-addresses --network-interface eni-c08a35a9

--secondary-private-ip-address 10.0.0.118 --secondary-private-ip-address
10.0.0.119
RETURN true

Example Request
This example assigns two secondary private IP addresses to the network interface eni-c08a35a9. The
IP addresses are automatically assigned from the available IP addresses within the subnet’s CIDR block
range.

PROMPT> ec2-assign-private-ip-addresses --network-interface eni-c08a35a9

--secondary-private-ip-address-count 2
RETURN true

Example Request
This example assigns a secondary private IP address of 10.0.0.82 to the network interface eni-73e05a1.

PROMPT> ec2-assign-private-ip-addresses --network-interface eni-73e05a1

--secondary-private-ip-address 10.0.0.82
RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• UnAssignPrivateIpAddresses

API Version 2012-06-15

20
Amazon Elastic Compute Cloud CLI Reference
ec2-associate-address

ec2-associate-address
Description
This action applies to both Amazon EC2 Elastic IP addresses and Amazon VPC Elastic IP addresses.

For Amazon EC2 addresses: Associates an Elastic IP address with an instance in your AWS account. If
the IP address is currently assigned to another instance, the IP address is assigned to the new instance.
For more information about EC2 Elastic IP addresses, see Instance Addressing in the Amazon Elastic
Compute Cloud User Guide.

For Amazon VPC addresses: This action associates a VPC Elastic IP address with a primary or secondary
private IP address of an instance or a network interface in your VPC. If the Elastic IP address is currently
assigned to another instance or a network interface, Amazon EC2 returns an error unless you specify
the -–allow-reassociation option.

If you do not specify a private IP address, the Elastic IP address is associated with the primary IP address.

For information about VPC addresses and how they differ from EC2 addresses, see Elastic IP Addresses
in the Amazon Virtual Private Cloud User Guide.

This is an idempotent operation. If you enter it more than once, Amazon EC2 does not return an error.

The short version of this command is ec2assocaddr.

Syntax
ec2-associate-address [-i instance_id | -n network interface] [ip_address | -a
allocation_id] [--private-ip-address] [--allow-reassociation]

Options
Name Description Required

-i, --instance The instance to associate with the IP address. Conditional

instance_id Type: String
Default: None
Condition: Required for Amazon EC2 instances. For
Amazon VPC, you can specify either an instance ID
or a network interface, but not both.
Example: -i i-43a4412a

ip_address EC2 Elastic IP address to assign to the instance. Conditional

Type: String
Default: None
Condition: Required for EC2 Elastic IP addresses.
Example: 192.0.2.1

API Version 2012-06-15

21
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-a, --allocation-id The allocation ID that AWS returned when you Conditional
allocation_id allocated the Elastic IP address to your VPC.
Type: String
Default: None
Condition: Required for VPC Elastic IP addresses.
Example: -a eipalloc-5723d13e

-n, The interface to associate with the IP address. This Conditional

--network-interface is only available in Amazon VPC.
interface_id Type: String
Default: None
Condition: You must specify either an instance ID or
a network interface, but not both.
Example: -n eni-bc7299d4

-p, The primary or secondary private IP address to Optional

--private-ip-address associate with the Elastic IP address. If no private IP
private_IP_address address is specified, the Elastic IP address is
associated with the primary private IP address. This
is only available in Amazon VPC.
Type: String
Default: None
Example: p 10.0.0.45

--allow-reassociation Specify this option to allow an Elastic IP address that Optional

is already associated with another network interface
or instance to be re-associated with the specified
instance or interface. If the Elastic IP address is
associated, and this option is not specified, the
operation will fail. This is only available in Amazon
VPC.
Type: Boolean
Default: False if not specified
Example: --allow-reassociation

Common Options
Option Description

API Version 2012-06-15

22
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

23
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The ADDRESS identifier

• The Elastic IP address to assign to the instance
• The instance to which the IP address is assigned or network interface (in Amazon VPC)
• Association ID (returned only for Amazon VPC addresses)
• If specified, private IP address associated with the Elastic IP address (returned only for Amazon VPC
addresses)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example associates an EC2 Elastic IP address with an instance.

PROMPT> ec2-associate-address 203.0.113.0 -i i-43a4412a

ADDRESS 203.0.113.0 i-43a4412a

Example Request
This example associates a VPC Elastic IP address with an instance running in your VPC.

PROMPT> ec2-associate-address -a eipalloc-5723d13e -i i-4fd2431a

ADDRESS i-43a4412a eipalloc-5723d13e eipassoc-fc5ca095

Example Request
This example associates a VPC Elastic IP address with a network interface in your VPC.

API Version 2012-06-15

24
Amazon Elastic Compute Cloud CLI Reference
Related Topics

PROMPT> ec2-associate-address -a eipalloc-4a4c6c23 -n eni-1001fa78

ADDRESS i-1ae1ae78 eipalloc-4a4c6c23 eipassoc-1841907a

Example Request
This example associates an Elastic IP address with a private IP address on the specified instance in a
VPC. The allow-reassociation option allows the Elastic IP address to be associated with the specified
instance, even if it is currently associated with another instance or network interface.

PROMPT> ec2-associate-address -a eipalloc-bf66dcd6 -i i-ba6a0dee -p 10.0.0.85

--allow-reassociation

ADDRESS i-ba6a0dee eipalloc-bf66dcd6 eipassoc-9c66dcf5

10.0.0.85

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• AssociateAddress

Related Commands
• ec2-allocate-address (p. 13)
• ec2-describe-addresses (p. 225)
• ec2-disassociate-address (p. 431)
• ec2-release-address (p. 510)

API Version 2012-06-15

25
Amazon Elastic Compute Cloud CLI Reference
ec2-associate-dhcp-options

ec2-associate-dhcp-options
Description
Associates a set of DHCP options (that you've previously created) with the specified VPC. Or, associates
no DHCP options with the VPC.

After you associate the options with the VPC, any existing instances and all new instances that you launch
in that VPC use the options. You don't need to restart or relaunch the instances. They automatically pick
up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. If
you want, you can explicitly renew the lease using the operating system on the instance.

For more information about the supported DHCP options and using them with Amazon VPC, see Using
DHCP Options in Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2assocdopt.

Syntax
ec2-associate-dhcp-options { dhcp_options_id | default } -c vpc_id

Options
Name Description Required

dhcp_options_id The ID of the DHCP options to associate with Yes

the VPC, or "default" if you don't want the VPC
to use DHCP options.
Type: String
Default: None
Example: dopt-7a8b9c2d

-c vpc_id The ID of the VPC to associate the DHCP Yes

options with.
Type: String
Default: None
Example: -c vpc-1a2b3c4d

Common Options
Option Description

API Version 2012-06-15

26
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

27
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The DHCPOPTIONS identifier

• The DHCP options ID (or "default" if no DHCP options are associated with the VPC)
• The VPC ID

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example associates the DHCP options with ID dopt-7a8b9c2d with the VPC with ID vpc-1a2b3c4d.

PROMPT> ec2-associate-dhcp-options dopt-7a8b9c2d -c vpc-1a2b3c4d

DHCPOPTIONS dopt-7a8b9c2d vpc-1a2b3c4d

Example Request
This example changes the VPC with ID vpc-1a2b3c4d to use no DHCP options.

PROMPT> ec2-associate-dhcp-options default -c vpc-1a2b3c4d

DHCPOPTIONS default vpc-1a2b3c4d

Related Topics
Download
• Getting Started with the Command Line Tools

API Version 2012-06-15

28
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Action
• AssociateDhcpOptions

Related Commands
• ec2-create-dhcp-options (p. 80)
• ec2-delete-dhcp-options (p. 161)
• ec2-describe-dhcp-options (p. 248)

API Version 2012-06-15

29
Amazon Elastic Compute Cloud CLI Reference
ec2-associate-route-table

ec2-associate-route-table
Description
Associates a subnet with a route table. The subnet and route table must be in the same VPC. This
association causes traffic originating from the subnet to be routed according to the routes in the route
table. The action returns an association ID, which you need to disassociate the route table from the subnet
later. A route table can be associated with multiple subnets.

For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User
Guide.

The short version of this command is ec2assocrtb.

Syntax
ec2-associate-route-table route_table_id -s subnet_id

Options
Name Description Required

route_table_id The ID of the route table. Yes

Type: String
Default: None
Example: rtb-6aa34603

-s subnet_id The ID of the subnet. Yes

Type: String
Default: None
Example: -s subnet-92a045fb

Common Options
Option Description

API Version 2012-06-15

30
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

31
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The ASSOCIATION identifier

• The route table association ID (needed to disassociate the route table)
• The route table ID

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example associates the route-table (with ID rtb-6aa34603) with the subnet with ID subnet-92a045fb.

PROMPT> ec2-associate-route-table rtb-6aa34603 -s subnet-92a045fb

ASSOCIATION rtbassoc-61a34608 rtb-6aa34603 subnet-92a045fb

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• AssociateRouteTable

Related Commands
• ec2-create-route-table (p. 123)
• ec2-delete-route-table (p. 194)
• ec2-describe-route-tables (p. 345)
• ec2-disassociate-route-table (p. 435)

API Version 2012-06-15

32
Amazon Elastic Compute Cloud CLI Reference
Related Topics

• ec2-replace-route-table-association (p. 525)

API Version 2012-06-15

33
Amazon Elastic Compute Cloud CLI Reference
ec2-attach-internet-gateway

ec2-attach-internet-gateway
Description
Attaches an Internet gateway to a VPC, enabling connectivity between the Internet and the VPC. For
more information about your VPC and Internet gateway, see the Amazon Virtual Private Cloud User
Guide.

Note

For VPCs that existed before the 2011-01-01 API version: Before you can attach an Internet
gateway, you must delete the legacy security group. For more information, see "Deleting the
Legacy Security Group" in the Security Groups section of the Amazon Virtual Private Cloud User
Guide.

The short version of this command is ec2attigw.

Syntax
ec2-attach-internet-gateway internet_gateway_id -c vpc_id

Options
Name Description Required

internet_gateway_id The ID of the Internet gateway to attach. Yes

Type: String
Default: None
Example: igw-c3a643aa

-c, --vpc vpc_id The ID of the VPC. Yes

Type: String
Default: None
Example: -c vpc-d9a045b0

Common Options
Option Description

API Version 2012-06-15

34
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

35
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The ATTACHMENT identifier

• The VPC ID
• The attachment state (attaching, attached, detached, detaching, error)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example attaches the Internet gateway with ID igw-eaad4883 to the VPC with ID vpc-11ad4878.

PROMPT> ec2-attach-internet-gateway igw-eaad4883 -c vpc-11ad4878

ATTACHMENT vpc-11ad4878 attaching

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• AttachInternetGateway

Related Commands
• ec2-create-internet-gateway (p. 96)
• ec2-delete-internet-gateway (p. 172)
• ec2-describe-internet-gateways (p. 299)
• ec2-detach-internet-gateway (p. 418)

API Version 2012-06-15

36
Amazon Elastic Compute Cloud CLI Reference
ec2-attach-network-interface

ec2-attach-network-interface
Description
Attaches a network interface to an instance.

The short version of this command is ec2attnic.

Syntax
ec2-attach-network-interface NETWORKINTERFACE -i, --instance INSTANCE -d,
--device-index DEVICEINDEX

Options
Name Description Required

-i, --instance The ID of the instance to attach to the network Yes

INSTANCE interface.
Type: String
Default: None
Example: -i i-640a3c17

-d, --device-index The index of the device for the network interface Yes
DEVICEINDEX attachment on the instance.
Type: String
Default: None
Example: -d 1 eni-b35da6da

Common Options
Option Description

API Version 2012-06-15

37
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

38
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns the ID of the network interface that was attached.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example attaches the specified network interface to the specified instance.

PROMPT> ec2-attach-network-interface eni-b35da6da -i i-640a3c17 -d 1

eni-attach-dd3fdab4

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• AttachNetworkInterface

Related Commands
• ec2-create-network-interface (p. 111)
• ec2-delete-network-interface (p. 185)
• ec2-describe-network-interface-attribute (p. 314)
• ec2-describe-network-interfaces (p. 318)
• ec2-detach-network-interface (p. 421)
• ec2-modify-network-interface-attribute (p. 483)
• ec2-reset-network-interface-attribute (p. 549)

API Version 2012-06-15

39
Amazon Elastic Compute Cloud CLI Reference
ec2-attach-volume

ec2-attach-volume
Description
Attaches an Amazon EBS volume to a running instance and exposes it as the specified device.

For a list of supported device names, see Attaching the Volume to an Instance. Any devices that aren't
reserved for instance store volumes can be attached to an Amazon EBS volume. For more information,
see Amazon EC2 Instance Store.

Note

If a volume has an AWS Marketplace product code:

• The volume can only be attached to the root device of a stopped instance.
• You must be subscribed to the AWS Marketplace code that is on the volume.
• The configuration (instance type, operating system) of the instance must support that specific
AWS Marketplace code. For example, you cannot take a volume from a Windows instance
and attach it to a Linux instance.
• AWS Marketplace product codes are copied from the volume to the instance.

For an overview of the AWS Marketplace, go to https://aws.amazon.com/marketplace/help/200900000.

For details on how to use the AWS Marketplace, see AWS Marketplace.

The short version of this command is ec2attvol.

Syntax
ec2-attach-volume volume_id --instance instance_id --device device

Options
Name Description Required

volume_id The ID of the Amazon EBS volume. The volume and Yes
instance must be within the same Availability Zone
and the instance must be running.
Type: String
Default: None
Example: vol-4d826724

-i, --instance The ID of the instance to attach the volume to. The Yes
instance_id volume and instance must be within the same
Availability Zone and the instance must be running.
Type: String
Default: None
Example: -i i-6058a509

API Version 2012-06-15

40
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-d, --device device Specifies the device name to expose to the instance. Yes
Type: String
Default: None
Example: -d /dev/sdf (for Linux/UNIX) or -d xvdf (for
Windows)

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

API Version 2012-06-15

41
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The ATTACHMENT identifier

• The volume ID
• The instance ID
• The device name within Amazon EC2
• The attachment state (attaching, attached, detached, detaching, error)
• The time when the attachment was initiated

API Version 2012-06-15

42
Amazon Elastic Compute Cloud CLI Reference
Examples

Amazon EC2 command line tools display errors using stderr.

Examples
Example Request
This example attaches volume vol-4d826724 to instance i-6058a509 and exposes it as /dev/sdh.
For information on standard storage locations, see the Amazon Elastic Compute Cloud User Guide.

PROMPT> ec2-attach-volume vol-4d826724 -i i-6058a509 -d /dev/sdh

ATTACHMENT vol-4d826724 i-6058a509 /dev/sdh attaching 2008-02-14T00:15:00+0000

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• AttachVolume

Related Commands
• ec2-create-volume (p. 141)
• ec2-delete-volume (p. 210)
• ec2-describe-volumes (p. 396)
• ec2-detach-volume (p. 424)

API Version 2012-06-15

43
Amazon Elastic Compute Cloud CLI Reference
ec2-attach-vpn-gateway

ec2-attach-vpn-gateway
Description
Attaches a virtual private gateway to a VPC. For more information, see Adding an IPsec Hardware Virtual
Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2attvgw.

Syntax
ec2-attach-vpn-gateway -p vpn_gateway_id -c vpc_id

Options
Name Description Required

vpn_gateway_id The ID of the virtual private gateway to attach Yes

to the VPC.
Type: String
Default: None
Example: vgw-8db04f81

-c, --vpc vpc_id The ID of the VPC. Yes

Type: String
Default: None
Example: -c vpc-1a2b3c4d

Common Options
Option Description

API Version 2012-06-15

44
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

45
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The VGWATTACHMENT identifier

• The ID of the attached VPC
• The state of the attachment (attaching, attached, detaching, detached)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example attaches the virtual private gateway with ID vgw-8db04f81 to the VPC with ID vpc-1a2b3c4d.

PROMPT> ec2-attach-vpn-gateway vgw-8db04f81 -c vpc-1a2b3c4d

VGWATTACHMENT vpc-1a2b3c4d attaching

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• AttachVpnGateway

Related Commands
• ec2-create-vpn-gateway (p. 154)
• ec2-describe-vpn-gateways (p. 413)
• ec2-detach-vpn-gateway (p. 428)
• ec2-create-vpc (p. 145)

API Version 2012-06-15

46
Amazon Elastic Compute Cloud CLI Reference
Related Topics

• ec2-create-vpn-connection (p. 149)

API Version 2012-06-15

47
Amazon Elastic Compute Cloud CLI Reference
ec2-authorize

ec2-authorize
Description
Adds a rule to a security group. The rule can be for ingress traffic, or for egress traffic (only if this is a
VPC security group). For information about VPC security groups and how they differ from EC2 security
groups, see Security Groups in the Amazon Virtual Private Cloud User Guide.

For EC2 security groups and ingress rules: This command either gives one or more CIDR IP address
ranges permission to access a security group in your account, or it gives one or more security groups
(called the source groups) permission to access a security group in your account. A source group can
be in your own AWS account, or another.

For VPC security groups and ingress rules: This command either gives one or more CIDR IP address
ranges permission to access a security group in your VPC, or it gives one or more other security groups
(called the source groups) permission to access a security group in your VPC. The groups must all be in
the same VPC.

For VPC security groups and egress rules: This command permits instances in a VPC security group to
send traffic to either one or more destination CIDR IP address ranges, or to one or more destination
security groups in the same VPC.

Each rule consists of the protocol (e.g., TCP), plus either a CIDR range, or a source group (for ingress
rules) or destination group (for egress rules). For TCP and UDP, you must also specify the destination
port or port ranges. You can specify -1 to mean all ports (i.e., port range 0-65535). For ICMP, you must
also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Permission changes are propagated to instances within the security group as quickly as possible. However,
a small delay might occur.

Important

For EC2 security groups: You can have up to 100 rules per group.
For VPC security groups: You can have up to 50 rules total per group (covering both ingress
and egress).

The short version of this command is ec2auth.

Syntax
ec2-authorize group [--egress] [-P protocol] (-p port_range | -t icmp_type_code)
[-u source_or_dest_group_owner ...] [-o source_or_dest_group ...] [-s
source_or_dest_cidr ...]

API Version 2012-06-15

48
Amazon Elastic Compute Cloud CLI Reference
Options

Options
Name Description Required

group For EC2 groups: The name or ID of the security group Yes
to modify.
For VPC groups: The ID of the security group to
modify.
The group must belong to your AWS account.
Type: String
Default: None
Example: websrv

--egress For VPC security groups: Designates the rule as an No

egress rule (i.e., controls traffic leaving the VPC
security group).
Default: If this option is not specified, the rule applies
to ingress traffic for the specified security group.

-P, --protocol The IP protocol name or number (go to Protocol Conditional

protocol Numbers). EC2 security groups can have rules only
for TCP, UDP, and ICMP, whereas VPC security
groups can have rules assigned to any protocol
number.
When you call ec2-describe-group, the protocol
value returned is the number. Exception: For TCP,
UDP, and ICMP, the value returned is the name (e.g.,
tcp, udp, or icmp).
Type: String
Valid values for EC2 security groups: tcp | udp | icmp
or the corresponding protocol number (6 | 17 | 1).
Default for EC2 groups: Defaults to TCP if source
CIDR is specified (or implied by default), or all three
protocols (TCP, UDP, and ICMP) if source group is
specified (to ensure backwards compatibility).
Valid values for VPC groups: tcp | udp | icmp or any
protocol number (go to Protocol Numbers). Use all
to specify all protocols.
Condition: Required for VPC security groups.
Example: -P udp

-p port_range For TCP or UDP: The range of ports to allow. Conditional

Type: String
Default: None
Valid values: A single integer or a range (min-max).
You can specify -1 to mean all ports (i.e., port range
0-65535).
Condition: Required if specifying tcp or udp (or the
equivalent number) for the protocol.
Example: -p 80-84

API Version 2012-06-15

49
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-t icmp_type_code For ICMP: The ICMP type and code. Use the format Conditional
type:code, where both are integers. You can use -1
for the type or code to mean all types or all codes.
Type: String
Default: None
Condition: Required if specifying icmp (or the
equivalent number) for the protocol.
Example: -t -1:-1

-u, The ID of the AWS account that owns the source Conditional
source_or_dest_group security group. If the group is in your own account, set
_owner this to your own AWS account ID. Cannot be used
when specifying a CIDR IP address.
Type: String
Default: None
Condition: For EC2 security groups only. Required
when adding a rule that gives access to one or more
source security groups.
Example: -u 111122223333

-o The source security group (for ingress rules), or Conditional

source_or_dest_group destination security group (for egress rules). When
adding a rule for a VPC security group, you must
specify the group's ID (e.g., sg-9d4e5f6g) instead of
its name. Cannot be used when specifying a CIDR IP
address with the -s option.
Type: String
Default: None
Condition: Required if giving access to one or more
source or destination security groups.
Example: -o headoffice

-s, --cidr The CIDR range. Cannot be used when specifying a Conditional
source_or_dest_cidr source or destination security group with the -o option.
Type: String
Default: 0.0.0.0/0
Constraints: Valid CIDR IP address range.
Condition: Required if giving access to one or more
IP address ranges.
Example: -s 205.192.8.45/24

API Version 2012-06-15

50
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

51
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The GROUP, PERMISSION identifier

• The group name for EC2 security groups; group ID for VPC security groups
• The type of rule; currently, only ALLOW rules are supported
• The protocol to allow
• The start of port range
• The end of port range
• The source (for ingress rules) or destination (for egress rules)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
EC2 security groups: This example grants TCP port 80 access from the 192.0.2.0/24 address range to
the EC2 security group called websrv.

API Version 2012-06-15

52
Amazon Elastic Compute Cloud CLI Reference
Related Topics

PROMPT> ec2-authorize websrv -P tcp -p 80 -s 192.0.2.0/24

GROUP websrv
PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 192.0.2.0/24 ingress

Example Request
EC2 security groups: This example grants TCP port 80 access from the EC2 source group called
OtherAccountGroup (in AWS account 111122223333) to your EC2 security group called websrv.

PROMPT> ec2-authorize websrv -P tcp -p 80 -u 111122223333 -o OtherAccountGroup

GROUP websrv
PERMISSION websrv ALLOWS tcp 80 80 FROM USER 111122223333 GRPNAME
OtherAccountGroup ingress

Example Request
VPC security groups: This example grants TCP port 80 access from the 192.0.2.0/24 address range to
the VPC security group with ID sg-eea7b782.

PROMPT> ec2-authorize sg-eea7b782 -P tcp -p 80 -s 192.0.2.0/24

GROUP sg-eea7b782
PERMISSION ALLOWS tcp 80 80 FROM CIDR 192.0.2.0/24 ingress

Example Request
VPC security groups: This example grants egress access from the VPC group sg-eea7b782 to the VPC
destination group sg-80aebeec on TCP destination port 1433.

PROMPT> ec2-authorize --egress sg-eea7b782 -P tcp -p 1433 -o sg-80aebeec

GROUP sg-eea7b782
PERMISSION ALLOWS tcp 1433 1433 TO USER ID sg-80aebeec egress

Related Topics
Download
• Getting Started with the Command Line Tools

Related Actions
• AuthorizeSecurityGroupEgress
• AuthorizeSecurityGroupIngress

Related Commands
• ec2-create-group (p. 84)
• ec2-delete-group (p. 168)
• ec2-describe-group (p. 256)

API Version 2012-06-15

53
Amazon Elastic Compute Cloud CLI Reference
Related Topics

• ec2-revoke (p. 562)

API Version 2012-06-15

54
Amazon Elastic Compute Cloud CLI Reference
ec2-bundle-instance

ec2-bundle-instance
Description
Bundles an Amazon instance store-backed Windows instance.

Note

During bundling, only the root store (C:\) is bundled. Data on instance store volumes is not
preserved.
This procedure is not applicable for Linux and UNIX instances or Windows instances that use
Amazon EBS volumes as their root devices.

The short version of this command is ec2bundle.

Syntax
ec2-bundle-instance instance_id -b bucket -p prefix -o access_key_id {-c policy
| -s policy_signature |-w owner_secret_access_key} [-x hours] [--location
location] [-B]

Options
Name Description Required

instance_id The ID of the instance to bundle. Yes

Type: String
Default: None
Example: i-5e73d509

-b, --bucket bucket The bucket in which to store the AMI. You can specify Yes
a bucket that you already own or a new bucket that
Amazon EC2 creates on your behalf. If you specify a
bucket that belongs to someone else, Amazon EC2
returns an error.
Type: String
Default: None
Example: -b myawsbucket

-p, --prefix prefix The prefix for the image component names being Yes
stored in Amazon S3.
Type: String
Default: None
Example: -p winami

-o, --owner-akid The Access Key ID of the owner of the Amazon S3 Yes
access_key_id bucket.
Type: String
Default: None
Example: -o AKIAIOSFODNN7EXAMPLE

API Version 2012-06-15

55
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-c, --policy policy A Base64-encoded Amazon S3 upload policy that Conditional

gives Amazon EC2 permission to upload items into
Amazon S3 on the user's behalf. If you provide this
parameter, you must also provide either a policy
signature, or your Secret Access Key, so we can
create a policy signature for you (the Secret Access
Key is not passed to EC2). If you do not provide this
parameter, the --owner-sak is required, and we
generate an upload policy and policy signature for you
automatically. For more information about upload
policies and how to sign them, see the sections about
policy construction and signatures in the Amazon
Simple Storage Service Developer Guide.
Type: String
Default: None
Example: -c upload-policy

-s, The Base-64 encoded signature for the S3 upload Conditional

--policy-signature policy. If you provide the --policy parameter but not
policy_signature --policy-signature, the --owner-sak parameter
is required, and we use it to automatically sign the
policy.
Type: String
Default: None
Example: -s upload-policy

-w, --owner-sak The AWS Secret Access Key for the owner of the Conditional
owner_secret_access_ Amazon S3 bucket specified in the -b parameter. This
key parameter is required in either of these cases:

• If you don't provide the --policy parameter

• If you provide the --policy parameter, but don't
provide the --policy-signature parameter

The command line tools client uses the Secret Access

Key to sign a policy for you, but does not send the
Secret Access Key to EC2.
Type: String
Default: None
Example: -w
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

-x, --expires hours The validity period, in hours, for a generated upload No
policy.
Type: String
Default: 24
Example:-x 8

API Version 2012-06-15

56
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

--location The location of the destination Amazon S3 bucket. No

bucket_location Type: String
Default: None
Example: --location my-bucket-location

-B, Indicates that no Amazon S3 bucket should be created No

--no-bucket-setup if one doesn't already exist, and that no attempt should
be made to fix incorrect permissions.
Type: Boolean
Default: False
Example: -B

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

57
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The BUNDLE identifier

• The ID of the bundle

API Version 2012-06-15

58
Amazon Elastic Compute Cloud CLI Reference
Examples

• The ID of the instance

• The bucket name
• The bundle prefix
• The bundle start time
• The bundle update time
• The current state, usually pending

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example bundles an instance.

PROMPT> ec2-bundle-instance i-12345678 -b myawsbucket -p winami -o AKIAIOSFOD

NN7EXAMPLE -w wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
BUNDLE bun-c1a540a8 i-12345678 myawsbucket winami 2008-09-15T17:15:20+0000
pending

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• BundleInstance

Related Commands
• ec2-cancel-bundle-task (p. 60)
• ec2-create-image (p. 88)
• ec2-describe-bundle-tasks (p. 235)

API Version 2012-06-15

59
Amazon Elastic Compute Cloud CLI Reference
ec2-cancel-bundle-task

ec2-cancel-bundle-task
Description
Cancels an Amazon EC2 bundling operation.

The short version of this command is ec2cbun.

Syntax
ec2-cancel-bundle-task bundle_id

Options
Name Description Required

bundle_id The ID of the bundle task to cancel. Yes

Type: String
Default: None
Example: bun-cla432a3

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

60
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

61
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The BUNDLE identifier

• The ID of the bundle
• The ID of the instance
• The bucket name
• The cancel status
• The prefix
• The start time
• The update time
• The status (cancelling)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example cancels the bun-cla322b9 bundle task.

PROMPT> ec2-cancel-bundle-task bun-cla322b9

BUNDLE bun-cla322b9 i-2674d22r myawsbucket winami 2008-09-15T17:15:20+0000 2008-
09-15T17:15:20+0000 cancelling

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CancelBundleTask

Related Commands
• ec2-bundle-instance (p. 55)
• ec2-describe-bundle-tasks (p. 235)

API Version 2012-06-15

62
Amazon Elastic Compute Cloud CLI Reference
ec2-cancel-conversion-task

ec2-cancel-conversion-task
Description
Cancels an active conversion task. The task can be the import of an instance or volume. The command
removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion
is complete or is in the process of transferring the final disk image, the command fails and returns an
exception.

For more information, see Using the Command Line Tools to Import Your Virtual Machine to Amazon
EC2 in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2cct.

Syntax
ec2-cancel-conversion-task task_id

Options
Name Description Required

task_id The conversion task ID of the task to cancel. Yes

Type: String
Default: None
Example: import-i-fh95npoc

Common Options
Option Description

API Version 2012-06-15

63
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

64
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns the status (success or failure) of the deletion.

Amazon EC2 command line tools display errors on stderr.

Example
Example Request
This example deletes the conversion identified by task ID import-i-fh95npoc.

PROMPT> ec2-cancel-conversion-task import-i-fh95npoc

CONVERSION-TASK import-i-fh95npoc

If the task fails, you receive the following error:

Client.DeleteConversionTask Error: Failed to delete conversion task import-i-

fh95npoc

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CancelConversionTask

Related Commands
• ec2-delete-disk-image (p. 164)
• ec2-describe-conversion-tasks (p. 240)
• ec2-import-instance (p. 451)

API Version 2012-06-15

65
Amazon Elastic Compute Cloud CLI Reference
Related Topics

• ec2-import-volume (p. 462)

• ec2-resume-import (p. 557)

API Version 2012-06-15

66
Amazon Elastic Compute Cloud CLI Reference
ec2-cancel-export-task

ec2-cancel-export-task
Description
Cancels an active export task. The command removes all artifacts of the export, including any partially
created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk
image, the command fails and returns an error.

The short version of this command is ec2cxt.

Syntax
ec2-cancel-export-task task_id

Options
Name Description Required

task_id The ID of the export task to be canceled. This is the ID Yes

returned by ec2-create-instance-export-task.
Type: String
Default: None
Example: export-i-fgelt0i7

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

67
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

68
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns the status (success or failure) of the cancellation.

Amazon EC2 command line tools display errors on stderr.

Example
Example Request
This example deletes the export identified by task ID export-i-fgelt0i7.

PROMPT> ec2-cancel-export-task export-i-fgelt0i7

EXPORT-TASK export-i-fgelt0i7

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CancelExportTask

Related Commands
• ec2-create-instance-export-task (p. 92)
• ec2-describe-export-tasks (p. 253)

API Version 2012-06-15

69
Amazon Elastic Compute Cloud CLI Reference
ec2-cancel-spot-instance-requests

ec2-cancel-spot-instance-requests
Description
Cancels one or more Spot Instance requests. Spot Instances are instances that Amazon EC2 starts on
your behalf when the maximum price that you specify exceeds the current Spot Price. Amazon EC2
periodically sets the Spot Price based on available Spot Instance capacity and current Spot Instance
requests. For more information about Spot Instances, see Spot Instances in the Amazon Elastic Compute
Cloud User Guide.

Important

Canceling a Spot Instance request does not terminate running Spot Instances associated with
the request.

The short version of this command is ec2csir.

Syntax
ec2-cancel-spot-instance-requests request_id [request_id...]

Options
Name Description Required

request_id The Spot Instance request ID. Yes

Type: String
Default: None
Example: sir-8456a32b

Common Options
Option Description

API Version 2012-06-15

70
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

71
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The SPOTINSTANCEREQUEST identifier

• The Spot Instance request ID
• The current state

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example cancels a Spot Instance request.

PROMPT> ec2-cancel-spot-instance-requests sir-98c16c03 sir-c1920c03

SPOTINSTANCEREQUEST sir-98c16c03 cancelled
SPOTINSTANCEREQUEST sir-c1920c03 cancelled

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CancelSpotInstanceRequests

Related Commands
• ec2-describe-spot-instance-requests (p. 363)
• ec2-describe-spot-price-history (p. 371)
• ec2-request-spot-instances (p. 533)

API Version 2012-06-15

72
Amazon Elastic Compute Cloud CLI Reference
ec2-confirm-product-instance

ec2-confirm-product-instance
Description
Determines whether a product code is associated with an instance. This command can only be run by
the owner of the product code. It is useful when a product code owner needs to verify whether an EC2
user’s instance is eligible for support.

The short version of this command is ec2cpi.

Syntax
ec2-confirm-product-instance product_code -i instance_id

Options
Name Description Required

product_code The product code to confirm.This must be an Amazon Yes

DevPay product code that you own.
Type: String
Default: None
Example: 774F4FF8

-i The instance to confirm. Yes

instance_id Type: String
Default: None
Example: -i i-10a64379

Common Options
Option Description

API Version 2012-06-15

73
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

74
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The product code

• The instance ID
• A Boolean value indicating whether the product code is attached to the instance
• The instance owner's account ID (if the product code is attached)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example determines whether the product code is associated with the instance.

PROMPT> ec2-confirm-product-instance 774F4FF8 -i i-10a64379

774F4FF8 i-10a64379 true 111122223333

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ConfirmProductInstance

Related Commands
• ec2-describe-instances (p. 285)
• ec2-run-instances (p. 568)

API Version 2012-06-15

75
Amazon Elastic Compute Cloud CLI Reference
ec2-create-customer-gateway

ec2-create-customer-gateway
Description
Provides information to AWS about your VPN customer gateway device. The customer gateway is the
appliance at your end of the VPN connection (compared to the virtual private gateway, which is the device
at the AWS side of the VPN connection)

You must provide the Internet-routable IP address of the customer gateway's external interface. The IP
address must be static and can't be behind a device performing network address translation (NAT).

You must also provide the device's Border Gateway Protocol (BGP) Autonomous System Number (ASN).
You can use an existing ASN assigned to your network. If you don't have an ASN already, you can use
a private ASN (in the 64512 - 65534 range).

Note

Amazon EC2 supports all 2-byte ASN numbers in the range of 1 - 65534, with the exception of
7224, which is reserved in US East, and 9059, which is reserved in EU West.

For more information about ASNs, see the Wikipedia article.

For more information about Amazon Virtual Private Cloud and VPN customer gateways, see Adding an
IPsec Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2addcgw.

Syntax
ec2-create-customer-gateway -t type -i ip_address -b bgp_asn

Options
Name Description Required

-t type The type of VPN connection this customer Yes

gateway supports.
Type: String
Default: None
Valid values: ipsec.1
Example: -t ipsec.1

-i ip_address The Internet-routable IP address for the Yes

customer gateway's outside interface. The
address must be static.
Type: String
Default: None
Example: -i 12.1.2.3

API Version 2012-06-15

76
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-b bgp_asn The customer gateway's Border Gateway Yes

Protocol (BGP) Autonomous System Number
(ASN).
Type: Integer
Default: None
Example: -b 65534

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

API Version 2012-06-15

77
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The CUSTOMERGATEWAY identifier

• The customer gateway ID, which uniquely identifies the customer gateway
• The current state of the customer gateway (pending, available, deleting, deleted)
• The type of VPN connection the customer gateway supports
• The Internet-routable IP address for the customer gateway's outside interface
• The customer gateway's BGP ASN

API Version 2012-06-15

78
Amazon Elastic Compute Cloud CLI Reference
Examples

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example passes information to AWS about the customer gateway with IP address 12.1.2.3 and ASN
65534.

PROMPT> ec2-create-customer-gateway -t ipsec.1 -i 12.1.2.3 -b 65534

CUSTOMERGATEWAY cgw-b4dc3961 pending ipsec.1 12.1.2.3 65534

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateCustomerGateway

Related Commands
• ec2-delete-customer-gateway (p. 158)
• ec2-describe-customer-gateways (p. 243)

API Version 2012-06-15

79
Amazon Elastic Compute Cloud CLI Reference
ec2-create-dhcp-options

ec2-create-dhcp-options
Description
Creates a set of DHCP options for your VPC. After creating the new set, you must then associate it with
the VPC, causing all existing and new instances that you launch in the VPC to use the new set of DHCP
options. The following table lists the individual DHCP options you can specify. For more information about
the options, see RFC 2132.

DHCP Option Name Description

domain-name A domain name of your choice (e.g., example.com).

domain-name-servers The IP address of a domain name server. You can specify up to four
addresses.

ntp-servers The IP address of a Network Time Protocol (NTP) server. You can specify
up to four addresses.

netbios-name-servers The IP address of a NetBIOS name server. You can specify up to four
addresses.

netbios-node-type The NetBIOS node type (1, 2, 4, or 8). For more information about the values,
see RFC 2132. We recommend you only use 2 at this time (broadcast and
multicast are currently not supported).

Important

Your VPC automatically starts out with a set of DHCP options that includes only a DNS server
that we provide (AmazonProvidedDNS). If you create a new set of options, and if your VPC has
an Internet gateway, make sure to set the domain-name-servers option either to
AmazonProvidedDNS or to a domain name server of your choice.

For more information about Amazon Virtual Private Cloud and DHCP options, see Using DHCP Options
in Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2adddopt.

Syntax
ec2-create-dhcp-options name=value[,value...] [ name=value[,value...] ... ]

API Version 2012-06-15

80
Amazon Elastic Compute Cloud CLI Reference
Options

Options
Name Description Required

name=value,value The DHCP option (including the option's name Yes

and its value). You can specify more than one
option in the request, and more than one value
per option. If you're using the command line
tools on a Windows system, you might need
to use quotation marks (i.e.,
"name=value,value").
Type: String
Default: None
Example:
domain-name-servers=10.2.5.1,10.2.5.2

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

81
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

82
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The DHCPOPTIONS identifier

• The DHCP options ID
• The OPTION identifier
• Each option and its corresponding value in the set of options

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a new set of DHCP options with a domain name mydomain.com and two DNS
servers (10.2.5.1 and 10.2.5.2).

PROMPT> ec2-create-dhcp-options domain-name=mydomain.com domain-name-serv

ers=10.2.5.1,10.2.5.2
DHCPOPTIONS dopt-7a8b9c2d
OPTION domain-name mydomain.com
OPTION domain-name-servers 10.2.5.1,10.2.5.2

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateDhcpOptions

Related Commands
• ec2-associate-dhcp-options (p. 26)
• ec2-delete-dhcp-options (p. 161)
• ec2-describe-dhcp-options (p. 248)

API Version 2012-06-15

83
Amazon Elastic Compute Cloud CLI Reference
ec2-create-group

ec2-create-group
Description
Creates a new security group. You can create either an EC2 security group (which works only with EC2),
or a VPC security group (which works only with Amazon Virtual Private Cloud). The two types of groups
have different capabilities. For information about VPC security groups and how the two types of groups
differ, see Security Groups in the Amazon Virtual Private Cloud User Guide. For information about EC2
security groups, see Using Security Groups in the Amazon Elastic Compute Cloud User Guide.

When you create a security group, you give it a friendly name of your choice. You can have an EC2
security group with the same name as a VPC security group (each group has a unique security group ID
separate from the name). Two EC2 groups can't have the same name, and two VPC groups can't have
the same name.

If you don't specify a security group when you launch an instance, the instance is launched into the default
security group. This group (and only this group) includes a default rule that gives the instances in the
group unrestricted network access to each other. You have a default EC2 security group for instances
you launch with EC2 (i.e., outside a VPC), and a default VPC security group for instances you launch in
your VPC.

You can add or remove rules from your security groups (i.e., authorize or revoke permissions) using
ec2-authorize, and ec2-revoke commands.

For more information about EC2 security groups, see Security Groups in the Amazon Elastic Compute
Cloud User Guide.

Important

For EC2 security groups: You can have up to 500 groups.

For VPC security groups: You can have up to 50 groups per VPC.

The short version of this command is ec2addgrp.

Syntax
ec2-create-group group_name -d description [-c vpc_id]

Options
Name Description Required

group_name The name of the security group. Yes

Type: String
Default: None
Constraints: Accepts alphanumeric characters, spaces,
dashes, and underscores.
Example: websrv

API Version 2012-06-15

84
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-d, --description The description of the group. This is informational only. Yes
description Type: String
Default: None
Constraints: Accepts alphanumeric characters, spaces,
dashes, and underscores.
Example: -d "Web servers"

-c, --vpc vpc_id The ID of the VPC. Conditional

Type: String
Default: None
Condition: Required for VPC security groups
Example: -c vpc-1a2b3c4d

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

85
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The GROUP identifier

• The AWS-assigned ID for the group

API Version 2012-06-15

86
Amazon Elastic Compute Cloud CLI Reference
Examples

• The group name

• The group description

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates the websrv security group.

PROMPT> ec2-create-group websrv -d 'Web Servers'

GROUP sg-4def22a5 websrv Web Servers

Example Request
This example creates the MyVPCGroup security group in the VPC with ID vpc-3325caf2.

PROMPT> ec2-create-group MyVPCGroup -d 'Group in my VPC' -c vpc-3325caf2

GROUP sg-0a42d66a MyVPCGroup Group in my VPC

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateSecurityGroup

Related Commands
• ec2-authorize (p. 48)
• ec2-delete-group (p. 168)
• ec2-describe-group (p. 256)
• ec2-revoke (p. 562)
• ec2-run-instances (p. 568)

API Version 2012-06-15

87
Amazon Elastic Compute Cloud CLI Reference
ec2-create-image

ec2-create-image
Description
Creates an AMI that uses an Amazon EBS root device from a running or stopped instance. For more
information about Amazon EBS-backed AMIs, see Using Amazon EBS-Backed AMIs and Instances.

Note

If you customized your instance with instance store volumes or EBS volumes in addition to the
root device, the new AMI contains block device mapping information for those volumes. When
you then launch an instance from your new AMI, the instance automatically launches with the
additional volumes.

The short version of this command is ec2cim.

Syntax
ec2-create-image instance_id --name name [--description description]
[--no-reboot]

Options
Name Description Required

instance_id The ID of the instance. Yes

Type: String
Default: None
Example: i-10a64379

-n, --name name A name for the new image. Yes

Type: String
Default: None
Constraints: 3-128 alphanumeric characters,
parenthesis (()), commas (,), slashes (/), dashes (-),
or underscores(_). Allows spaces if the name is
enclosed in quotation marks.
Example: -n "Standard Web Server"

-d, --description A description for the new image. No

description Type: String
Default: None
Constraints: Up to 255 characters
Example: -d Fedora_v11

API Version 2012-06-15

88
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

--no-reboot When this option is absent, Amazon EC2 attempts to No

cleanly shut down the instance before image creation
and reboots the instance. When this option is used,
Amazon EC2 doesn't shut down the instance before
creating the image; therefore, file system integrity on
the created image can't be guaranteed.
Type: Boolean
Default: False
Example: --no-reboot

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

API Version 2012-06-15

89
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The IMAGE identifier

• The ID of the newly registered AMI

Amazon EC2 command line tools display errors on stderr.

API Version 2012-06-15

90
Amazon Elastic Compute Cloud CLI Reference
Examples

Examples
Example Request
This example creates an AMI from the i-10a64379 instance.

PROMPT> ec2-create-image i-10a64379 --name "Standard Web Server" --description

"Standard web server AMI"
IMAGE ami-4fa54026

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateImage

Related Commands
• ec2-describe-instances (p. 285)
• ec2-run-instances (p. 568)
• ec2-terminate-instances (p. 587)

API Version 2012-06-15

91
Amazon Elastic Compute Cloud CLI Reference
ec2-create-instance-export-task

ec2-create-instance-export-task
Description
Exports a running or stopped instance to an Amazon S3 bucket. For information about the supported
operating systems, image formats, and known limitations for the types of instances you can export, see
Exporting EC2 Instances in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2addixt.

Syntax
ec2-create-instance-export-task instance_id -e target_environment -f
disk_image_format [-c container_format] -b S3_bucket [-p S3_prefix] [-d
description]

Options
Name Description Required

instance_id The ID of the instance to export. Yes

-e, --target-environment The target environment. VMware supports Yes

target_environment VMware 4 and 5. Citrix target Xen 6.
Type: String
Valid values: VMware | Citrix

-f, --disk-image-format The disk image file format used to represent No

disk_image_format the exported disk.
Type: String
Valid values: VMDK| VHD
Default: –e = VMware, then –f = VMDK;
otherwise VHD

-c, --container-format The container format used to combine disk No

container_format images with metadata (such as OVF). If
absent, only the disk image will be exported.
Type: String
Valid values: OVA
Default: if –e = VMware, then -c = OVA,
otherwise empty

-b, --bucket S3_bucket The name of the destination Amazon S3 bucket Yes
where the file will be exported. The destination
bucket must grant WRITE and READ_ACL
permissions to the
[email protected] AWS account.
Type: String

API Version 2012-06-15

92
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-p, --prefix S3_prefix The prefix for the Amazon S3 key (object No
name) used for the exported file. Maximum
length is 1000 bytes of UTF-8 character
encoding. The final key is composed from this
prefix (if supplied), the export-task-id, and other
relevant parameters.
Type: String
Example: my-export-,
incoming/vm-export/

-d, --description A free-form comment that is returned verbatim No

description during subsequent calls to
ec2-describe-export-tasks. Maximum
length is 255 bytes.
Type: String

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

93
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

94
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The EXPORTTASK identifier.

• The export task ID.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a task to export an instance.

PROMPT> ec2-create-instance-export-task i-38e485d8 -e vmware -f vmdk -c ova -b

myexportbucket
EXPORTTASK export-i-fgelt0i7 active i-38e485d8 vmware vmdk
myexportbucket export-i-fgelt0i7.vmdk

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateInstanceExportTask

Related Commands
• ec2-cancel-export-task (p. 67)
• ec2-describe-export-tasks (p. 253)

API Version 2012-06-15

95
Amazon Elastic Compute Cloud CLI Reference
ec2-create-internet-gateway

ec2-create-internet-gateway
Description
Creates a new Internet gateway for use with a VPC. After creating the Internet gateway, you then attach
it to a VPC using ec2-attach-internet-gateway. For more information about your VPC and Internet
gateway, see the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2addigw.

Syntax
ec2-create-internet-gateway

Options
This command does not have any options.

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

96
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

97
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The INTERNETGATEWAY identifier

• The ID of the Internet gateway

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates an Internet gateway.

PROMPT> ec2-create-internet-gateway
INTERNETGATEWAY igw-c0a643a9

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateInternetGateway

Related Commands
• ec2-attach-internet-gateway (p. 34)
• ec2-delete-internet-gateway (p. 172)
• ec2-describe-internet-gateways (p. 299)
• ec2-detach-internet-gateway (p. 418)

API Version 2012-06-15

98
Amazon Elastic Compute Cloud CLI Reference
ec2-create-keypair

ec2-create-keypair
Description
Creates a new 2048-bit RSA key pair with the specified name. The public key is stored by Amazon EC2
and the private key is displayed on the console. The private key is returned as an unencrypted PEM
encoded PKCS#8 private key. If a key with the specified name already exists, Amazon EC2 returns an
error.

Tip

The key pair returned to you works only in the Region you're using when you create the key pair.
If you'd like to create a key pair that works in all Regions, see ec2-import-keypair (p. 458).

The short version of this command is ec2addkey.

Syntax
ec2-create-keypair key

Options
Name Description Required

key A unique name for the key pair. Yes

Type: String
Default: None
Constraints: Accepts alphanumeric characters, spaces,
dashes, and underscores.
Example: mysecretkey

Common Options
Option Description

API Version 2012-06-15

99
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

100
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The KEYPAIR identifier

• The name of the key pair
• The private key fingerprint
• The private key

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a key pair named gsg-keypair.

PROMPT> ec2-create-keypair gsg-keypair

KEYPAIR
gsg-keypair1f:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
---- BEGIN RSA PRIVATE KEY ----
MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
-----END RSA PRIVATE KEY-----

API Version 2012-06-15

101
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateKeyPair

Related Commands
• ec2-delete-keypair (p. 175)
• ec2-describe-keypairs (p. 304)
• ec2-run-instances (p. 568)

API Version 2012-06-15

102
Amazon Elastic Compute Cloud CLI Reference
ec2-create-network-acl

ec2-create-network-acl
Description
Creates a new network ACL in a VPC. Network ACLs provide an optional layer of security (on top of
security groups) for the instances in your VPC. For more information about network ACLs, see Network
ACLs in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2addnacl.

Syntax
ec2-create-network-acl vpc_id

Options
Name Description Required

vpc_id The ID of the VPC for the network ACL. Yes

Type: String
Default: None
Example: vpc-9ea045f7

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

103
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

104
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The NETWORKACL identifier

• The ACL ID
• The VPC ID the route table has been created in
• The ENTRY elements created by default

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a new network ACL in the VPC with ID vpc-11ad4878. Notice that the response
includes a default entry for egress, and another for ingress, each with a very high rule number (32767).
These are the last entries that Amazon VPC processes to decide whether traffic is allowed into our out
of an associated subnet. If the traffic doesn't match any rules with a lower rule number, then these default
entries ultimately deny the traffic. The -1 means all protocols and ports.

PROMPT> ec2-create-network-acl vpc-11ad4878

NETWORKACL acl-5fb85d36 vpc-11ad4878
ENTRY egress 32767 deny 0.0.0.0/0 all
ENTRY ingress 32767 deny 0.0.0.0/0 all

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateNetworkAcl

Related Commands
• ec2-delete-network-acl (p. 178)
• ec2-describe-network-acls (p. 308)
• ec2-replace-network-acl-association (p. 514)

API Version 2012-06-15

105
Amazon Elastic Compute Cloud CLI Reference
ec2-create-network-acl-entry

ec2-create-network-acl-entry
Description
Creates an entry (i.e., rule) in a network ACL with a rule number you specify. Each network ACL has a
set of numbered ingress rules and a separate set of numbered egress rules. When determining whether
a packet should be allowed in or out of a subnet, Amazon VPC processes the entries in the ACL according
to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set
of egress rules.

Important

We recommend that you leave room between the rule numbers (e.g., 100, 110, 120, etc.), and
not number them one right after the other (e.g., 101, 102, 103, etc.). This allows you to easily
add a new rule between existing ones without having to renumber the rules.

After you add an entry, you can't modify it; you must either replace it or create a new entry and delete
the old one.

For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User
Guide.

The short version of this command is ec2addnae.

Syntax
ec2-create-network-acl-entry acl_id -n rule_number [--egress] -P protocol -r
cidr [-p port_range] [-t icmp_type_code] { --allow | --deny }

Options
Name Description Required

acl_id The ID of the ACL for the entry. Yes

Type: String
Default: None
Example: acl-5fb85d36

-n, --rule-number The rule number to assign to the entry (e.g., 100). ACL Yes
rule_number entries are processed in ascending order by rule
number.
Type: Number
Default: None
Constraints: Positive integer from 1 to 32766
Example: -n 100

--egress Indicates that the rule be applied to traffic leaving the No

subnet.
Default: If not specified, the rule applies to ingress
traffic into the subnet.

API Version 2012-06-15

106
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-P, --protocol The IP protocol. You can specify all or -1 to mean Yes
protocol all protocols.
Type: String
Valid values: all | -1 | tcp | udp | icmp or any
protocol number (for a list, see Protocol Numbers).
Example: -P 6

-r, --cidr cidr The CIDR range to allow or deny, in CIDR notation. Yes
Type: String
Default: None
Example: -r 172.16.0.0/24

-p, --port-range For TCP or UDP: The range of ports to allow. Conditional
port_range Type: String
Default: None
Valid values: A single integer or a range (min-max).
You can specify -1 to mean all ports (i.e. port range
0-65535).
Condition: Required if specifying tcp or udp (or the
equivalent number) for the protocol.
Example: -p 80-84

-t, For ICMP: The ICMP type and code using format Conditional
--icmp-type-code type:code, where both are integers. You can use -1
icmp_type_code for the type or code to mean all types or all codes
Type: String
Default: None
Condition: Required if specifying icmp (or the
equivalent number) for the protocol.
Example: -t -1:-1

--allow Specifies that any traffic matching the rule is allowed. Conditional
Condition: You must specify either --allow or --deny,
but not both options.

--deny Specifies that any traffic matching the rule is denied. Conditional
Condition: You must specify either --allow or --deny,
but not both.

Common Options
Option Description

API Version 2012-06-15

107
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

108
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The ENTRY identifier

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates an entry with rule number 100 in the network ACL with ID acl-2cb85d45. The rule
allows ingress traffic from anywhere (0.0.0.0/0) on UDP port 53 into the subnet.

PROMPT> ec2-create-network-acl-entry acl-2cb85d45 -n 100 -r 0.0.0.0/0 -P udp -

p 53 --allow
ENTRY ingress 100 allow 0.0.0.0/0 udp 53
53

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateNetworkAclEntry

API Version 2012-06-15

109
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Commands
• ec2-delete-network-acl-entry (p. 181)
• ec2-describe-network-acls (p. 308)
• ec2-replace-network-acl-entry (p. 517)

API Version 2012-06-15

110
Amazon Elastic Compute Cloud CLI Reference
ec2-create-network-interface

ec2-create-network-interface
Description
Creates a network interface in the subnet that you specify. This command is only available in Amazon
VPC.

The short version of this command is ec2addnic.

Syntax
ec2-create-network-interface -d, --description DESCRIPTION [--private-ip-address
IP_ADDRESS] [--secondary-private-ip-address IP_ADDRESS]
[--secondary-private-ip-address-count COUNT][-g, --group GROUP] SUBNET

Options
Name Description Required

-d, --description Set the description of the network interface. No

DESCRIPTION Type: String
Default: None
Example: -d "My ENI"

--private-ip-address Specifies the primary private IP address of the network No

IP_ADDRESS interface. If an IP address is not specified, one will be
auto-assigned to the interface.
Type: String
Default: None
Example: --private-ip-address 10.0.2.17

API Version 2012-06-15

111
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

--secondary-private-ip-address Assigns the specified IP address as a secondary No

IP_ADDRESS private IP address to the network interface or instance.
This option can be used multiple times to assign
multiple secondary IP addresses.
You can do one of th following:

• Use the -–secondary-private–ip-address

option without a value and AWS will automatically
assign a secondary private IP address within the
subnet range.
• Use the --secondary-private-ip-address
option and provide a specific IP address that you
want to assign.

You cannot specify this parameter when also

specifying
--secondary-private-ip-address-count.
Type: String
Default: None
Example: --secondary-private-ip-address 10.0.2.18
–secondary-private-ip-address 10.0.2.28

--secondary-private-ip-address-count The number of secondary IP addresses to assign to No

COUNT the network interface. You cannot specify this
parameter when also specifying
--secondary-private-ip-address.
Type: Integer
Default: None
Example: --secondary-private-ip-address-count 2

-g, --group GROUP A security group to add to the network interface. You No
can use this option multiple times to add multiple
groups.
Type: String
Default: None. If no security group is specified, the
interface will become a member of the default security
group.
Example: -g sg-bba1bcd7 –g sg-6d495601

Common Options
Option Description

API Version 2012-06-15

112
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

113
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns the ENI ID for the network interface that was created, along with the subnet ID,
VPC ID, Availability Zone, private IP addresses, and security group membership.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a network interface address in the specified subnet.

PROMPT> ec2-create-network-interface -d "My ENI" -g sg-bba1bcd7 --private-ip-

address 10.0.2.17 subnet-fd04ff94
NETWORKINTERFACE eni-3b9f6552 My ENI subnet-fd04ff94 vpc-e604ff8f us-east-
1b 089818748305 false pending 02:1a:80:41:52:9c 10.0.2.17 true GROUP
sg-bba1bcd7 default

Example Request
This example creates a network interface address with a primary private IP address of 10.0.0.117, and
two secondary private IP addresses: one secondary private IP address of 10.0.0.118 and another secondary
private IP address that will be automatically assigned.

PROMPT> ec2-create-network-interface -d "My ENI" -g sg-b1b508d8 --private-ip-

address 10.0.0.117 --secondary-private-ip-address 10.0.0.118 subnet-b1b508d8
NETWORKINTERFACE eni-f907b890 My ENI subnet-b1b508d8 vpc-a2b508cb ap-
southeast-1a 013274050172 false pending 02:75:42:60:6c:05
10.0.0.117 true
GROUP sg-82b3a1ee default
PRIVATEIPADDRESS 10.0.0.117
PRIVATEIPADDRESS 10.0.0.118

API Version 2012-06-15

114
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateNetworkInterface

Related Commands
• ec2-attach-network-interface (p. 37)
• ec2-delete-network-interface (p. 185)
• ec2-describe-network-interface-attribute (p. 314)
• ec2-describe-network-interfaces (p. 318)
• ec2-detach-network-interface (p. 421)
• ec2-modify-network-interface-attribute (p. 483)
• ec2-reset-network-interface-attribute (p. 549)

API Version 2012-06-15

115
Amazon Elastic Compute Cloud CLI Reference
ec2-create-placement-group

ec2-create-placement-group
Description
Creates a placement group that you launch cluster instances into.You must give the group a name unique
within the scope of your account. For more information about placement groups and cluster instances,
see Using Cluster Instances in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2addpgrp.

Syntax
ec2-create-placement-group placement-group -s strategy

Options
Name Description Required

placement-group A name for the placement group. Yes

Type: String
Default: None
Example: XYZ-cluster

-s The placement strategy. No

strategy Type: String
Valid values: cluster
Default: cluster
Example: -s cluster

Common Options
Option Description

API Version 2012-06-15

116
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

117
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The PLACEMENTGROUP identifier

• The placement group name
• The placement group strategy

Examples
Example Request
This example creates the XYZ-cluster group.

PROMPT> ec2-create-placement-group XYZ-cluster -s cluster

PLACEMENTGROUP XYZ-cluster cluster

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreatePlacementGroup

Related Commands
• ec2-delete-placement-group (p. 188)
• ec2-describe-placement-groups (p. 325)

API Version 2012-06-15

118
Amazon Elastic Compute Cloud CLI Reference
ec2-create-route

ec2-create-route
Description
Creates a new route in a route table within a VPC. The route's target can be either a gateway attached
to the VPC or a NAT instance in the VPC.

When determining how to route traffic, we use the route with the most specific match. For example, let's
say the traffic is destined for 192.0.2.3, and the route table includes the following two routes:

• 192.0.2.0/24 (goes to some target A)

• 192.0.2.0/28 (goes to some target B)

Both routes apply to the traffic destined for 192.0.2.3. However, the second route in the list covers a
smaller number of IP addresses and is therefore more specific, so we use that route to determine where
to target the traffic.

For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User
Guide.

The short version of this command is ec2addrt.

Syntax
ec2-create-route route_table_id -r cidr {-g gateway_id | -i instance_id | -n,
--network-interface NETWORKINTERFACE}

Options
Name Description Required

route_table_id The ID of the route table for the route. Yes

Type: String
Default: None
Example: rtb-5da34634

-r, --cidr The CIDR address block used for the Yes
cidr destination match. Routing decisions are based
on the most specific match.
Type: String
Default: None
Example: -r 0.0.0.0/0

-g, --gateway gateway_id The ID of a gateway in your VPC. Conditional

Type: String
Default: None
Condition: You must provide one of the
following: a gateway ID, instance ID, or a
network interface ID.
Example: -g igw-68a34601

API Version 2012-06-15

119
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-i, --instance The ID of a NAT instance in your VPC. Conditional

instance_id Type: String
Default: None
Condition: You must provide one of the
following: a gateway ID, instance ID, or a
network interface ID.
Example: -i i-a7c871e3

-n, --network-interface The network interface associated with the Conditional

NETWORKINTERFACE route.
Type: String
Default: None
Condition: You must provide one of the
following: a gateway ID, instance ID, or a
network interface.
Example: -n eni-5b729933

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

120
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

121
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The ROUTE identifier

• The Internet gateway ID

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a route in the route table with ID rtb-e4ad488d.The route matches all traffic (0.0.0.0/0)
and routes it to the Internet gateway with ID igw-eaad4883.

PROMPT> ec2-create-route rtb-e4ad488d -r 0.0.0.0/0 -g igw-eaad4883

ROUTE igw-eaad4883 0.0.0.0/0

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateRoute

Related Commands
• ec2-delete-route (p. 191)
• ec2-describe-route-tables (p. 345)
• ec2-replace-route (p. 521)

API Version 2012-06-15

122
Amazon Elastic Compute Cloud CLI Reference
ec2-create-route-table

ec2-create-route-table
Description
Creates a new route table within a VPC. After you create a new route table, you can add routes and
associate the table with a subnet. For more information about route tables, see Route Tables in the
Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2addrtb.

Syntax
ec2-create-route-table vpc_id

Options
Name Description Required

vpc_id The ID of the VPC for the route table. Yes

Type: String
Default: None
Example: vpc-9ea045f7

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

123
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

124
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The ROUTETABLE identifier

• The route table ID
• The VPC ID
• Information about the local route included in every new route table

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a new route table within the VPC with the ID vpc-9ea045f7.

PROMPT> ec2-create-route-table vpc-9ea045f7

ROUTETABLE rtb-6aa34603 vpc-9ea045f7
ROUTE local active 172.16.0.0/16

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateRouteTable

Related Commands
• ec2-associate-route-table (p. 30)
• ec2-create-route (p. 119)
• ec2-delete-route-table (p. 194)
• ec2-describe-route-tables (p. 345)
• ec2-disassociate-route-table (p. 435)
• ec2-replace-route-table-association (p. 525)

API Version 2012-06-15

125
Amazon Elastic Compute Cloud CLI Reference
ec2-create-snapshot

ec2-create-snapshot
Description
Creates a snapshot of an Amazon EBS volume and stores it in Amazon S3. You can use snapshots for
backups, to make identical copies of instance devices, and to save data before shutting down an instance.
For more information about Amazon EBS, see Amazon Elastic Block Store.

When a snapshot is created, any AWS Marketplace product codes from the volume are propagated to
the snapshot.

When taking a snapshot of a file system, we recommend unmounting it first. This ensures the file system
metadata is in a consistent state, that the 'mounted indicator' is cleared, and that all applications using
that file system are stopped and in a consistent state. Some file systems, such as xfs, can freeze and
unfreeze activity so a snapshot can be made without unmounting.

For Linux/UNIX, enter the following command from the command line to unmount the volume.

umount -d device_name

For example:

umount -d /dev/sdh

For Windows, open Disk Management, right-click the volume to unmount, and select Change Drive Letter
and Path. Then, select the mount point to remove and click Remove.

The short version of this command is ec2addsnap.

Syntax
ec2-create-snapshot volume_id [-d description]

Options
Name Description Required

volume_id The ID of the Amazon EBS volume to take a snapshot Yes

of.
Type: String
Default: None
Example: vol-4d826724

-d, --description The description of the Amazon EBS snapshot. No

description Type: String
Default: None
Constraints: Up to 255 characters
Example: -d "Daily backup"

API Version 2012-06-15

126
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

127
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The SNAPSHOT identifier

• The ID of the snapshot
• The ID of the volume
• The snapshot state (e.g., pending, completed, error)
• The time stamp when snapshot initiated
• The ID of the owner
• The size of the volume
• The description

Amazon EC2 command line tools display errors on stderr.

API Version 2012-06-15

128
Amazon Elastic Compute Cloud CLI Reference
Examples

Examples
Example Request
This example creates a snapshot of volume vol-4d826724.

PROMPT> ec2-create-snapshot vol-4d826724 --description "Daily Backup"

SNAPSHOT snap-c070c5a9 vol-9539dcfc pending 2009-09-16T14:31:29+0000
111122223333 1 Daily Backup

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateSnapshot

Related Commands
• ec2-delete-snapshot (p. 197)
• ec2-describe-snapshots (p. 354)

API Version 2012-06-15

129
Amazon Elastic Compute Cloud CLI Reference
ec2-create-spot-datafeed-subscription

ec2-create-spot-datafeed-subscription
Description
Creates the data feed for Spot Instances, enabling you to view Spot Instance usage logs. You can create
one data feed per account. For more information about Spot Instances, see Spot Instances in the Amazon
Elastic Compute Cloud User Guide.

The short version of this command is ec2addsds.

Syntax
ec2-create-spot-datafeed-subscription --bucket bucket [--prefix prefix]

Options
Name Description Required

-b, --bucket bucket The Amazon S3 bucket in which to store the Spot Yes
Instance datafeed.
Type: String
Default: None
Constraints: Must be a valid bucket associated with
your account.
Example: -b myawsbucket

-p, --prefix bucket A prefix for the datafeed files. No

Type: String
Default: None
Example: -p spotdata_

Common Options
Option Description

API Version 2012-06-15

130
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

131
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The SPOTDATAFEEDSUBSCRIPTION identifier

• The owner's AWS account ID
• The bucket name
• The prefix
• The state (Active, Inactive)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates the data feed for the account.

PROMPT> ec2-create-spot-datafeed-subscription -b myawsbucket -p spotdata_

SPOTDATAFEEDSUBSCRIPTION 111122223333 myawsbucket spotdata_ Active

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateSpotDatafeedSubscription

Related Commands
• ec2-delete-spot-datafeed-subscription (p. 200)
• ec2-describe-spot-datafeed-subscription (p. 360)

API Version 2012-06-15

132
Amazon Elastic Compute Cloud CLI Reference
ec2-create-subnet

ec2-create-subnet
Description
Creates a subnet in an existing VPC. You can create up to 20 subnets in a VPC. If you add more than
one subnet to a VPC, they're set up in a star topology with a logical router in the middle. If you feel you
need more than 20 subnets, you can request more by going to
http://aws.amazon.com/contact-us/vpc-request/.

When you create each subnet, you provide the VPC ID and the CIDR block you want for the subnet.
Once you create a subnet, you can't change its CIDR block. The subnet's CIDR block can be the same
as the VPC's CIDR block (assuming you want only a single subnet in the VPC), or a subset of the VPC's
CIDR block. If you create more than one subnet in a VPC, the subnets' CIDR blocks must not overlap.
The smallest subnet (and VPC) you can create uses a /28 netmask (16 IP addresses), and the largest
uses a /16 netmask (65,536 IP addresses).

Important

AWS reserves both the first four and the last IP address in each subnet's CIDR block. They're
not available for use.

Important

If you launch an instance in a VPC using an Amazon EBS-backed AMI, the IP address doesn't
change if you stop and restart the instance (unlike a similar instance launched outside a VPC,
which gets a new IP address when restarted). It's therefore possible to have a subnet with no
running instances (they're all stopped), but no remaining IP addresses available. For more
information about Amazon EBS-backed AMIs, see AMI Basics in the Amazon Elastic Compute
Cloud User Guide.

The short version of this command is ec2addsubnet.

Syntax
ec2-create-subnet -c vpc_id -i cidr [ -z zone ]

Options
Name Description Required

-c vpc_id The ID of the VPC for the subnet. Yes

Type: String
Default: None
Example: -c vpc-1a2b3c4d

-i cidr The CIDR block for the subnet to cover. Yes

Type: String
Default: None
Example: -i 10.0.1.0/24

API Version 2012-06-15

133
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-z zone The Availability Zone for the subnet. No

Type: String
Default: AWS selects a zone for you
(recommended).
Example: -z us-east-1a

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

API Version 2012-06-15

134
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The SUBNET identifier

• The subnet ID
• The current state of the subnet (pending or available)
• The ID of the VPC the subnet is in
• The CIDR block assigned to the subnet
• The number of IP addresses in the subnet that are available
• The Availability Zone the subnet is in

API Version 2012-06-15

135
Amazon Elastic Compute Cloud CLI Reference
Examples

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a subnet with CIDR block 10.0.1.0/24 in the VPC with ID vpc-1a2b3c4d.

PROMPT> ec2-create-subnet -c vpc-1a2b3c4d -i 10.0.1.0/24

SUBNET subnet-9d4a7b6c pending vpc-1a2b3c4d 10.0.1.0/24 250 us-east-
1a

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateSubnet

Related Commands
• ec2-delete-subnet (p. 203)
• ec2-describe-subnets (p. 376)

API Version 2012-06-15

136
Amazon Elastic Compute Cloud CLI Reference
ec2-create-tags

ec2-create-tags
Description
Adds or overwrites one or more tags for the specified resource or resources. Each resource can have a
maximum of 10 tags. Each tag consists of a key and optional value.Tag keys must be unique per resource.

For more information about tags, see Using Tags in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2addtag.

Syntax
ec2-create-tags resource_id [resource_id ...] --tag key[=value] [--tag
key[=value] ...]

Options
Name Description Required

resource_id The AWS-assigned ID of the resource you want to Yes

tag. You can specify multiple resources to assign the
tags to.
Type: String
Default: None
Example: ami-1a2b3c4d

--tag key or The key and optional value of the tag, separated by Yes
key=value an equals sign (=). If you don't include a value, we set
the value to an empty string.
If you're using the command line tools on a Windows
system, you might need to use quotation marks (i.e.,
"key=value").
Type: String
Default: None
Constraints: Maximum tag key length is 128
characters. Maximum tag value length is 256
characters. Tag keys and values are case sensitive
and accept Unicode characters.
Example: --tag stack=Production

Common Options
Option Description

API Version 2012-06-15

137
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

138
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The TAG identifier

• The resource type (e.g., instance, image, etc.)
• The resource ID
• The tag key
• The tag value

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example adds (or overwrites) two tags for an AMI and an instance. One of the tags is just a key
(webserver), with no value. The other consists of a key (stack) and value (Production). We set the value
of the webserver tag to an empty string.

PROMPT> ec2-create-tags ami-1a2b3c4d i-7d3e5a2f --tag webserver --tag

stack=Production
TAG image ami-1a2b3c4d webserver
TAG image ami-1a2b3c4d stack Production
TAG instance i-7d3e5a2f webserver
TAG instance i-7d3e5a2f stack Production

Related Topics
Download
• Getting Started with the Command Line Tools

API Version 2012-06-15

139
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Action
• CreateTags

Related Commands
• ec2-delete-tags (p. 206)
• ec2-describe-tags (p. 381)

API Version 2012-06-15

140
Amazon Elastic Compute Cloud CLI Reference
ec2-create-volume

ec2-create-volume
Description
Creates a new Amazon EBS volume that any Amazon EC2 instance in the same Availability Zone can
attach to. Any AWS Marketplace product codes from the snapshot are propagated to the volume. For
more information about Amazon EBS, see Amazon Elastic Block Store.

Note

You must specify an Availability Zone when creating a volume. The volume and the instance to
which it attaches must be in the same Availability Zone.

The short version of this command is ec2addvol.

Syntax
ec2-create-volume [ --size size | --snapshot snapshot [--size size] ]
--availability-zone zone

Options
Name Description Required

-s, --size size The size of the volume, in GiBs. Conditional

Type: String
Valid values: 1-1024
Condition: Required if you are not creating a volume
from a snapshot.
Default: If you're creating a volume from a snapshot
and don't specify a size, the default is the snapshot
size.
Example: -s 80

--snapshot snapshot The snapshot from which to create the new volume. Conditional
Type: String
Default: None
Condition: Required if you are creating a volume from
a snapshot.
Example: --snapshot snap-78a54011

-z, The Availability Zone in which to create the new Yes

--availability-zone volume.
zone Type: String
Default: None
Example: -z us-east-1a

API Version 2012-06-15

141
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

142
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The VOLUME identifier

• The ID of the volume
• The size of the volume, in GiBs
• The snapshot from which the volume was created, if applicable
• The Availability Zone in which the volume was created
• The volume state (e.g., creating, available, in use, deleting, error)
• The time stamp when volume creation was initiated

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a new 20 GiB volume in Availability Zone us-east-1a.

API Version 2012-06-15

143
Amazon Elastic Compute Cloud CLI Reference
Related Topics

PROMPT> ec2-create-volume --size 20 --availability-zone us-east-1a

VOLUME vol-4d826724 20 us-east-1a creating 2008-05-07T11:51:50+0000

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateVolume

Related Commands
• ec2-attach-volume (p. 40)
• ec2-delete-volume (p. 210)
• ec2-describe-availability-zones (p. 231)
• ec2-describe-volumes (p. 396)
• ec2-detach-volume (p. 424)

API Version 2012-06-15

144
Amazon Elastic Compute Cloud CLI Reference
ec2-create-vpc

ec2-create-vpc
Description
Creates a VPC with the CIDR block you specify. The smallest VPC you can create uses a /28 netmask
(16 IP addresses), and the largest uses a /16 netmask (65,536 IP addresses). To help you decide how
big to make your VPC, see Your VPC and Subnets in the Amazon Virtual Private Cloud User Guide.

By default, each instance you launch in the VPC has the default DHCP options that includes only a default
DNS server that we provide (AmazonProvidedDNS).

For more information about Amazon Virtual Private Cloud and DHCP options, see Using DHCP Options
in Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2addvpc.

Syntax
ec2-create-vpc cidr [tenancy]

Options
Name Description Required

cidr The CIDR block for the VPC to cover Yes

Type: String
Default: None
Example: 10.0.0.0/16

tenancy The supported tenancy of instances launched No

into the VPC. A value of default means
instances can be launched with any tenancy;
a value of dedicated means all instances
launched into the VPC will be launched as
dedicated tenancy instances regardless of the
tenancy assigned to the instance at launch.
Setting the instance's tenancy attribute to
dedicated specifies that your instance will
run on single-tenant hardware.
Type: String
Default: default
Valid values: default | dedicated

API Version 2012-06-15

145
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

146
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The VPC identifier

• The VPC ID
• The CIDR block of the VPC
• The current state of the VPC (pending or available)
• The ID of the DHCP options associated with the VPC (or "default" if none)
• The allowed tenancy of instances launched into the VPC.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a VPC with CIDR block 10.0.0.0/16.

API Version 2012-06-15

147
Amazon Elastic Compute Cloud CLI Reference
Related Topics

PROMPT> ec2-create-vpc 10.0.0.0/16

VPC vpc-1a2b3c4d pending 10.0.0.0/16 default

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateVpc

Related Commands
• ec2-associate-dhcp-options (p. 26)
• ec2-create-dhcp-options (p. 80)
• ec2-delete-vpc (p. 213)
• ec2-describe-vpcs (p. 402)

API Version 2012-06-15

148
Amazon Elastic Compute Cloud CLI Reference
ec2-create-vpn-connection

ec2-create-vpn-connection
Description
Creates a new VPN connection between an existing virtual private gateway and customer gateway. The
only supported connection type is ipsec.1.

The response includes information that you need to give to your network administrator to configure your
customer gateway. The underlying native format of this information is XML; however, with the
ec2-create-vpn-connection command, you can transform the information into a different format based
on the vendor that makes your customer gateway (e.g., Cisco or Juniper). If you use a vendor other than
Cisco or Juniper, you can set the --format option to generic, and the information is formatted in a
human readable format for your network administrator. If you want to see the native XML, you can specify
xml as the value of the --format option. If you want to write your own stylesheet, you can use the
--stylesheet option to specify that stylesheet and receive the output in your own format. Whereas the
ec2-create-vpn-connection command lets you choose a format for the configuration information, the
corresponding Amazon VPC API operation (CreateVpnConnection) returns only the native XML.

If you decide to shut down your VPN connection for any reason and then create a new one, you must
reconfigure your customer gateway with the new information returned from this call.

For more information about Amazon Virtual Private Cloud and VPN connections, see Adding an IPsec
Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2addvpn.

Syntax
ec2-create-vpn-connection -t type --customer-gateway customer_gateway_id
--vpn-gateway vpn_gateway_id [{--format format} | {--stylesheet your_stylesheet}]

Options
Name Description Required

-t type The type of VPN connection. Yes

Type: String
Default: None
Valid values: ipsec.1
Example: -t ipsec.1

--customer-gateway The ID of the customer gateway. Yes

customer_gateway_id Type: String
Default: None
Example: --customer-gateway cgw-b4dc3961

--vpn-gateway The ID of the virtual private gateway. Yes

vpn_gateway_id Type: String
Default: None
Example: --vpn-gateway vgw-8db04f81

API Version 2012-06-15

149
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

--format format Includes customer gateway configuration No

information in the response, in the format
specified. The returned information can be
formatted for various devices, including a Cisco
device (cisco-ios-isr) or Juniper device
(juniper-junos-j), in human readable format
(generic), or in the native XML format (xml).
Type: String
Default: None
Valid values: cisco-ios-isr |
juniper-junos-j |
juniper-screenos-6.2 |
juniper-screenos-6.1 | generic | xml
Example: --format cisco-ios-isr

--stylesheet Includes customer gateway configuration No

your_stylesheet information in the response, formatted
according to the custom XSL stylesheet
specified.
Type: String
Default: None
Example: --stylesheet c:\my_stylesheet.xsl

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

150
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

151
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The VPNCONNECTION identifier

• The VPN connection ID
• The current state of the VPN connection (pending, available, deleting, deleted)
• The type of VPN connection
• The customer gateway ID
• The virtual private gateway ID
• The configuration information for the customer gateway

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a VPN connection between the virtual private gateway with ID vgw-8db04f81 and
the customer gateway with ID cgw-b4dc3961. The example specifies that the configuration information
be formatted as needed for a Cisco customer gateway. Because it's a long set of information, we haven't
displayed it here in the response. To see an example of the information returned, see the Amazon Virtual
Private Cloud Network Administrator Guide.

PROMPT> ec2-create-vpn-connection -t ipsec.1 --customer-gateway cgw-b4dc3961 -

-vpn-gateway
vgw-8db04f81 --format cisco-ios-isr
VPNCONNECTION vpn-44a8938f pending ipsec.1 cgw-b4dc3961 vgw-8db04f81
<Long customer gateway configuration data...>

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateVpnConnection

API Version 2012-06-15

152
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Commands
• ec2-attach-vpn-gateway (p. 44)
• ec2-create-subnet (p. 133)
• ec2-create-vpc (p. 145)
• ec2-delete-vpn-connection (p. 216)
• ec2-describe-vpn-connections (p. 407)

API Version 2012-06-15

153
Amazon Elastic Compute Cloud CLI Reference
ec2-create-vpn-gateway

ec2-create-vpn-gateway
Description
Creates a new virtual private gateway. A virtual private gateway is the VPC-side endpoint for your VPN
connection. You can create a virtual private gateway before creating the VPC itself.

For more information about Amazon Virtual Private Cloud and virtual private gateway, see Adding an
IPsec Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2addvgw.

Syntax
ec2-create-vpn-gateway -t type

Options
Name Description Required

-t type The type of VPN connection this virtual private Yes

gateway supports.
Type: String
Default: None
Valid values: ipsec.1
Example: -t ipsec.1

-z availability_zone Deprecated. The command accepts and No

ignores this option.
Type: String
Default: None

Common Options
Option Description

API Version 2012-06-15

154
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

155
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The VPNGATEWAY identifier

• The virtual private gateway ID
• The current state of the virtual private gateway (pending, available, deleting, deleted)
• The type of VPN connection the virtual private gateway supports
• The Availability Zone for the virtual private gateway
• Information about VPCs attached to the virtual private gateway (there are none attached when you first
create a virtual private gateway)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a virtual private gateway.

PROMPT> ec2-create-vpn-gateway -t ipsec.1

VPNGATEWAY vgw-8db04f81 pending ipsec.1

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• CreateVpnGateway

API Version 2012-06-15

156
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Commands
• ec2-attach-vpn-gateway (p. 44)
• ec2-delete-vpn-gateway (p. 219)
• ec2-describe-vpn-gateways (p. 413)
• ec2-detach-vpn-gateway (p. 428)

API Version 2012-06-15

157
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-customer-gateway

ec2-delete-customer-gateway
Description
Deletes a customer gateway. You must delete the VPN connection before deleting the customer gateway.

For more information about Amazon Virtual Private Cloud and VPN customer gateways, see Adding an
IPsec Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2delcgw.

Syntax
ec2-delete-customer-gateway customer_gateway_id

Options
Name Description Required

customer_gateway_id The ID of the customer gateway. Yes

Type: String
Default: None
Example: cgw-b4dc3961

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

158
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

159
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The CUSTOMERGATEWAY identifier

• The customer gateway ID

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the customer gateway with ID cgw-b4dc3961.

PROMPT> ec2-delete-customer-gateway cgw-b4dc3961

CUSTOMERGATEWAY cgw-b4dc3961

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteCustomerGateway

Related Commands
• ec2-create-customer-gateway (p. 76)
• ec2-describe-customer-gateways (p. 243)

API Version 2012-06-15

160
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-dhcp-options

ec2-delete-dhcp-options
Description
Deletes a set of DHCP options that you specify. Amazon VPC returns an error if the set of options you
specify is currently associated with a VPC. You can disassociate the set of options by associating either
a new set of options or the default options with the VPC.

For more information about Amazon Virtual Private Cloud and DHCP options sets, see Using DHCP
Options in Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2deldopt.

Syntax
ec2-delete-dhcp-options dhcp_options_id

Options
Name Description Required

dhcp_options_id The ID of the DHCP options. Yes

Type: String
Default: None
Example: dopt-7a8b9c2d

Common Options
Option Description

API Version 2012-06-15

161
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

162
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The DHCPOPTIONS identifier

• The DHCP options ID

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the set of DHCP options with ID dopt-7a8b9c2d.

PROMPT> ec2-delete-dhcp-options dopt-7a8b9c2d

DHCPOPTIONS dopt-7a8b9c2d

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteDhcpOptions

Related Commands
• ec2-associate-dhcp-options (p. 26)
• ec2-create-dhcp-options (p. 80)
• ec2-describe-dhcp-options (p. 248)

API Version 2012-06-15

163
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-disk-image

ec2-delete-disk-image
Description
Deletes a partially or fully uploaded disk image for conversion from Amazon S3. You can specify either
the conversion task ID, or the URL to the import manifest file in Amazon S3. For more information, see
Using the Command Line Tools to Import Your Virtual Machine to Amazon EC2 in the Amazon Elastic
Compute Cloud User Guide.

The short version of this command is ec2ddi.

Syntax
ec2-delete-disk-image { -t task_id | -u url } -o owner_access_key_id -w
owner_secret_access_key [--ignore-active-task]

Options
Name Description Required

-t, --task task_id The Task ID of the conversion task that is no longer Conditional
active.
Type: String
Default: None
Condition: Either the task ID or the URL to the
manifest is required.
Example: -t import-i-fh95npoc

-u, --manifest-url The URL for an existing import manifest file. Use this Conditional
url option to delete the uploaded disk image even if one
or more active conversion tasks still reference the
manifest.
Type: String
Default: None
Condition: Either the task ID or the URL to the
manifest is required.
Example: -u
http://some-s3-location/mydisk-to-delete.vmdk

-o, --owner-akid The access Key ID of the owner of the bucket Yes
owner_access_key_id containing the uploaded disk image to be deleted.
This parameter value is not sent to Amazon EC2.
Type: String
Default: None
Example: -o AKIAIOSFODNN7EXAMPLE

API Version 2012-06-15

164
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-w, --owner-sak The AWS Secret Access Key of the owner of the Yes
owner_secret_access_ bucket containing the uploaded disk image to be
key deleted. This parameter value is not sent to Amazon
EC2.
Type: String
Default: None
Example: -w
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

--ignore-active-task Delete the uploaded disk image despite having an No

active task. Using this option may cause active tasks
to fail. Use this option at your own risk.
Type: String
Default: None
Example: --ignore-active-task

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

165
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

166
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• Task ID

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the import-i-fh95npoc disk image.

PROMPT> ec2-delete-disk-image -t import-i-fh95npoc -o AKIAIOSFODNN7EXAMPLE -w

wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
DELETE-TASK import-i-fh95npoc

Related Topics
Download
• Getting Started with the Command Line Tools

Related Commands
• ec2-cancel-conversion-task (p. 63)
• ec2-import-instance (p. 451)
• ec2-import-volume (p. 462)
• ec2-resume-import (p. 557)

API Version 2012-06-15

167
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-group

ec2-delete-group
Description
Deletes a security group. This action applies to both EC2 security groups and VPC security groups. For
information about VPC security groups and how they differ from EC2 security groups, see Security Groups
in the Amazon Virtual Private Cloud User Guide.

Note

If you attempt to delete a security group that contains instances, or attempt to delete a security
group that is referenced by another security group, an error is returned. For example, if security
group B has a rule that allows access from security group A, security group A cannot be deleted
until the rule is removed.
The fault returned is InvalidGroup.InUse for EC2 security groups, or DependencyViolation
for VPC security groups.

The short version of this command is ec2delgrp.

Syntax
ec2-delete-group { group_name | group_id }

Options
Name Description Required

group_name The name of the EC2 security group. Conditional

Type: String
Default: None
Condition: Either the group name or the group ID is
required.
Example: websrv

group_id The ID of the security group. Conditional

Type: String
Default: None
Condition: Required for a VPC security group. For an
EC2 security group, either the group name or the
group ID is required.
Example: sg-32fa9d3e

API Version 2012-06-15

168
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

169
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• Boolean true or false

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the EC2 security group called webserv.

PROMPT> ec2-delete-group websrv

RETURN true

Example Request
This example deletes the VPC security group with ID sg-43eeba92.

API Version 2012-06-15

170
Amazon Elastic Compute Cloud CLI Reference
Related Topics

PROMPT> ec2-delete-group sg-43eeba92

RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteSecurityGroup

Related Commands
• ec2-authorize (p. 48)
• ec2-create-group (p. 84)
• ec2-describe-group (p. 256)
• ec2-revoke (p. 562)

API Version 2012-06-15

171
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-internet-gateway

ec2-delete-internet-gateway
Description
Deletes an Internet gateway from your AWS account. The gateway must not be attached to a VPC. For
more information about your VPC and Internet gateway, see the Amazon Virtual Private Cloud User
Guide.

The short version of this command is ec2deligw.

Syntax
ec2-delete-internet-gateway internet_gateway_id

Options
Name Description Required

internet_gateway_id The ID of the Internet gateway. Yes

Type: String
Default: None
Example: igw-8db04f81

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

172
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

173
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• Boolean true or false

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the Internet gateway with ID igw-eaad4883.

PROMPT> ec2-delete-internet-gateway igw-eaad4883

RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteInternetGateway

Related Commands
• ec2-attach-internet-gateway (p. 34)
• ec2-create-internet-gateway (p. 96)
• ec2-describe-internet-gateways (p. 299)
• ec2-detach-internet-gateway (p. 418)

API Version 2012-06-15

174
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-keypair

ec2-delete-keypair
Description
Deletes the specified key pair, by removing the public key from Amazon EC2. You must own the key pair.

The short version of this command is ec2delkey.

Syntax
ec2-delete-keypair key_pair

Options
Name Description Required

key_pair The name of the key pair. Yes

Type: String
Default: None
Example: primary_keypair

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

175
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

176
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The KEYPAIR identifier

• The name of the deleted key pair

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the gsg-keypair key pair.

PROMPT> ec2-delete-keypair gsg-keypair

KEYPAIR gsg-keypair

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteKeyPair

Related Commands
• ec2-create-keypair (p. 99)
• ec2-describe-keypairs (p. 304)

API Version 2012-06-15

177
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-network-acl

ec2-delete-network-acl
Description
Deletes a network ACL from a VPC. The ACL must not be associated with any subnets. You can't delete
the default network ACL. For more information about network ACLs, see Network ACLs in the Amazon
Virtual Private Cloud User Guide.

The short version of this command is ec2delnacl.

Syntax
ec2-delete-network-acl acl_id

Options
Name Description Required

acl_id The ID of the network ACL. Yes

Type: String
Default: None
Example: acl-2cb85d45

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

178
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

179
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• Boolean true or false

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the network ACL with ID acl-2cb85d45.

PROMPT> ec2-delete-network-acl acl-2cb85d45

RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteNetworkAcl

Related Commands
• ec2-create-network-acl (p. 103)
• ec2-describe-network-acls (p. 308)
• ec2-replace-network-acl-association (p. 514)

API Version 2012-06-15

180
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-network-acl-entry

ec2-delete-network-acl-entry
Description
Deletes an ingress or egress entry (i.e., rule) from a network ACL. For more information about network
ACLs, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2delnae.

Syntax
ec2-delete-network-acl-entry acl_id -n rule_number [--egress]

Options
Name Description Required

acl_id The ID of the network ACL. Yes

Type: String
Default: None
Example: acl-5fb85d36

-n, --rule-number The rule number for the entry to delete. Yes
rule_number Type: Number
Default: None
Example: 100

--egress Indicates that the rule is an egress rule. No

Default: If not specified, the rule is an ingress rule.

Common Options
Option Description

API Version 2012-06-15

181
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

182
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• Boolean true or false

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the ingress entry with rule number 100 from the network ACL with ID acl-2cb85d45.

PROMPT> ec2-delete-network-acl-entry acl-2cb85d45 -n 100

RETURN true

Example Request
This example deletes the egress entry with rule number 200 from the network ACL with ID acl-2cb85d45.

PROMPT> ec2-delete-network-acl-entry acl-2cb85d45 -n 200 --egress

RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteNetworkAclEntry

API Version 2012-06-15

183
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Commands
• ec2-create-network-acl-entry (p. 106)
• ec2-describe-network-acls (p. 308)
• ec2-replace-network-acl-entry (p. 517)

API Version 2012-06-15

184
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-network-interface

ec2-delete-network-interface
Description
Deletes a network interface. Network interfaces must be detached from an instance before they can be
deleted.

The short version of this command is ec2delnic.

Syntax
ec2-delete-network-interface NETWORKINTERFACE

Options
Name Description Required

NETWORKINTERFACE The network interface ID. Yes

Type: String
Default: None
Example: eni-3a9f6553

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

185
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

186
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns the ID of the network interface that you deleted.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the specified network interface.

PROMPT> ec2-delete-network-interface eni-3a9f6553

NETWORKINTERFACE eni-3a9f6553

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteNetworkInterface

Related Commands
• ec2-attach-network-interface (p. 37)
• ec2-create-network-interface (p. 111)
• ec2-describe-network-interface-attribute (p. 314)
• ec2-describe-network-interfaces (p. 318)
• ec2-detach-network-interface (p. 421)
• ec2-modify-network-interface-attribute (p. 483)
• ec2-reset-network-interface-attribute (p. 549)

API Version 2012-06-15

187
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-placement-group

ec2-delete-placement-group
Description
Deletes a placement group in your account.You must terminate all instances in a placement group before
deleting it. For more information about placement groups and cluster instances, see Using Cluster
Instances in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2delpgrp.

ec2-delete-placement-group placement-group

Options
Name Description Required

placement-group The name of the placement group. Yes

Type: String
Default: None
Example: XYZ-cluster

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

188
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

189
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns the following information:

• The PLACEMENTGROUP identifier

• The name of the placement group
• The status of the placement group (e.g., deleted)

Examples
Example Request
This example deletes the XYZ-cluster placement group.

PROMPT> ec2-delete-placement-group XYZ-cluster

PLACEMENTGROUP XYZ-cluster deleted

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeletePlacementGroup

Related Commands
• ec2-create-placement-group (p. 116)
• ec2-describe-placement-groups (p. 325)

API Version 2012-06-15

190
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-route

ec2-delete-route
Description
Deletes a route from a route table in a VPC. For more information about route tables, see Route Tables
in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2delrt.

Syntax
ec2-delete-route route_table_id -r cidr

Options
Name Description Required

route_table_id The ID of the route table. Yes

Type: String
Default: None
Example: rtb-5da34634

-r, --cidr The CIDR range for the route. The value you Yes
cidr specify must match the CIDR for the route
exactly.
Type: String
Default: None
Example: 0.0.0.0/0

Common Options
Option Description

API Version 2012-06-15

191
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

192
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• Boolean true or false

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example removes the route with destination CIDR 172.16.1.0/24 from the route table with ID
rtb-e4ad488d.

PROMPT> ec2-delete-route rtb-e4ad488d -r 172.16.1.0/24

RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteRoute

Related Commands
• ec2-create-route (p. 119)
• ec2-describe-route-tables (p. 345)
• ec2-replace-route (p. 521)

API Version 2012-06-15

193
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-route-table

ec2-delete-route-table
Description
Deletes a route table from a VPC. The route table must not be associated with a subnet. You can't delete
the main route table. For more information about route tables, see Route Tables in the Amazon Virtual
Private Cloud User Guide.

The short version of this command is ec2delrtb.

Syntax
ec2-delete-route-table route_table_id

Options
Name Description Required

route_table_id The ID of the route table. Yes

Type: String
Default: None
Example: rtb-7aa34613

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

194
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

195
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• Boolean true or false

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the route table with ID rtb-7aa34613.

PROMPT> ec2-delete-route-table rtb-7aa34613

RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteRouteTable

Related Commands
• ec2-associate-route-table (p. 30)
• ec2-create-route-table (p. 123)
• ec2-describe-route-tables (p. 345)
• ec2-disassociate-route-table (p. 435)
• ec2-replace-route-table-association (p. 525)

API Version 2012-06-15

196
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-snapshot

ec2-delete-snapshot
Description
Deletes a snapshot of an Amazon EBS volume.

Note

If you make periodic snapshots of a volume, the snapshots are incremental so that only the
blocks on the device that have changed since your last snapshot are incrementally saved in the
new snapshot. Even though snapshots are saved incrementally, the snapshot deletion process
is designed so that you need to retain only the most recent snapshot in order to restore the
volume.

The short version of this command is ec2delsnap.

Syntax
ec2-delete-snapshot snapshot_id

Options
Name Description Required

snapshot_id The ID of the Amazon EBS snapshot. Yes

Type: String
Default: None
Example: snap-78a54011

Common Options
Option Description

API Version 2012-06-15

197
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

198
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The SNAPSHOT identifier

• The ID of the snapshot

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes snapshot snap-78a54011.

PROMPT> ec2-delete-snapshot snap-78a54011

SNAPSHOT snap-78a54011

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteSnapshot

Related Commands
• ec2-create-snapshot (p. 126)
• ec2-describe-snapshots (p. 354)

API Version 2012-06-15

199
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-spot-datafeed-subscription

ec2-delete-spot-datafeed-subscription
Description
Deletes the data feed for Spot Instances. For more information about Spot Instances, see Spot Instances
in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2delsds.

Syntax
ec2-delete-spot-datafeed-subscription

Options
This command does not have any options.

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

200
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

201
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns no output.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the data feed for the account.

PROMPT> ec2-delete-spot-datafeed-subscription
-

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteSpotDatafeedSubscription

Related Commands
• ec2-create-spot-datafeed-subscription (p. 130)
• ec2-describe-spot-datafeed-subscription (p. 360)

API Version 2012-06-15

202
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-subnet

ec2-delete-subnet
Description
Deletes a subnet from a VPC. You must terminate all running instances in the subnet before deleting it,
otherwise Amazon VPC returns an error.

The short version of this command is ec2delsubnet.

Syntax
ec2-delete-subnet subnet_id

Options
Name Description Required

subnet_id The ID of the subnet. Yes

Type: String
Default: None
Example: subnet-9d4a7b6c

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

203
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

204
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The SUBNET identifier

• The ID of the subnet

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the subnet with ID subnet-9d4a7b6c.

PROMPT> ec2-delete-subnet subnet-9d4a7b6c

SUBNET subnet-9d4a7b6c

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteSubnet

Related Commands
• ec2-create-subnet (p. 133)
• ec2-describe-subnets (p. 376)

API Version 2012-06-15

205
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-tags

ec2-delete-tags
Description
Deletes a specific set of tags from a specific set of resources. This command is designed to follow a
ec2-describe-tags command. First determine what tags a resource has, then call ec2-delete-tags
with the resource ID and the specific tags you want to delete.

For more information about tags, see Using Tags in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2deltag.

Syntax
ec2-delete-tags resource_id [resource_id ... ] --tag key[=value] [--tag
key[=value ...]

Options
Name Description Required

resource_id The AWS-assigned identifier of the resource. You can Yes

specify more than one resource ID.
Type: String
Default: None
Example: i-1a2b3c4d

--tag key or The key and optional value of the tag, separated by Yes
key=value an equals sign (=).You can specify more than one tag
to remove.
Type: String
Default: None
Example: --tag stack=Production

Common Options
Option Description

API Version 2012-06-15

206
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

207
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns no output if the deletion is successful.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the tags for the AMI with ID ami-1a2b3c4d. You first get a list of the tags.

PROMPT> ec2-describe-tags --filter "resource-id=ami-1a2b3c4d"

TAG ami-1a2b3c4d image webserver
TAG ami-1a2b3c4d image stack Production

Then you delete the tags. Specifying the value for the stack tag is optional.

PROMPT> ec2-delete-tags ami-1a2b3c4d --tag webserver --tag stack=Production

If you specify a value for the key, the tag is deleted only if the tag's value matches the one you specified.
If you specify the empty string as the value, the tag is deleted only if the tag's value is the empty string.
The following example specifies the empty string as the value for the tag to delete (notice the equals sign
after Owner).

PROMPT> ec2-delete-tags snap-4dfg39a --tag Owner=

Example Request
This example deletes the stack tag from two particular instances.

PROMPT> ec2-delete-tags i-5f4e3d2a i-12345678 --tag stack

API Version 2012-06-15

208
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Example Request
You can specify a tag key without a corresponding tag value if you want to delete the tag regardless of
its value. This example deletes all tags for the specified resources where key=Purpose, regardless of the
tag value.

PROMPT> ec2-delete-tags i-5f4e3d2a i-4d5h8a9b i-1d3d4fae --tag Purpose

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteTags

Related Commands
• ec2-create-tags (p. 137)
• ec2-describe-tags (p. 381)

API Version 2012-06-15

209
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-volume

ec2-delete-volume
Description
Deletes an Amazon EBS volume. The volume must be in the available state (not attached to an
instance). For more information about Amazon EBS, see Amazon Elastic Block Store in the Amazon
Elastic Compute Cloud User Guide.

Note

The volume remains in the deleting state for several minutes after you run this command.

The short version of this command is ec2delvol.

Syntax
ec2-delete-volume volume_id

Options
Name Description Required

volume_id The ID of the volume. Yes

Type: String
Default: None
Example: vol-4282672b

Common Options
Option Description

API Version 2012-06-15

210
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

211
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The VOLUME identifier

• The ID of the volume

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes volume vol-4282672b.

PROMPT> ec2-delete-volume vol-4282672b

VOLUME vol-4282672b

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteVolume

Related Commands
• ec2-attach-volume (p. 40)
• ec2-create-volume (p. 141)
• ec2-describe-volumes (p. 396)
• ec2-detach-volume (p. 424)

API Version 2012-06-15

212
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-vpc

ec2-delete-vpc
Description
Deletes a VPC. You must detach or delete all gateways or other objects that are dependent on the VPC
first. For example, you must terminate all running instances, delete all VPC security groups (except the
default), delete all route tables (except the default), and so on.

The short version of this command is ec2delvpc.

Syntax
ec2-delete-vpc vpc_id

Options
Name Description Required

vpc_id The ID of the VPC. Yes

Type: String
Default: None
Example: vpc-1a2b3c4d

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

213
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

214
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The VPC identifier

• The ID of the VPC

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the VPC with ID vpc-1a2b3c4d.

PROMPT> ec2-delete-vpc vpc-1a2b3c4d

VPC vpc-1a2b3c4d

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteVpc

Related Commands
• ec2-create-vpc (p. 145)
• ec2-describe-vpcs (p. 402)

API Version 2012-06-15

215
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-vpn-connection

ec2-delete-vpn-connection
Description
Deletes a VPN connection. Use this command to delete a VPC and its associated components. Another
reason to use this command is if you believe that the tunnel credentials for your VPN connection have
been compromised. In that situation, you can delete the VPN connection and create a new one that has
new keys, without needing to delete the VPC or virtual private gateway. If you create a new VPN
connection, you must reconfigure the customer gateway using the new configuration information returned
with the new VPN connection ID.

If you're deleting the VPC and its associated components, we recommend that you detach the virtual
private gateway from the VPC and delete the VPC before deleting the VPN connection.

For more information about Amazon Virtual Private Cloud and VPN connections, see Adding an IPsec
Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2delvpn.

Syntax
ec2-delete-vpn-connection vpn_connection_id

Options
Name Description Required

vpn_connection_id The ID of the VPN connection. Yes

Type: String
Default: None
Example: vpn-44a8938f

Common Options
Option Description

API Version 2012-06-15

216
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

217
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The VPNCONNECTION identifier

• The ID of the VPN connection

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the VPN connection with ID vpn-44a8938f.

PROMPT> ec2-delete-vpn-connection vpn-44a8938f

VPNCONNECTION vpn-44a8938f

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteVpnConnection

Related Commands
• ec2-create-vpn-connection (p. 149)
• ec2-delete-vpc (p. 213)
• ec2-describe-vpn-connections (p. 407)
• ec2-detach-vpn-gateway (p. 428)

API Version 2012-06-15

218
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-vpn-gateway

ec2-delete-vpn-gateway
Description
Deletes a virtual private gateway. Use this command to delete a VPC and its associated components
because you no longer need them. We recommend that before you delete a virtual private gateway, you
detach it from the VPC and delete the VPN connection. Note that you don't need to delete the virtual
private gateway if you just want to delete and recreate the VPN connection between your VPC and data
center.

For more information about Amazon Virtual Private Cloud and virtual private gateways, see Adding an
IPsec Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2delvgw.

Syntax
ec2-delete-vpn-gateway vpn_gateway_id

Options
Name Description Required

vpn_gateway_id The ID of the virtual private gateway. Yes

Type: String
Default: None
Example: vgw-8db04f81

Common Options
Option Description

API Version 2012-06-15

219
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

220
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The VPNGATEWAY identifier

• The ID of the virtual private gateway

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deletes the virtual private gateway with ID vgw-8db04f81.

PROMPT> ec2-delete-vpn-gateway vgw-8db04f81

VPNGATEWAY vgw-8db04f81

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeleteVpnGateway

Related Commands
• ec2-create-vpn-gateway (p. 154)
• ec2-delete-vpn-connection (p. 216)
• ec2-describe-vpn-gateways (p. 413)

API Version 2012-06-15

221
Amazon Elastic Compute Cloud CLI Reference
ec2-deregister

ec2-deregister
Description
Deregisters the specified AMI. After you deregister an AMI, it can't be used to launch new instances.

Note

This command does not delete the AMI.

The short version of this command is ec2dereg.

Syntax
ec2-deregister ami_id

Options
Name Description Required

ami_id The ID of the AMI. Yes

Type: String
Default: None
Example: ami-4fa54026

Common Options
Option Description

API Version 2012-06-15

222
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

223
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The IMAGE identifier

• The ID of the AMI

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example deregisters the ami-4fa54026 AMI.

PROMPT> ec2-deregister ami-4fa54026

IMAGE ami-4fa54026

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DeregisterImage

Related Commands
• ec2-describe-images (p. 266)
• ec2-register (p. 504)

API Version 2012-06-15

224
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-addresses

ec2-describe-addresses
Description
Lists and describes the Elastic IP addresses allocated to your account. This includes both EC2 and VPC
Elastic IP addresses. For information about VPC addresses and how they differ from EC2 addresses,
see Elastic IP Addresses in the Amazon Virtual Private Cloud User Guide.

You can filter the results to return information only about Elastic IP addresses that match criteria you
specify. For example, you could get information only about addresses tagged with a certain value. You
can specify multiple values for a filter. An address must match at least one of the specified values for it
to be included in the results.

You can specify multiple filters (e.g., the address is a particular value, and is tagged with a certain value).
The result includes information for an address only if it matches all your filters. If there's no match, no
special message is returned; the response is simply empty.

You can use wildcards with the filter values: * matches zero or more characters, and ? matches exactly
one character. You can escape special characters using a backslash before the character. For example,
a value of \*amazon\?\\ searches for the literal string *amazon?\.

The following table shows the available filters.

Filter Name Description

domain Indicates whether the address is a EC2 address, or a VPC address.

Type: String
Valid values: standard | vpc

instance-id The instance the address is associated with (if any).

Type: String

public-ip The Elastic IP address.

Type: String

allocation-id The allocation ID for the address (VPC addresses only).

Type: String

association-id The association ID for the address (VPC addresses only).

Type: String

network-interface-id The network interface (if any) that the address is associated with. (for VPC
addresses only).
Type: String

network-interface-owner-id The owner IID.

private-ip-address The private IP address associated with the Elastic IP address (for VPC
addresses only).
Type: String

The short version of this command is ec2daddr.

API Version 2012-06-15

225
Amazon Elastic Compute Cloud CLI Reference
Syntax

Syntax
ec2-describe-addresses [public_ip ... | allocation_id ...] [[--filter name=value]
...]

Options
Name Description Required

public_ip The EC2 Elastic IP address. No

Type: String
Default: Describes all addresses you own, or only
those otherwise specified.
Example: 198.51.100.1

allocation_id The VPC Elastic IP address. No

Type: String
Default: Describes all addresses you own, or only
those otherwise specified.
Example: eipalloc-9558a4fc

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all addresses you own, or only
those otherwise specified.
Example: --filter "instance-id=i-1a2b3c4d"

Common Options
Option Description

API Version 2012-06-15

226
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

227
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The ADDRESS identifier

• The Elastic IP address
• The instance ID to which the IP address is assigned
• The domain of the address (standard or vpc)
• The allocation ID (for VPC addresses only)
• The association ID (for VPC addresses only)
• The private IP address associated with the Elastic IP address (for VPC only)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes the EC2 address 192.0.2.1, which is assigned to instance i-f15ebb98.

PROMPT> ec2-describe-addresses 192.0.2.1

ADDRESS 192.0.2.1 i-f15ebb98 standard

Example Request
This example describes the VPC address with allocation ID eipalloc-282d9641, which is assigned to
instance i-7a00642.

PROMPT> ec2-describe-addresses eipalloc-9258a4fb

Type Address Instance Domain AllocationId
AssociationId NetworkInterfaceID
PrivateIP ADDRESS 203.0.113.0 i-7a00642e vpc eipalloc-282d9641
eipassoc-252d964c eni-d83388b1 10.0.0.14 4

API Version 2012-06-15

228
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Example Request
This example describes all your Elastic IP addresses (both EC2 and VPC).

PROMPT> ec2-describe-addresses
ADDRESS 203.0.113.12 i-f15ebb98 standard
ADDRESS 203.0.113.22 i-9e9da4e9 vpc eipalloc-9258a4fb eipassoc-
0659a56f
ADDRESS 203.0.113.32 vpc eipalloc-9558a4fc

Example Request
This example describes only your VPC Elastic IP addresses.

PROMPT> ec2-describe-addresses --filter "allocation-id=*" -H

ec2-describe-addresses -H
Type Address Instance Domain AllocationId
AssociationId NetworkInterfaceID
PrivateIP ADDRESS 203.0.113.10 vpc eipalloc-1b5fe072
eipassoc-eb5fe082 eni-0689366f 10.0.1.35
ADDRESS 203.0.113.20 i-c844219c vpc eipalloc-b463dcdd
eipassoc-d218a3bb eni-ea67dc83 10.0.0.174
ADDRESS 203.0.113.140 i-ba6a0d vpc eipalloc-1266dd7b
eipassoc-39e15b50 eni-73e05a1a 10.0.0.85
ADDRESS 203.0.113.140 i-7a00642 vpc eipalloc-f38a359a
eipassoc-1f239876 eni-d83388b1 10.0.0.12
ADDRESS 203.0.113.177 i-7a00642e vpc eipalloc-282d9641
eipassoc-252d964c eni-d83388b1 10.0.0.14

Example Request
This example describes VPC addresses associated with a particular private IP address.

PROMPT> ec2-describe-addresses --filter private-ip-address=10.0.0.94

ADDRESS 203.0.113.155 vpc eipalloc-fdfc4394 eipassoc-52fa453b
eni-66fc430f 10.0.0.94

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeAddresses

Related Commands
• ec2-allocate-address (p. 13)

API Version 2012-06-15

229
Amazon Elastic Compute Cloud CLI Reference
Related Topics

• ec2-associate-address (p. 21)

• ec2-disassociate-address (p. 431)
• ec2-release-address (p. 510)

API Version 2012-06-15

230
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-availability-zones

ec2-describe-availability-zones
Description
Displays the Availability Zones that are currently available to the account. The results include zones only
for the Region you're currently using.

Note

Availability Zones are not the same across accounts. The Availability Zone us-east-1a for account
A is not necessarily the same as us-east-1a for account B. Availability Zone assignments are
mapped independently for each account.

You can filter the results to return information only about zones that match criteria you specify. For
example, you could filter the results to return only the zones whose state is available. You can specify
multiple filters (e.g., the zone is in a particular Region, and the state is available). The result includes
information for a particular zone only if it matches all your filters. If there's no match, no special message
is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

message Information about the Availability Zone.

Type: String

region-name The Region the Availablity Zone is in (e.g., us-east-1).

Type: String

state The state of the Availability Zone

Type: String
Valid values: available

zone-name The name of the zone.

Type: String

The short version of this command is ec2daz.

Syntax
ec2-describe-availability-zones [zone_name ...] [[--filter name=value] ...]

API Version 2012-06-15

231
Amazon Elastic Compute Cloud CLI Reference
Options

Options
Name Description Required

zone_name The name of the Availability Zone. No

Type: String
Default: Shows all zones in the Region.
Example: us-east-1a

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Shows all zones in the Region, or only the
ones you've otherwise specified.
Example: --filter "region-name=ap-southeast-1"

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

232
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

233
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The AVAILABILITYZONE identifier

• The name of the Availability Zone
• The state of the zone

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example displays information about Availability Zones that are available to the account. The results
include zones only for the Region you're currently using.

PROMPT> ec2-describe-availability-zones
AVAILABILITYZONE us-east-1a available
AVAILABILITYZONE us-east-1b available
AVAILABILITYZONE us-east-1c available
AVAILABILITYZONE us-east-1d available

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeAvailabilityZones

Related Commands
• ec2-describe-regions (p. 329)
• ec2-run-instances (p. 568)

API Version 2012-06-15

234
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-bundle-tasks

ec2-describe-bundle-tasks
Description
Describes the current bundling tasks.

Note

Completed bundle tasks are listed for only a limited time. If your bundle task is no longer in the
list, you can still register an AMI from it. Just use the ec2-register command with the Amazon
S3 bucket name and image manifest name you provided to the bundle task.

You can filter the results to return information only about tasks that match criteria you specify. For example,
you could filter the results to return only the tasks whose state is complete. You can specify multiple
values for a filter. A bundle task must match at least one of the specified values for it to be included in
the results.

You can specify multiple filters (e.g., the bundle is stored in a particular Amazon S3 bucket and the state
is complete). The result includes information for a particular bundle task only if it matches all your filters.
If there's no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

bundle-id The ID of the bundle task.

Type: String

error-code If the task failed, the error code returned.

Type: String

error-message If the task failed, the error message returned.

Type: String

instance-id The ID of the instance that was bundled.

Type: String

progress The level of task completion, as a percentage (e.g., 20%).

Type: String

s3-bucket The Amazon S3 bucket to store the AMI.

Type: String

s3-prefix The beginning of the AMI name.

Type: String

start-time The time the task started, e.g., 2008-09-15T17:15:20.000Z.

Type: DateTime

API Version 2012-06-15

235
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

state The state of the task.

update-time The time of the most recent update for the task, e.g.,
2008-09-15T17:15:20.000Z.
Type: DateTime

The short version of this command is ec2dbun.

Syntax
ec2-describe-bundle-tasks [bundle ...] [[--filter name=value] ...]

Options
Name Description Required

bundle The ID of the bundle task. No

Type: String
Default: Describes all bundle tasks, or only those
otherwise specified.
Example: bun-cla432a3

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all your bundle tasks, or only those
otherwise specified.
Example: --filter "state=pending"

Common Options
Option Description

API Version 2012-06-15

236
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

237
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The BUNDLE identifier

• The ID of the bundle
• The ID of the instance
• The bucket name
• The prefix
• The start time
• The update time
• The current state (pending, waiting-for-shutdown, bundling, storing, cancelling, complete, failed)
• The progress as a % if state is bundling

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes the status of the bun-c1a540a8 bundle task.

PROMPT> ec2-describe-bundle-tasks bun-c1a540a8

BUNDLE bun-c1a540a8 i-2674d22r myawsbucket winami 2008-09-15T17:15:20.000Z
2008-09-15T17:15:20.000Z bundling 3%

Example Request
This example filters the results to display only bundle tasks whose state is either complete or failed,
and in addition are targeted for the Amazon S3 bucket called myawsbucket.

API Version 2012-06-15

238
Amazon Elastic Compute Cloud CLI Reference
Related Topics

PROMPT> ec2-describe-bundle-tasks --filter "s3-bucket=myawsbucket" --filter

"state=complete" --filter "state=failed"
BUNDLE bun-1a2b3c4d i-8765abcd myawsbucket linuxami 2008-09-14T08:32:43.000Z
2008-09-14T08:32:43.000Z complete

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeBundleTasks

Related Commands
• ec2-bundle-instance (p. 55)
• ec2-cancel-bundle-task (p. 60)

API Version 2012-06-15

239
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-conversion-tasks

ec2-describe-conversion-tasks
Description
Lists and describes your conversion tasks. For more information, see Using the Command Line Tools to
Import Your Virtual Machine to Amazon EC2 in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2dct.

Syntax
ec2-describe-conversion-tasks [task_id ...] [--show-transfer-details]

Options
Name Description Required

task_id The conversion task ID for the upload. If not specified, all of your No
conversion tasks are returned.
Type: String
Default: None
Example: import-i-ffvko9js

--show-transfer-deta Displays additional details for uploading the disk image. The No
ils ec2-upload-disk-image command automatically returns this
information.
Type: None
Default: None
Example: --show-transfer-details

Common Options
Option Description

API Version 2012-06-15

240
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

241
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns the following information:

• Information about the task, such as the task ID, task type, expiration, status, and number of bytes
received
• Information about the image, such as the image size, format, volume ID, and volume size

Amazon EC2 command line tools display errors on stderr.

Example
Example Request
This example shows the status of your import instance task.

PROMPT>ec2-describe-conversion-tasks import-i-ffvko9js

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeConversionTasks

Related Commands
• ec2-cancel-conversion-task (p. 63)
• ec2-delete-disk-image (p. 164)
• ec2-import-instance (p. 451)
• ec2-import-volume (p. 462)
• ec2-resume-import (p. 557)

API Version 2012-06-15

242
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-customer-gateways

ec2-describe-customer-gateways
Description
Describes your customer gateways. You can filter the results to return information only about customer
gateways that match criteria you specify. For example, you could get information only about gateways
whose state is pending or available. The customer gateway must match at least one of the specified
values for it to be included in the results.

You can specify multiple filters (e.g., the customer gateway has a particular IP address for the
Internet-routable external interface, and the gateway's state is pending or available). The result
includes information for a particular customer gateway only if the gateway matches all your filters. If there's
no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

bgp-asn The customer gateway's Border Gateway Protocol (BGP) Autonomous System
Number (ASN).
Type: String

customer-gateway-id The ID of the customer gateway.

Type: String

ip-address The IP address of the customer gateway's Internet-routable external interface

(for example, 12.1.2.3).
Type: String

state The state of the customer gateway.

Type: String
Valid values: pending | available | deleting | deleted

type The type of customer gateway. Currently the only supported type is ipsec.1.
Type: String
Valid values: ipsec.1

tag-key The key of a tag assigned to the resource. This filter is independent of the
tag-value filter. For example, if you use both the filter tag-key=Purpose
and the filter tag-value=X, you get any resources assigned both the tag
key Purpose (regardless of what the tag's value is), and the tag value X
(regardless of what the tag's key is). If you want to list only resources where
Purpose=X, see the tag:key filter later in this table.
For more information about tags, see Using Tags in the Amazon Elastic
Compute Cloud User Guide.
Type: String

tag-value The value of a tag assigned to the resource. This filter is independent of the
tag-key filter.
Type: String

API Version 2012-06-15

243
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

tag:key Filters the results based on a specific tag/value combination.

Example: To list just the resources assigned tag Purpose=X, then specify:
--filter tag:Purpose=X
Example: To list just resources assigned tag Purpose=X OR Purpose=Y,
then specify:
--filter tag:Purpose=X --filter tag:Purpose=Y

For more information about Amazon Virtual Private Cloud and VPN customer gateways, see Adding an
IPsec Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2dcgw.

Syntax
ec2-describe-customer-gateways [ customer_gateway_id ... ] [[--filter
name=value] ...]

Options
Name Description Required

customer_gateway_id A customer gateway ID. You can specify more No

than one in the request.
Type: String
Default: Returns information about all your
customer gateways.
Example: cgw-b4dc3961

-F, --filter name=value A filter for limiting the results. See the No
preceding table for a list of allowed filter names
and values. You need to use quotation marks
if the value string has a space (e.g.,
"name=value example"). If you're using the
command line tools on a Windows system, you
might need to use quotation marks, even when
there is no space in the value string (e.g.,
"name=value").
Type: String
Default: Describes all customer gateways you
own, or only those otherwise specified.
Example: --filter "tag-key=Production"

API Version 2012-06-15

244
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

245
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The CUSTOMERGATEWAY identifier

• The ID of the customer gateway
• The state of the customer gateway (pending, available, deleting, deleted)
• The type of VPN connection the customer gateway supports
• The Internet-routable IP address of the customer gateway's outside interface
• The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN)
• Any tags assigned to the customer gateway

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example gives a description of the customer gateway with ID cgw-b4dc3961.

API Version 2012-06-15

246
Amazon Elastic Compute Cloud CLI Reference
Related Topics

PROMPT> ec2-describe-customer-gateways cgw-b4dc3961

CUSTOMERGATEWAY cgw-b4dc3961 available ipsec.1 12.1.2.3 65534

Example Request
This example uses filters to give a description of any customer gateway you own whose IP address is
12.1.2.3, and whose state is either pending or available.

PROMPT> ec2-describe-customer-gateways --filter "ip-address=12.1.2.3" --filter

"state=pending" --filter "state=available"
CUSTOMERGATEWAY cgw-b4dc3961 available ipsec.1 12.1.2.3 65534

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeCustomerGateways

Related Commands
• ec2-create-customer-gateway (p. 76)
• ec2-delete-customer-gateway (p. 158)

API Version 2012-06-15

247
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-dhcp-options

ec2-describe-dhcp-options
Description
Describes one or more sets of DHCP options. You can specify one or more DHCP options set IDs, or no
IDs (to describe all your sets of DHCP options).

You can filter the results to return information only about sets of options that match criteria you specify.
For example, you could get information for sets that have a certain value for the domain-name option.
You can specify multiple values for the filter. The option must match at least one of the specified values
for the options set to be included in the results.

You can specify multiple filters (e.g., a certain value for domain-name, and a tag with a certain value).
The result includes information for a set of options only if the specified option matches all your filters. If
there's no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

dhcp-options-id The ID of a set of DHCP options.

Type: String

key The key for one of the options (e.g., domain-name).

Type: String

value The value for one of the options.

Type: String

tag-value The value of a tag assigned to the resource. This filter is independent of the
tag-key filter.
Type: String

tag:key Filters the results based on a specific tag/value combination.

API Version 2012-06-15

248
Amazon Elastic Compute Cloud CLI Reference
Syntax

For more information about Amazon Virtual Private Cloud and DHCP options sets, see Using DHCP
Options in Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2ddopt.

Syntax
ec2-describe-dhcp-options [ dhcp_options_id ... ] [[--filter name=value] ...]

Options
Name Description Required

dhcp_options_id A DHCP options set ID. You can specify more No

than one in the request.
Type: String
Default: Returns information about all your sets
of DHCP options, or only those otherwise
specified.
Example: dopt-7a8b9c2d

-F, --filter name=value A filter for limiting the results. See the No
preceding table for a list of allowed filter names
and values. You need to use quotation marks
if the value string has a space (e.g.,
"name=value example"). If you're using the
command line tools on a Windows system, you
might need to use quotation marks, even when
there is no space in the value string (e.g.,
"name=value").
Type: String
Default: Describes all DHCP options set you
own, or only those otherwise specified.
Example: --filter "tag-key=Production"

Common Options
Option Description

API Version 2012-06-15

249
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

250
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The DHCPOPTIONS identifier

• The ID of the DHCP options set
• The name and values for each option in the set
• Any tags assigned to the set

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example gives a description of the DHCP options set with ID dopt-7a8b9c2d.

PROMPT> ec2-describe-dhcp-options dopt-7a8b9c2d

DHCPOPTIONS dopt-7a8b9c2d
OPTION domain-name mydomain.com
OPTION domain-name-servers 10.2.5.1,10.2.5.2

Example Request
This example uses filters to give a description of any DHCP options set that includes a domain-name
option whose value includes the string example.

PROMPT> ec2-describe-dhcp-options --filter "key=domain-name" --filter

"value=*example*"

Related Topics
Download
• Getting Started with the Command Line Tools

API Version 2012-06-15

251
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Action
• DescribeDhcpOptions

Related Commands
• ec2-associate-dhcp-options (p. 26)
• ec2-create-dhcp-options (p. 80)
• ec2-delete-dhcp-options (p. 161)

API Version 2012-06-15

252
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-export-tasks

ec2-describe-export-tasks
Description
Lists and describes your export tasks, including the most recent canceled and completed tasks.

The short version of this command is ec2dxt.

Syntax
ec2-describe-export-tasks [ task_id ... ] [[--filter name=value] ...]

Options
Name Description Required

task_id The export task ID returned by No

ec2-create-instance-export-task. If
not specified, all of your export tasks are
returned.
Type: String
Default: None
Example: The export task ID returned by
ec2-create-instance-export-task . If not
specified, all of your export tasks are returned

Common Options
Option Description

API Version 2012-06-15

253
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

254
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns information about the export task including:

• The EXPORTTASK identifier

• The ID of the task
• The status of the task
• The export progress

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes the export task with the ID export-i-fgelt0i7.

PROMPT> ec2-describe-export-tasks export-i-fgelt0i7

EXPORTTASK export-i-fgelt0i7 active i-81428ee7 vmware vmdk
myexportbucket export-i-fgelt0i7.vmdk

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeExportTasks

Related Commands
• ec2-cancel-export-task (p. 67)
• ec2-create-instance-export-task (p. 92)

API Version 2012-06-15

255
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-group

ec2-describe-group
Description
Describes the security groups in your account. This includes both EC2 security groups and VPC security
groups. For information about how the two types of groups differ, see Security Groups in the Amazon
Virtual Private Cloud User Guide.

You can filter the results to return information only about security groups that match criteria you specify.
For example, you could get information about groups whose name contains a particular string. You can
specify multiple values for a filter. A security group must match at least one of the specified values for it
to be included in the results.

You can specify multiple filters (e.g., the group's name contains a particular string, and the group gives
permission to another security group with a different string in its name). The result includes information
for a particular group only if it matches all your filters. If there's no match, no special message is returned;
the response is simply empty.

Important

Filters are based on literal strings only. This is important to remember when you want to use
filters to return only security groups with access allowed on a specific port number or numbers.
For example, let's say you want to get all groups that have access on port 22. And let's say
GroupA gives access on a range of ports using fromPort=20 and toPort=30. If you filter with
ip-permission.from-port=22 or ip-permission.to-port=22 (or both), GroupA is not
returned in the results. It is only returned in the results if you specify
ip-permission.from-port=20 or ip-permission.to-port=30 (or both).

The following table shows the available filters.

Filter Name Description

description The description of the security group.

Type: String

group-id The ID of the security group.

Type: String

group-name The name of the security group.

Type: String

ip-permission.cidr The CIDR range that has been granted the

permission.
Type: String

ip-permission.from-port The start of port range for the TCP and UDP
protocols, or an ICMP type number.
Type: String

API Version 2012-06-15

256
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

ip-permission.group-name The name of security group that has been granted

the permission.
Type: String

ip-permission.protocol The IP protocol for the permission.

Type: String
Valid values: tcp | udp | icmp or a protocol number

ip-permission.to-port The end of port range for the TCP and UDP
protocols, or an ICMP code.
Type: String

ip-permission.user-id The ID of an AWS account that has been granted

the permission.
Type: String

owner-id The AWS account ID of the owner of the security

group.
Type: String

tag-key The key of a tag assigned to the security group.

Type: String

tag-value The value of a tag assigned to the security group.

Type: String

The short version of this command is ec2dgrp.

Syntax
ec2-describe-group [ec2_group_name_or_id | vpc_group_id ...] [[--filter
name=value] ...]

Options
Name Description Required

ec2_group_name_or_id For EC2 security groups: The name or ID of the group. No

or vpc_group_id For VPC security groups: The ID of the group.
Type: String
Default: Describes all groups you own, or only those
otherwise specified.
Example: websrv

API Version 2012-06-15

257
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all security groups you own, or only
those otherwise specified.
Example: --filter "group-name=*webserver*"

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

258
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The GROUP identifier

• The ID of the security group

API Version 2012-06-15

259
Amazon Elastic Compute Cloud CLI Reference
Examples

• The AWS account ID of the owner of the security group

• The name of the security group
• A description of the security group
• The PERMISSION identifier
• The AWS account ID of the owner of the group
• The name of the group granting permission
• The type of rule. Currently, only ALLOW rules are supported
• The protocol to allow
• The start of port range
• The end of port range
• The source (for ingress rules) or destination (for egress rules)
• Any tags assigned to the security group

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example returns information about a specific EC2 security group called StandardGroup.

PROMPT> ec2-describe-group StandardGroup

GROUP sg-1974436d 111122223333 StandardGroup A standard EC2 group
PERMISSION 111122223333 StandardGroup ALLOWS tcp 80 80
FROM CIDR 102.11.43.32/32 ingress

Example Request
This example returns information about a specific VPC security group with ID sg-eea7b782.

PROMPT> ec2-describe-group sg-eea7b782

GROUP sg-eea7b782 111122223333 WebServerSG web servers vpc-
5266953b
PERMISSION 111122223333 WebServerSG ALLOWS 6 80 80
FROM CIDR 162.5.5.5/32 ingress
PERMISSION 111122223333 WebServerSG ALLOWS 6 80 80
FROM USER 111122223333 ID sg-78a9b914 ingress
PERMISSION 111122223333 WebServerSG ALLOWS 6 443 443
FROM USER 111122223333 ID sg-78a9b914 ingress
PERMISSION 111122223333 WebServerSG ALLOWS all
TO CIDR 0.0.0.0/0 egress
PERMISSION 111122223333 WebServerSG ALLOWS 6 1433 1433
TO USER 111122223333 ID sg-80aebeec egress

Example Request
This example returns information about all security groups that grant access over TCP specifically on
port 22 from instances in either the app_server_group or database_group.

API Version 2012-06-15

260
Amazon Elastic Compute Cloud CLI Reference
Related Topics

PROMPT> ec2-describe-group --filter "ip-permission.protocol=tcp"

--filter "ip-permission.from-port=22" --filter "ip-permission.to-port=22"
--filter "ip-permission.group-name=app_server_group" --filter "ip-permis
sion.group-name=database_group"

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeSecurityGroups

Related Commands
• ec2-authorize (p. 48)
• ec2-create-group (p. 84)
• ec2-delete-group (p. 168)
• ec2-revoke (p. 562)

API Version 2012-06-15

261
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-image-attribute

ec2-describe-image-attribute
Description
Describes the specified attribute of an AMI. You can get information about only one attribute at a time.

The short version of this command is ec2dimatt.

Syntax
ec2-describe-image-attribute ami_id {-l | -p | -B | --kernel | --ramdisk}

Options
Name Description Required

ami_id The ID of the AMI. Yes

Type: String
Default: None
Example: ami-4fa54026

-l, Describes the launch permissions of the AMI. No

--launch-permission Type: String
Default: None
Example: -l

-p, --product-codes Describes the product codes associated with the AMI. No
Each product code contains both a product code and
a type.
Type: String
Default: None
Example: -p

-B, Describes the block device mapping associated with No

--block-device-mapping the AMI.
Type: String
Default: None
Example: -B

--kernel Describes the ID of the kernel associated with the AMI. No

Type: String
Default: None
Example: --kernel

--ramdisk Describes the ID of the RAM disk associated with the No

AMI.
Type: String
Default: None
Example: --ramdisk

API Version 2012-06-15

262
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

263
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The attribute type identifier

• The ID of the AMI
• Information about the attribute

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example lists the launch permissions for the ami-2bb65342 AMI

PROMPT> ec2-describe-image-attribute ami-2bb65342 -l

launchPermission ami-2bb65342 group all
launchPermission ami-2bb65342 userId 495219933132

API Version 2012-06-15

264
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Example Request
This example lists the product code for the ami-3bb65342 AMI.

PROMPT> ec2-describe-image-attribute ami-2bb65342 -p

productCodes ami-3bb65342 productCode [marketplace: a1b2c3d4e5f6g7h8i9j10k11]

Example Request
This example describes the RAM disk for the ami-d5ed03bc AMI, with the --show-empty-fields
option.

PROMPT> ec2-describe-image-attribute ami-d5ed03bc --ramdisk --show-empty-fields

ramdisk ami-d5ed03bc (nil) ari-96c527ff

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeImageAttribute

Related Commands
• ec2-describe-images (p. 266)
• ec2-modify-image-attribute (p. 473)
• ec2-reset-image-attribute (p. 542)

API Version 2012-06-15

265
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-images

ec2-describe-images
Description
Describes the images available to you, including public images, private images that you own, and private
images owned by other AWS accounts but for which you have explicit launch permissions.

Launch permissions fall into three categories:

Launch Description
Permission

public The owner of the AMI granted launch permissions for the AMI to the all group.
All AWS accounts have launch permissions for these AMIs.

explicit The owner of the AMI granted launch permissions to a specific AWS account.

implicit An AWS account has implicit launch permissions for all the AMIs it owns.

The list of AMIs returned can be modified by specifying AMI IDs, AMI owners, or AWS accounts with
launch permissions. If no options are specified, Amazon EC2 returns all AMIs for which you have launch
permissions.

If you specify one or more AMI IDs, only AMIs that have the specified IDs are returned. If you specify an
invalid AMI ID, an error is returned. If you specify an AMI ID for which you do not have access, it is not
included in the returned results.

If you specify one or more AMI owners, only AMIs from the specified owners and to which you have
access are returned. The results can include the account IDs of the specified owners—amazon for AMIs
owned by Amazon, aws-marketplace for AMIs owned by AWS Marketplace, or self for AMIs that you
own.

Note

For an overview of the AWS Marketplace, go to

https://aws.amazon.com/marketplace/help/200900000. For details on how to use the AWS
Marketplace, see AWS Marketplace.

If you specify a list of users with launch permissions, only AMIs with launch permissions for those users
are returned. You can specify account IDs (if you own the AMI(s)), self for AMIs for which you own or
have explicit permissions, or all for public AMIs.

Note

Deregistered images are included in the returned results for an unspecified interval after
deregistration.

You can filter the results to return information only about images that match criteria you specify. For
example, you could get information only about images that use a certain kernel. You can specify multiple
values for a filter (e.g., the image uses either kernel aki-1a2b3c4d or kernel aki-9b8c7d6f). An image
must match at least one of the specified values for it to be included in the results.

You can specify multiple filters (e.g., the image uses a certain kernel, and uses an Amazon EBS volume
as the root device). The result includes information for a particular image only if it matches all your filters.
If there's no match, no special message is returned; the response is simply empty.

API Version 2012-06-15

266
Amazon Elastic Compute Cloud CLI Reference
Description

The following table shows the available filters.

Filter Name Description

architecture The image architecture.

Type: String
Valid Values: i386 | x86_64

block-device-mapping.delete-on-termination Whether the Amazon EBS volume is deleted on

instance termination.
Type: Boolean

block-device-mapping.device-name The device name (e.g., /dev/sdh) for an Amazon

EBS volume mapped to the image.
Type: String

block-device-mapping.snapshot-id The snapshot ID for an Amazon EBS volume

mapped to the image.
Type: String

block-device-mapping.volume-size The volume size for an Amazon EBS volume

mapped to the image.
Type: Integer

description The description of the AMI (provided during image

creation).
Type: String

image-id The ID of the image.

Type: String

image-type The image type.

Type: String
Valid Values: machine | kernel | ramdisk

is-public Indicates whether the image is public.

Type: Boolean

kernel-id The kernel ID.

Type: String

manifest-location The location of the image manifest.

Type: String

name The name of the AMI (provided during image

creation).
Type: String

owner-alias The AWS account alias (e.g., amazon)

Type: String

API Version 2012-06-15

267
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

owner-id The AWS account ID of the image owner.

Type: String

platform The platform. To only list Windows-based AMIs,

use windows. Otherwise, leave blank.
Type: String
Valid value: windows

product-code The product code associated with the AMI.

Type: String

product-code.type The type of AMI product code.

Type: String
Valid values: devpay | marketplace

ramdisk-id The RAM disk ID.

Type: String

root-device-name The root device name of the AMI (e.g., /dev/sda1).

Type: String

root-device-type The root device type that the AMI uses.

Type: String
Valid values: ebs | instance-store

state The state of the image.

Type: String
Valid values: available | pending | failed

state-reason-code The reason code for the state change.

Type: String

state-reason-message The message for the state change.

Type: String

tag-key The key of a tag assigned to the resource. This

filter is independent of the tag-value filter. For
example, if you use both the filter
tag-key=Purpose and the filter tag-value=X,
you get any resources assigned both the tag key
Purpose (regardless of what the tag's value is),
and the tag value X (regardless of what the tag's
key is). If you want to list only resources where
Purpose=X, see the tag:key filter later in this
table.
For more information about tags, see Using Tags
in the Amazon Elastic Compute Cloud User Guide.
Type: String

tag-value The value of a tag assigned to the resource. This

filter is independent of the tag-key filter.
Type: String

API Version 2012-06-15

268
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

tag:key Filters the results based on a specific tag/value

combination.
Example: To list just the resources assigned tag
Purpose=X, then specify:
--filter tag:Purpose=X
Example: To list just resources assigned tag
Purpose=X OR Purpose=Y, then specify:
--filter tag:Purpose=X --filter
tag:Purpose=Y

virtualization-type The virtualization type of the image.

Type: String
Valid values: paravirtual | hvm

hypervisor The hypervisor type of the image.

Type: String
Valid values: ovm | xen

The short version of this command is ec2dim.

Syntax
ec2-describe-images [ami_id ...] [-a] [-o owner ...] [-x user_id ...] [[--filter
name=value] ...]

Options
Name Description Required

ami_id The IDs of the AMIs. No

Type: String
Default: Returns all AMIs.
Example: ami-78a54011

-a, --all Describes all AMIs. No

Type: String
Default: None
Example: -a

-o, --owner owner Describes AMIs owned by the specified owner. Multiple No
owner options can be specified. The IDs amazon,
aws-marketplace, and self can be used to include
AMIs owned by Amazon, AMIs owned by AWS
Marketplace, or AMIs owned by you, respectively.
Type: String
Default: None
Valid values: amazon | aws-marketplace | self |
AWS account ID | all
Example: -o self

API Version 2012-06-15

269
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-x, --executable-by Describes AMIs for which the specified user ID has No
user_id explicit launch permissions. The user ID can be an
AWS account ID, self to return AMIs for which the
sender of the request has explicit launch permissions,
or all to return AMIs with public launch permissions.
Type: String
Default: None
Valid values: all | self | AWS account ID
Example: -x self

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

270
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

271
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The IMAGE identifier

• The ID of the image
• The location of the manifest
• The ID of the AWS account that registered the image (or "amazon")
• The status of the image (available, pending, failed)
• The visibility of the image (public or private)
• The product codes, if any, that are attached to the instance
• The architecture of the image (i386 or x86_64)
• The image type (machine, kernel, or ramdisk)
• The ID of the kernel associated with the image (machine images only)
• The ID of the RAM disk associated with the image (machine images only)
• The type of root device (ebs or instance-store)
• The virtualization type (paravirtual or hvm)
• The BLOCKDEVICEMAPPING identifier (AMIs that map one or more Amazon EBS volumes)
• Any tags assigned to the image
• The Hypervisor type (xen or ovm)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes the ami-be3adfd7 AMI.

PROMPT> ec2-describe-images ami-be3adfd7

IMAGE ami-78a54011 amazon/getting-started-with-ebs-boot amazon available
public i386 machine aki-a13667e4 ari-a33667e6 ebs paravirtual xen
BLOCKDEVICEMAPPING /dev/sda1 snap-8eaf78e6 15

Example Request
This example filters the results to display only the public Windows images with an x86_64 architecture.

PROMPT> ec2-describe-images --filter "is-public=true" --filter "architec

ture=x86_64" --filter "platform=windows"
IMAGE ami-dd20c3b4 ec2-public-windows-images/Server2003r2-x86_64-Win-

API Version 2012-06-15

272
Amazon Elastic Compute Cloud CLI Reference
Related Topics

v1.07.manifest.xml amazon available public x86_64 machine

windows instance-store hvm xen
IMAGE ami-0535d66c ec2-public-windows-images/SqlSvrStd2003r2-x86_64-Win-
v1.07.manifest.xml amazon available public x86_64 machine
windows instance-store hvm xen
...

Example Request
This example filters the results to display only images with an AWS Marketplace product code.

PROMPT> ec2-describe-images -F product-code.type=marketplace -o self

IMAGE ami-987654321 089818748305/My MP Image 123456789101
available private [marketplace: a1b2c3d4e5f6g7h8i9j10k11] i386
machine ebs paravirtual xen
BLOCKDEVICEMAPPING /dev/sda1 snap-2de0d457 15 true
BLOCKDEVICEMAPPING /dev/sdb snap-27e0d45d 100 true
...

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeImages

Related Commands
• ec2-describe-image-attribute (p. 262)
• ec2-describe-instances (p. 285)

API Version 2012-06-15

273
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-instance-attribute

ec2-describe-instance-attribute
Description
Describes the specified attribute of an instance. You can specify only one attribute at a time.

The short version of this command is ec2dinatt.

Syntax
ec2-describe-instance-attribute instance_id { --block-device-mapping |
--disable-api-termination | --group-id | --instance-initiated-shutdown-behavior
| --instance-type | --kernel | --product-codes | --ramdisk | --root-device-name
| | --source-dest-check | --user-data }

Options
Name Description Required

instance_id The instance ID. Yes

Type: String
Default: None
Example: i-43a4412a

-b, Describes the mapping that defines native device No

--block-device-m names to use when exposing virtual devices.
apping Type: String
Default: None
Example: -b

--disable-api-termin Whether the instance can be terminated using the No

ation EC2 API. A value of true means you can't terminate
the instance using the API (i.e., the instance is
"locked"); a value of false means you can. You must
modify this attribute before you can terminate any
"locked" instances using the API.
Type: String
Default: None
Example: --disable-api-termination

-g, --group-id Describes the security groups the instance is in. No

Type: String
Default: None
Example: -g

-p, --product-codes Describes the product codes associated with an No

instance. Each product code includes a product code
and type.
Type: String
Default: None
Example: -p

API Version 2012-06-15

274
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

--instance-initiated If an instance shutdown is initiated, this determines No

-shutdown-behavior whether the instance stops or terminates.
Type: String
Default: None
Example: --instance-initiated-shutdown-behavior

-t, --instance-type Describes the instance type of the instance. No

Type: String
Example: -t

--kernel Describes the ID of the kernel associated with the AMI. No

Type: String
Default: None
Example: --kernel

--ramdisk Describes the ID of the RAM disk associated with the No

AMI.
Type: String
Default: None
Example: --ramdisk

--root-device-name Describes the root device name (e.g., /dev/sda1). No

Type: String
Default: None
Example: --root-device-name

--source-dest-check This attribute exists to enable a Network Address No

Translation (NAT) instance in a VPC to perform NAT.
The attribute controls whether source/destination
checking is enabled on the instance. A value of true
means checking is enabled, and false means
checking is disabled. The value must be false for
the instance to perform NAT. For more information,
see NAT Instances in the Amazon Virtual Private
Cloud User Guide.
Type: String
Default: None
Example: --source-dest-check

--user-data Describes any user data made available to the No

instance.
Type: String
Default: None
Example: --user-data

API Version 2012-06-15

275
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

276
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The attribute type identifier

• The ID of the instance
• The attribute or attribute list item value
• The BLOCKDEVICE identifier, the device name, the volume ID, and the timestamp (if the instance has
a block device mapping)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example lists the kernel ID of the i-10a64379 instance.

API Version 2012-06-15

277
Amazon Elastic Compute Cloud CLI Reference
Related Topics

PROMPT> ec2-describe-instance-attribute i-10a64379 --kernel

kernel i-10a64379 aki-f70657b2

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeInstanceAttribute

Related Commands
• ec2-describe-instances (p. 285)
• ec2-modify-instance-attribute (p. 478)
• ec2-reset-instance-attribute (p. 545)

API Version 2012-06-15

278
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-instance-status

ec2-describe-instance-status
Description
Describes the status of an Amazon EC2 instance. Instance status has two main components:

• System Status reports impaired functionality that stems from issues related to the systems that support
an instance, such as such as hardware failures and network connectivity problems. The
DescribeInstanceStatus response elements report such problems as impaired reachability.
• Instance Status reports impaired functionality that arises from problems internal to the instance. The
DescribeInstanceStatus response elements report such problems as impaired reachability.

Instance status provides information about the types of scheduled events for an instance that may require
your attention:

• Scheduled Reboot: When Amazon EC2 determines that an instance must be rebooted, the instance’s
status will return one of two event codes: system-reboot or instance-reboot. System reboot
commonly occurs if certain maintenance or upgrade operations require a reboot of the underlying host
that supports an instance. Instance reboot commonly occurs if the instance must be rebooted, rather
than the underlying host. Rebooting events include a scheduled start and end time.
• Scheduled System Maintenance: When Amazon EC2 determines that an instance requires maintenance
which requires power or network impact, the instance’s status will return an event code called
system-maintenance. System-maintenance is either network maintenance or power maintenance.
For network maintenance, your instance will experience a brief loss of network connectivity. For power
maintenance, your instance will be unavailable for a brief period and then rebooted. System maintenance
events include a scheduled start and end time.You will also be notified by email if one of your instances
is set for system maintenance. The email message indicates when your instance is scheduled for
maintenance.
• Scheduled Retirement: When Amazon EC2 determines that an instance must be shut down, the
instance’s status will return an event code called instance-retirement. Retirement commonly
occurs when the underlying host is degraded and must be replaced. Retirement events include a
scheduled start and end time.You will also be notified by email if one of your instances is set to retiring.
The email message indicates when your instance will be permanently retired.

When your instance is retired, it is either terminated (if its root device type is the instance-store) or stopped
(if its root device type is an EBS volume). Instances stopped due to retirement aren't automatically
restarted, but you can do so manually.You can also avoid retirement of EBS-backed instances by manually
restarting your instance when its event code is instance-retirement. This ensures that your instance
is started on a different underlying host.

DescribeInstanceStatus returns information only for instances in the running state.

You can filter the results to return information only about instances that match criteria you specify. For
example, you could get information about instances in a specific Availability Zone.You can specify multiple
values for a filter (e.g., more than one Availability Zone). An instance must match at least one of the
specified values for it to be included in the results.

You can specify multiple filters (e.g., the instance is in a specific Availability Zone and its status is set to
retiring). An instance must match all the filters for it to be included in the results. If there's no match,
no special message is returned; the response is simply empty.

API Version 2012-06-15

279
Amazon Elastic Compute Cloud CLI Reference
Description

The following table shows the available filters.

Filter Name Description

availability-zone The Availability Zone of the instance.

Type: String

event.code The code identifying the type of event.

Type: String
Valid values: instance-reboot |
system-reboot | system-maintenance
| instance-retirement

event.description A description of the event.

Type: String

event.not-after The latest end time for the scheduled event.

Type: dateType

event.not-before The earliest start time for the scheduled event.

Type: dateType

instance-state-name The intended state of the instance, e.g., running

Type: String

instance-state-code The code for intended state of the instance, e.g.,

16.
Type: Integer

system-status.status The system status of the instance.

Type: String
Valid values: ok | impaired | initializing |
insufficient-data | not-applicable

system-status.reachability Filters on system status where the name is

reachability.
Type: String
Valid values: passed | failed | initializing
| insufficient-data

instance-status.status The status of the instance.

Type: String
Valid values: ok | impaired | initializing |
insufficient-data | not-applicable

instance-status.reachability Filters on instance status where the name is

reachability.
Type: String
Valid values: passed | failed |initializing |
insufficient-data

API Version 2012-06-15

280
Amazon Elastic Compute Cloud CLI Reference
Syntax

The short version of this command is ec2dins.

Syntax
ec2-describe-instance-status [instance_id ...] [-I, --hide-healthy ...] [-A,
--include-all-instances ...] [[--filter name=value] ...]

Options
Name Description Required

instance_id The IDs of the instances No

Type: String
Default: Returns all instances, or only those otherwise
specified.
Example: i-15a4417c

-I, --hide-healthy Hide instances where all status checks pass. No

-A, Describes all running and non-running instances. No

--include-all-instances

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all instances you own or those you
specify by ID.
Example: --filter "system-status.status=impaired"

Common Options
Option Description

API Version 2012-06-15

281
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

282
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The ID for each running instance

• The Availability Zone of each instance
• The state of the instance
• The instance state code
• The system status
• The instance status

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes the current state of the instances owned by your AWS account.

PROMPT> ec2-describe-instance-status

INSTANCE i-6d9eaa0c us-east-1d running 16 running ok

active
SYSTEMSTATUS reachability passed
INSTANCESTATUS reachability passed
INSTANCE i-bf1d7cdc us-east-1d running 16 running ok
active
SYSTEMSTATUS reachability passed
INSTANCESTATUS reachability passed
INSTANCE i-bd1d7cde us-east-1d running 16 running ok
active
SYSTEMSTATUS reachability passed
INSTANCESTATUS reachability passed
INSTANCE i-831d7ce0 us-east-1d running 16 running ok
retiring 2012-01-02T10:00:00+0000
SYSTEMSTATUS reachability passed
INSTANCESTATUS reachability passed
EVENT instance-stop 2012-01-02T10:00:00+0000 The instance

API Version 2012-06-15

283
Amazon Elastic Compute Cloud CLI Reference
Related Topics

is running on degraded hardware

INSTANCE i-6de0fb0e us-east-1d running 16 running ok
retiring 2012-02-10T08:30:00+0000
SYSTEMSTATUS reachability passed
INSTANCESTATUS reachability passed
EVENT instance-retiring 2012-02-10T08:30:00+0000 The instance
is running on degraded hardware
INSTANCE i-5cf7793e us-east-1c running 16 running ok
retiring 2012-01-03T00:00:00+0000
SYSTEMSTATUS reachability passed
INSTANCESTATUS reachability passed
EVENT instance-stop 2012-01-03T00:00:00+0000 The instance
is running on degraded hardware

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeInstanceStatus

Related Commands
• ec2-report-instance-status (p. 529)

API Version 2012-06-15

284
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-instances

ec2-describe-instances
Description
Lists and describes the instances that you own.

If you specify one or more instance IDs, Amazon EC2 returns information for those instances. If you do
not specify instance IDs, Amazon EC2 returns information for all relevant instances. If you specify an
invalid instance ID, an error is returned. If you specify an instance that you do not own, it will not be
included in the returned results.

Recently terminated instances might appear in the returned results. This interval is usually less than one
hour.

You can filter the results to return information only about instances that match criteria you specify. For
example, you could get information about only instances launched with a certain key pair.You can specify
multiple values for a filter (e.g., the instance was launched with either key pair A or key pair B). An instance
must match at least one of the specified values for it to be included in the results.

You can specify multiple filters (e.g., the instance was launched with a certain key pair and uses an
Amazon EBS volume as the root device). An instance must match all the filters for it to be included in the
results. If there's no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

architecture The instance architecture.

Type: String
Valid values: i386 | x86_64

availability-zone The Availability Zone of the instance.

Type: String

block-device-mapping.attach-time The attach time for an Amazon EBS volume

mapped to the instance, e.g.,
2010-09-15T17:15:20.000Z
Type: xsd:dateTime

block-device-mapping.delete-on-termination Indicates whether the Amazon EBS volume is

deleted on instance termination.
Type: Boolean

block-device-mapping.device-name The device name (for example, /dev/sdh) for an

Amazon EBS volume mapped to the instance.
Type: String

API Version 2012-06-15

285
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

block-device-mapping.status The status for an Amazon EBS volume mapped to

the instance.
Type: String
Valid values: attaching | attached | detaching
| detached

block-device-mapping.volume-id The ID of an Amazon EBS volume mapped to the

instance.
Type: String

client-token The idempotency token you provided when you

launched the instance.
Type: String

dns-name The public DNS name of the instance.

Type: String

group-id The ID of a EC2 security group the instance is in.

This filter does not work for VPC security groups
(instead, use instance.group-id).
Type: String

group-name The name of a EC2 security group the instance is

in. This filter does not work for VPC security groups
(instead, use instance.group-name).
Type: String

image-id The ID of the image used to launch the instance.

Type: String

instance-id The ID of the instance.

Type: String

instance-lifecycle Indicates whether this is a Spot Instance.

Type: String
Valid values: spot

instance-state-code A code representing the state of the instance. The

high byte is an opaque internal value and should
be ignored. The low byte is set based on the state
represented
Type: Integer (16-bit unsigned integer)
Valid values: 0 (pending) | 16 (running) | 32
(shutting-down) | 48 (terminated) | 64 (stopping) |
80 (stopped)

instance-state-name The state of the instance.

API Version 2012-06-15

286
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

instance-type The type of instance (for example, m1.small).

Type: String

instance.group-id The ID of a VPC security group the instance is in.

This filter does not work for EC2 security groups
(instead, use group-id).
Type: String

instance.group-name The name of a VPC security group the instance is

in. This filter does not work for EC2 security groups
(instead, use group-name).
Type: String

ip-address The public IP address of the instance.

Type: String

kernel-id The kernel ID.

Type: String

key-name The name of the key pair used when the instance
was launched.
Type: String

launch-index When launching multiple instances, this is the index

for the instance in the launch group (e.g., 0, 1, 2,
etc.).
Type: String

launch-time The time the instance was launched, e.g.,

2010-08-07T11:54:42.000Z.
Type: xsd:dateTime

monitoring-state Indicates whether monitoring is enabled for the

instance.
Type: String
Valid values: disabled | enabled

owner-id The AWS account ID of the instance owner.

Type: String

placement-group-name The name of the placement group the instance is

in.
Type: String

platform The platform. Use windows if you have Windows

based instances; otherwise, leave blank.
Type: String
Valid value: windows

private-dns-name The private DNS name of the instance.

Type: String

API Version 2012-06-15

287
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

private-ip-address The private IP address of the instance.

Type: String

product-code The product code associated with the AMI used to

launch the instance.
Type: String

product-code.type The type of product code.

Type: String
Valid values: devpay | marketplace

ramdisk-id The RAM disk ID.

Type: String

reason The reason for the current state of the instance

(e.g., shows "User Initiated [date]" when you stop
or terminate the instance). Similar to the
state-reason-code filter.
Type: String

requester-id The ID of the entity that launched the instance on

your behalf (e.g., AWS Management Console, Auto
Scaling, etc.)
Type: String

reservation-id The ID of the instance's reservation. A reservation

ID is created any time you launch an instance. A
reservation ID has a one-to-one relationship with
an instance launch request, but can be associated
with more than one instance if you launch multiple
instances using the same launch request. For
example, if you launch one instance, you’ll get one
reservation ID. If you launch ten instances using
the same launch request, you’ll also get one
reservation ID.
Type: String

root-device-name The name of the root device for the instance (e.g.,
/dev/sda1).
Type: String

root-device-type The type of root device the instance uses.

Type: String
Valid values: ebs | instance-store

source-dest-check Indicates whether the instance performs

source/destination checking. A value of true
means checking is enabled, and false means
checking is disabled. The value must be false for
the instance to perform Network Address
Translation (NAT) in your VPC.
Type: Boolean

API Version 2012-06-15

288
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

spot-instance-request-id The ID of the Spot Instance request.

Type: String

state-reason-code The reason code for the state change.

Type: String

state-reason-message A message that describes the state change.

Type: String

subnet-id The ID of the subnet the instance is in (if using

Amazon Virtual Private Cloud).
Type: String

tag-key The key of a tag assigned to the resource. This

tag-value The value of a tag assigned to the resource. This

filter is independent of the tag-key filter.
Type: String

tag:key Filters the results based on a specific tag/value

virtualization-type The virtualization type of the instance.

Type: String
Valid values: paravirtual | hvm

vpc-id The ID of the VPC the instance is in (if using

Amazon Virtual Private Cloud).
Type: String

hypervisor The hypervisor type of the instance.

Type: String
Valid values: ovm | xen

API Version 2012-06-15

289
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

network-interface.description The description of the network interface (available

only in Amazon Virtual Private Cloud).
Type: String

network-interface.subnet-id The ID of the subnet of the network interface

(available only in Amazon Virtual Private Cloud).
Type: String

network-interface.vpc-id The ID of the Amazon VPC of the network interface.

(available only in Amazon Virtual Private Cloud).
Type: String

network-interface.network-interface.id The ID of the network interface(available only in

Amazon Virtual Private Cloud).
Type: String

network-interface.owner-id The ID of the owner of the network interface

(available only in Amazon Virtual Private Cloud).
Type: String

network-interface.availability-zone The availability zone of the network interface

(available only in Amazon Virtual Private Cloud).
Type: String

network-interface.requester-id The requester ID of the network interface(available

only in Amazon Virtual Private Cloud).
Type: String

network-interface.requester-managed Indicates whether the network interface is being

managed by an AWS service (e.g.,
AWSManagement Console, Auto Scaling, etc).This
filter is available only in Amazon Virtual Private
Cloud.
Type: Boolean

network-interface.status The status of the network interface (available only

in Amazon Virtual Private Cloud).
Type: String
Valid Values: available | in-use

network-interface.mac-address The MAC address of the network interface

(available only in Amazon Virtual Private Cloud).
Type: String
Valid Values: available | in-use

network-interface-private-dns-name The private DNS name of the network interface

(available only in Amazon Virtual Private Cloud).
Type: String

API Version 2012-06-15

290
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

network-interface.source-destination-check Whether the network interface performs

source/destination checking. A value of true means
checking is enabled, and false means checking is
disabled. The value must be false for the network
interface to perform Network Address Translation
(NAT) in your VPC (available only in Amazon
Virtual Private Cloud).
Type: Boolean

network-interface.group-id The ID of a VPC security group associated with the

network interface (available only in Amazon Virtual
Private Cloud).
Type: String

network-interface.group-name The name of a VPC security group associated with

the network interface (available only in Amazon
Virtual Private Cloud).
Type: String

network-interface.attachment.attachment-id The ID of the interface attachment (available only

in Amazon Virtual Private Cloud).
Type: String

network-interface.attachment.instance-id The ID of the instance to which the network

interface is attached (available only in Amazon
Virtual Private Cloud).
Type: String

network-interface.attachment.instance-owner-id The owner ID of the instance to which the network

interface is attached (available only in Amazon
Virtual Private Cloud).
Type: String

network-interface.addresses.private-ip-address The private IP address associated with the network

interface (available only in Amazon Virtual Private
Cloud).
Type: String

network-interface.attachment.device-index The device index to which the network interface is

attached (available only in Amazon Virtual Private
Cloud).
Type: Integer

network-interface.attachment.status The status of the attachment. (available only in

Amazon Virtual Private Cloud).
Type: String
Valid values: attaching | attached | detaching |
detached

network-interface.attachment.attach-time The time that the network interface was attached

to an instance (available only in Amazon Virtual
Private Cloud).
Type: Date

API Version 2012-06-15

291
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

network-interface.attachment.delete-on-termination Specifies whether the attachment is deleted when

an instance is terminated (available only in Amazon
Virtual Private Cloud).
Type: Boolean

network-interface.addresses.primary Specifies whether the IP address of the network

interface is the primary private IP address (available
only in Amazon Virtual Private Cloud).
Type: Boolean

network-interface.addresses.association.public-ip The ID representing the association of a VPC

Elastic IP address with a network interface in a
VPC(available only in Amazon Virtual Private
Cloud).
Type: String

network-interface.addresses.association.ip-owner-id The owner ID of the private IP address associated

with the network interface (available only in Amazon
Virtual Private Cloud).
Type: String

association.public-ip The address of the Elastic IP address bound to the

network interface (available only in Amazon Virtual
Private Cloud).
Type: String

association.ip-owner-id The owner of the Elastic IP address associated

with the network interface (available only in Amazon
Virtual Private Cloud).
Type: String

association.allocation-id The allocation ID that AWS returned when you

allocated the Elastic IP address for your network
interface (available only in Amazon Virtual Private
Cloud).
Type: String

association.association-id The association ID returned when the network

interface was associated with an IP address
(available only in Amazon Virtual Private Cloud).
Type: String

The short version of this command is ec2din.

Syntax
ec2-describe-instances [instance_id ...] [[--filter name=value] ...]

API Version 2012-06-15

292
Amazon Elastic Compute Cloud CLI Reference
Options

Options
Name Description Required

instance_id The IDs of the instances. No

Type: String
Default: Returns all instances, or only those otherwise
specified.
Example: i-15a4417c

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all instances you own or those you
specify by ID.
Example: --filter "tag-key=Production"

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

293
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

294
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The RESERVATION identifier

• The ID of the reservation
• The AWS account ID
• The name of each security group the instance is in (for instances not running in a VPC)
• The INSTANCE identifier
• The ID of each running instance
• The AMI ID of the image on which the instance is based
• The public DNS name associated with the instance. This is only present for instances in the running
state.
• The private DNS name associated with the instance. This is only present for instances in the running
state.
• The state of the instance
• The key name. If a key was associated with the instance at launch, its name will appear.
• The AMI launch index
• The product codes associated with the instance
• The instance type
• The instance launch time
• The Availability Zone
• The ID of the kernel
• The ID of the RAM disk
• The monitoring state
• The public IP address
• The private IP addresses associated with the instance. Multiple private IP addresses are only available
in Amazon VPC.
• The tenancy of the instance (if the instance is running within a VPC). An instance with a tenancy of
dedicated runs on single-tenant hardware.
• The subnet ID (if the instance is running in a VPC)
• The VPC ID (if the instance is running in a VPC)
• The type of root device (ebs or instance-store)
• The placement group the cluster instance is in
• The virtualization type (paravirtual or hvm)
• The ID of each security group the instance is in (for instances running in a VPC)
• Any tags assigned to the instance
• The hypervisor type (xen or ovm)
• The BLOCKDEVICE identifier of each Amazon EBS volume the instance is using, along with the device
name, volume ID, and timestamp

API Version 2012-06-15

295
Amazon Elastic Compute Cloud CLI Reference
Examples

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes the current state of the instances owned by your AWS account.

PROMPT> ec2-describe-instances

RESERVATION r-705d5818 111122223333 default

INSTANCE i-53cb5b38 ami-b232d0db ec2-184-73-10-99.compute-
1.amazonaws.com domU-12-31-39-00-A5-11.compute-1.internal running
0 m1.small 2010-04-07T12:49:28+0000 us-east-1a aki-94c527fd
ari-96c527ff monitoring-disabled 184.73.10.99
10.254.170.223 ebs paravirtual xen
BLOCKDEVICE /dev/sda1 vol-a36bc4ca 2010-04-07T12:28:01.000Z
BLOCKDEVICE /dev/sdb vol-a16bc4c8 2010-04-07T12:28:01.000Z
RESERVATION r-705d5818 111122223333 default
INSTANCE i-39c85852 ami-b232d0db terminated gsg-keypair
0 m1.small 2010-04-07T12:21:21+0000 us-east-1a
aki-94c527fd ari-96c527ff monitoring-disabled
ebs paravirtual xen
RESERVATION r-9284a1fa 111122223333 default
INSTANCE i-996fc0f2 ami-3c47a355 ec2-184-73-195-182.compute-
1.amazonaws.com domU-12-31-39-09-25-62.compute-1.internal running keypair
0 m1.small 2010-03-17T13:17:41+0000 us-east-1a
aki-a71cf9ce ari-a51cf9cc monitoring-disabled 184.73.195.182
10.210.42.144 instance-store paravirtual xen

Example Request
This example filters the results to display only the m1.small or m1.large instances that have an Amazon
EBS volume that is both attached and set to delete on termination.

PROMPT> ec2-describe-instances --filter "instance-type=m1.small" --filter "in

stance-type=m1.large" --filter "block-device-mapping.status=attached" --filter
"block-device-mapping.delete-on-termination=true"
RESERVATION r-bc7e30d7 111122223333 default
INSTANCE i-c7cd56ad ami-b232d0db ec2-72-44-52-124.compute-
1.amazonaws.com domU-12-31-39-01-76-06.compute-1.internal running
GSG_Keypair 0 m1.small 2010-08-17T01:15:16+0000
us-east-1b aki-94c527fd ari-96c527ff monitoring-
disabled 72.44.52.124 10.255.121.240 ebs paravirtual
xen
BLOCKDEVICE /dev/sda1 vol-a482c1cd 2010-08-17T01:15:26.000Z

Example Request
This example describes all instances that are running only in Amazon VPC.

PROMPT> ec2-describe-instances --filter "vpc-id=*"

RESERVATION r-e249f4b6 053230519467
INSTANCE i-e0841fb4 ami-1cd4924e running MyVPCKey

API Version 2012-06-15

296
Amazon Elastic Compute Cloud CLI Reference
Examples

0 c1.medium 2012-06-26T02:26:55+0000 ap-south east-1b windows

monitoring-disabled 10.0.1.152
vpc-f28a359b subnet-cd8a35a4 ebs hvm xen
wEdGG1340677614452 sg-dc4c51b0 default
BLOCKDEVICE /dev/sda1 vol-9ad2e0f8 2012-06-26T02:27:17.000Z true
NIC eni-69ce7500 subnet-cd8a35a4 vpc-f28a359b 053230519467 in-use
10.0.1.152 true
NICATTACHMENT eni-attach-696ba300 0 attached 2012-06-
25T19:26:55-0700 true
GROUP sg-dc4c51b0 quick-start-2
PRIVATEIPADDRESS 10.0.1.152
PRIVATEIPADDRESS 10.0.1.12
TAG instance i-e0841fb4 Name
RESERVATION r-2c9b2478 053230519467
INSTANCE i-886401dc ami-3c0b4a6e running 203.0.113.12 MyVPCkey
0 c1.medium 2012-06-27T20:08:44+0000 ap-south east-1b aki-
fe1354ac monitoring-disabled 10.0.1.233
vpc-f28a359b subnet-cd8a35a4 ebs paravirtual xen CQTYZ1340827723361
sg-a2a0b2ce default
BLOCKDEVICE /dev/sda1 vol-42373620 2012-06-27T20:09:01.000Z true
NIC eni-a66ed5cf subnet-cd8a35a4 vpc-f28a359b 053230519467 in-use
10.0.1.233 true
NICATTACHMENT eni-attach-a99c57c0 0 attached 2012-06-
27T13:08:44-0700 true
GROUP sg-a2a0b2ce quick-start-1
PRIVATEIPADDRESS 10.0.1.233
PRIVATEIPADDRESS 10.0.1.20
TAG instance i-886401dc Name LAMI-C1

Example Request
This example describes any instances with a network interface that have a private IP address of 10.0.0.120.

PROMPT> ec2-describe-instances --filter "network-interface.addresses.private-

ip-address=10.0.0.120"
RESERVATION r-24993a70 013274050172
INSTANCE i-6e21ad3a ami-be3374ec running 0 m1.medium
2012-06-07T10:50:27+0000 ap-southeast-1a aki-fe1354ac monitoring-
disabled 10.0.0.98
vpc-4507bb2c subnet-2407bb4d ebs paravirtual xen sg-a5bfadc9
default
BLOCKDEVICE /dev/sda1 vol-b24be7d0 2012-06-07T10:50:47.000Z
true
NIC eni-3aff4053 subnet-2407bb4d vpc-4507bb2c 013274050172 in-use
10.0.0.98 true
NICATTACHMENT eni-attach-0727e96e 0 attached 2012-06-
07T12:50:27+0200 true
GROUP sg-a5bfadc9 default
PRIVATEIPADDRESS 10.0.0.98
PRIVATEIPADDRESS 10.0.0.120

API Version 2012-06-15

297
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeInstances

Related Commands
• ec2-run-instances (p. 568)
• ec2-start-instances (p. 579)
• ec2-stop-instances (p. 583)
• ec2-terminate-instances (p. 587)

API Version 2012-06-15

298
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-internet-gateways

ec2-describe-internet-gateways
Description
Describes your Internet gateways. You can filter the results to return information only about Internet
gateways that match criteria you specify. For example, you could get information only about gateways
with particular tags. The Internet gateway must match at least one of the specified values for it to be
included in the results.

You can specify multiple filters (e.g., the Internet gateway is attached to a particular VPC and is tagged
with a particular value). The result includes information for a particular Internet gateway only if the gateway
matches all your filters. If there's no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

attachment.state The current state of the attachment between the gateway and the VPC.
Returned only if a VPC is attached.
Type: String
Valid value: available

attachment.vpc-id The ID of an attached VPC.

Type: String

internet-gateway-id The ID of the Internet gateway.

Type: String

tag-value The value of a tag assigned to the resource. This filter is independent of the
tag-key filter.
Type: String

tag:key Filters the results based on a specific tag/value combination.

API Version 2012-06-15

299
Amazon Elastic Compute Cloud CLI Reference
Syntax

For more information about Amazon Virtual Private Cloud and Internet gateways, see the Amazon Virtual
Private Cloud User Guide.

The short version of this command is ec2digw.

Syntax
ec2-describe-internet-gateways [internet_gateway_id ...] [[--filter name=value]
...]

Options
Name Description Required

internet_gateway_id The IDs of the internet gateways. No

Type: String
Default: Returns all Internet gateways, or only those
otherwise specified.
Example: igw-15a4417c

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all Internet gateways you own or
those you specify by ID.
Example: --filter "tag-key=Production"

Common Options
Option Description

API Version 2012-06-15

300
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

301
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The INTERNETGATEWAY identifier

• The ID of the Internet gateway
• The ATTACHMENT identifier
• The ID of the VPC (if the gateway is attached to a VPC)
• The state of the attachment (attaching, attached, detaching, detached)
• Any tags assigned to the Internet gateway

Examples
Example Request
This example describes your Internet gateways.

PROMPT> ec2-describe-internet-gateways
INTERNETGATEWAY igw-dfa045b6
ATTACHMENT vpc-d9a045b0 available

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeInternetGateways

Related Commands
• ec2-detach-internet-gateway (p. 34)

API Version 2012-06-15

302
Amazon Elastic Compute Cloud CLI Reference
Related Topics

• ec2-create-internet-gateway (p. 96)

• ec2-delete-internet-gateway (p. 172)
• ec2-detach-internet-gateway (p. 418)

API Version 2012-06-15

303
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-keypairs

ec2-describe-keypairs
Description
Describes the key pairs available to you. If you specify key pairs, information about those key pairs is
returned. Otherwise, information for all your key pairs is returned.

You can filter the results to return information only about key pairs that match criteria you specify. For
example, you could filter the results to return only the key pairs whose names include the string Dave.
You can specify multiple values for a filter. A key pair must match at least one of the specified values for
it to be included in the results.

You can specify multiple filters (e.g., the key pair name includes the string Dave, and the fingerprint equals
a certain value). The result includes information for a particular key pair only if it matches all your filters.
If there's no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

fingerprint The fingerprint of the key pair.

Type: String

key-name The name of the key pair.

Type: String

The short version of this command is ec2dkey.

Syntax
ec2-describe-keypairs [keypair_name ...] [[--filter name=value] ...]

Options
Name Description Required

keypair_name The name of the key pair. No

Type: String
Default: Describes all key pairs you own, or only those
otherwise specified.
Example: gsg-keypair

API Version 2012-06-15

304
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all key pairs you own, or only those
otherwise specified.
Example: --filter "tag-name=*Dave*"

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

305
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The KEYPAIR identifier

• The key pair name

API Version 2012-06-15

306
Amazon Elastic Compute Cloud CLI Reference
Examples

• The private key fingerprint

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes the keypair with name gsg-keypair.

PROMPT> ec2-describe-keypairs gsg-keypair

KEYPAIR gsg-keypair
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Example Request
This example filters the results to display only key pairs whose names include the string Dave.

PROMPT> ec2-describe-keypairs --filter "key-name=Dave"

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeKeyPairs

Related Commands
• ec2-create-keypair (p. 99)
• ec2-delete-keypair (p. 175)
• ec2-import-keypair (p. 458)

API Version 2012-06-15

307
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-network-acls

ec2-describe-network-acls
Description
Describes the network ACLs in your VPC.

You can filter the results to return information only about ACLs that match criteria you specify. For example,
you could get information only for the ACL associated with a particular subnet. The ACL must match at
least one of the specified values for it to be included in the results.

You can specify multiple filters (e.g., the ACL is associated with a particular subnet and has an egress
entry that denies traffic to a particular port). The result includes information for a particular ACL only if it
matches all your filters. If there's no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

association.association-id The ID of an association ID for the ACL.

Type: String

association.network-acl-id The ID of the network ACL involved in the

association.
Type: String

association.subnet-id The ID of the subnet involved in the association.

Type: String

default Indicates whether the ACL is the default network

ACL in the VPC.
Type: Boolean

entry.cidr The CIDR range specified in the entry.

Type: String

entry.egress Indicates whether the entry applies to egress traffic.

Type: Boolean

entry.icmp.code The ICMP code specified in the entry, if any.

Type: Integer

entry.icmp.type The ICMP type specified in the entry, if any.

Type: Integer

entry.port-range.from The start of the port range specified in the entry.

Type: Integer

entry.port-range.to The end of the port range specified in the entry.

Type: Integer

API Version 2012-06-15

308
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

entry.protocol The protocol specified in the entry.

Type: String
Valid values: tcp | udp | icmp or a protocol number

entry.rule-action Indicates whether the entry allows or denies the

matching traffic.
Type: String
Valid Values: allow | deny

entry.rule-number The number of an entry (i.e., rule) in the ACL's set

of entries.
Type: Integer

network-acl-id The ID of the network ACL.

Type: String

tag-key The key of a tag assigned to the resource. This

tag-value The value of a tag assigned to the resource. This

filter is independent of the tag-key filter.
Type: String

tag:key Filters the results based on a specific tag/value

vpc-id The ID of the VPC the network ACL is in.

Type: String

For more information about Amazon Virtual Private Cloud and network ACLs, see Network ACLs in the
Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2dnacl.

API Version 2012-06-15

309
Amazon Elastic Compute Cloud CLI Reference
Syntax

Syntax
ec2-describe-network-acls [network_acl_id...] [[--filter name=value] ...]

Options
Name Description Required

network_acl_id The IDs of the network ACLs. No

Type: String
Default: Describes all network ACLs in the
VPC, or only those otherwise specified.
Example: acl-7aa34613

-F, --filter name=value A filter for limiting the results. See the No
preceding table for a list of allowed filter names
and values. You need to use quotation marks
if the value string has a space (e.g.,
"name=value example"). If you're using the
command line tools on a Windows system, you
might need to use quotation marks, even when
there is no space in the value string (e.g.,
"name=value").
Type: String
Default: Describes all network ACLs in the
VPC, or only those otherwise specified.
Example: --filter "tag-key=Production"

Common Options
Option Description

API Version 2012-06-15

310
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

311
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The NETWORKACL, ENTRY, ASSOCIATION identifier

• The network ACL's ID, the VPC ID the ACL is in, and whether the ACL is the default ACL in the VPC
• The entries (i.e., rules) contained in the ACL
• Associations between the ACL and any subnets
• Any tags assigned to the ACL

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes all the network ACLs in your VPC.

PROMPT> ec2-describe-network-acls
NETWORKACL acl-5566953c vpc-5266953b default
ENTRY egress 100 allow 0.0.0.0/0 all
ENTRY egress 32767 deny 0.0.0.0/0 all
ENTRY ingress 100 allow 0.0.0.0/0 all
ENTRY ingress 32767 deny 0.0.0.0/0 all
NETWORKACL acl-5d659634 vpc-5266953b
ENTRY egress 110 allow 0.0.0.0/0 6 49152 65535
ENTRY egress 32767 deny 0.0.0.0/0 all
ENTRY ingress 110 allow 0.0.0.0/0 6 80 80
ENTRY ingress 120 allow 0.0.0.0/0 6 443 443
ENTRY ingress 32767 deny 0.0.0.0/0 all
ASSOCIATION aclassoc-5c659635 subnet-ff669596
ASSOCIATION aclassoc-c26596ab subnet-f0669599

API Version 2012-06-15

312
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeNetworkAcls

Related Commands
• ec2-create-network-acl (p. 103)
• ec2-delete-network-acl (p. 178)
• ec2-replace-network-acl-association (p. 514)
• ec2-create-network-acl-entry (p. 106)
• ec2-delete-network-acl-entry (p. 181)
• ec2-replace-network-acl-entry (p. 517)

API Version 2012-06-15

313
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-network-interface-attribute

ec2-describe-network-interface-attribute
Description
Describes a network interface attribute. Only one attribute can be specified per call.

The short version of this command is ec2dnicatt.

Syntax
ec2-describe-network-interface-attribute NETWORKINTERFACE -d, --description
--source-dest-check --group-set -a, --attachment

Options
Name Description Required

-d, --description Describes the network interface. Yes

Type: String

--source-dest-check Whether to enable the source/dest check on traffic Yes

through this network interface.
Type: String

--group-set Describes the security groups for the network interface. Yes
Type: String

-a, --attachment Describes the attachment (if any) of the network Yes
interface.
Type: String

Common Options
Option Description

API Version 2012-06-15

314
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

315
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns the specified network interface attribute.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example lists the network interface's description.

PROMPT> ec2-describe-network-interface-attribute eni-b35da6da -d

NETWORKINTERFACE eni-b35da6da description
DESCRIPTION My ENI

This example enables source/destination checking on traffic across the specified network interface.

PROMPT> ec2-describe-network-interface-attribute eni-b35da6da --source-dest-

check
NETWORKINTERFACE eni-b35da6da sourceDestCheck
SOURCEDESTCHECK true

This example lists the security groups for the specified network interface.

PROMPT> ec2-describe-network-interface-attribute eni-b35da6da --group-set

NETWORKINTERFACE eni-b35da6da group
GROUP sg-8ea1bce2 default

Related Topics
Download
• Getting Started with the Command Line Tools

API Version 2012-06-15

316
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Action
• DescribeNetworkInterfaceAttribute

Related Commands
• ec2-create-network-interface (p. 111)
• ec2-delete-network-interface (p. 185)
• ec2-describe-network-interfaces (p. 318)
• ec2-attach-network-interface (p. 37)
• ec2-detach-network-interface (p. 421)
• ec2-modify-network-interface-attribute (p. 483)
• ec2-reset-network-interface-attribute (p. 549)

API Version 2012-06-15

317
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-network-interfaces

ec2-describe-network-interfaces
Description
Describes one or more network interfaces. The NETWORKINTERFACE parameters, if specified, are the
IDs of the network interfaces to describe.

The short version of this command is ec2dnic.

You can filter the results to return information only about network interfaces that match criteria you specify.
For example, you could get information about only network interfaces launched in a specific Availability
Zone.You can specify multiple values for a filter (e.g., more than one Availability Zone). A network interface
must match at least one of the specified values for it to be included in the results.

You can specify multiple filters (e.g., the network interface is in a specific Availability Zone, and its owner
ID matches a specific owner ID). A network interface must match all the filters for it to be included in the
results. If there's no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

addresses.private-ip-address The private IP addresses associated with the

network interface.
Type: String

addresses.primary Whether the private IP address is the primary IP

address associated with the network interface.
Type: Boolean
Valid Values: true | false

addresses.association.public-ip The association ID returned when the network

interface was associated with the Elastic IP
address.
Type: String

addresses.association.owner-id The owner ID of the addresses associated with the

network interface.
Type: String

association.association-id The association ID returned when the network

interface was associated with an IP address.
Type: String

association.allocation-id The allocation ID that AWS returned when you

allocated the Elastic IP address for your network
interface.
Type: String

API Version 2012-06-15

318
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

association.ip-owner-id The owner of the Elastic IP address associated

with the network interface.
Type: String

association.public-ip The address of the Elastic IP address bound to the

network interface.
Type: String

attachment.attachment-id The ID of the interface attachment.

Type: String

attachment.instance-id The ID of the instance to which the network

interface is attached.
Type: String

attachment.instance-owner-id The owner ID of the instance to which the network

interface is attached.
Type: String

attachment.device-index The device index to which the network interface is

attached.
Type: Integer

attachment.status The status of the attachment.

Type: String
Valid values: attaching | attached |
detaching | detached

attachment.attach.time The time that the network interface was attached

to an instance.
Type: Date

attachment.delete-on-termination Indicates whether the attachment is deleted when

an instance is terminated.
Type: Boolean

availability-zone The Availability Zone of the network interface.

Type: String

description The description of the network interface.

Type: String

group-id The ID of a VPC security group associated with the

network interface.
Type: String

group-name The name of a VPC security group associated with

the network interface.
Type: String

mac-address The MAC address of the network interface.

Type: String

API Version 2012-06-15

319
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

network-interface-id The ID of the network interface.

Type: String

owner-id The AWS account ID of the network interface

owner.
Type: String

private-ip-address The private IP address or addresses of the network

interface.
Type: String

private-dns-name The private DNS name of the network interface.

Type: String

requester-id The ID of the entity that launched the instance on

your behalf (e.g., AWS Management Console, Auto
Scaling, etc.).
Type: String

requester-managed Indicates whether the network interface is being

managed by an AWS service (e.g., AWS
Management Console, Auto Scaling, etc).
Type: Boolean

source-dest-check Indicates whether the network interface performs

source/destination checking. A value of true
means checking is enabled, and false means
checking is disabled. The value must be false for
the network interface to perform Network Address
Translation (NAT) in your VPC.
Type: Boolean

status The status of the network interface. If the network

interface is not attached to an instance, the status
shows available; if a network interface is
attached to an instance the status shows in-use.
Type: String
Valid values: available | in-use

subnet-id The ID of the subnet that the network interface is

in.
Type: String

API Version 2012-06-15

320
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

tag-key The key of a tag assigned to the resource. This

tag-value The value of a tag assigned to the resource. This

filter is independent of the tag-key filter.
Type: String

tag:key Filters the results based on a specific tag/value

vpc-id The ID of the VPC that the network interface is in.

Type: String

Syntax
ec2-describe-network-interfaces --filter FILTER

Options
Name Description Required

API Version 2012-06-15

321
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

322
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
The command lists information about the specified network interfaces.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example lists all network interfaces that you own.

PROMPT> ec2-describe-network-interfaces
NETWORKINTERFACE eni-5e318a37 subnet-c53c87ac vpc-cc3c87a5
ap-southeast-1b 053230519467 false in-use 02:81:60:c7:15:3d
10.0.0.79 true
GROUP sg-084b5664 quick-start-4 ATTACHMENT i-5a0f6b0e eni-attach-
59bf7430 attached true
PRIVATEIPADDRESS 10.0.0.79
PRIVATEIPADDRESS 10.0.0.183
PRIVATEIPADDRESS 10.0.0.184

API Version 2012-06-15

323
Amazon Elastic Compute Cloud CLI Reference
Related Topics

NETWORKINTERFACE eni-236dd74a My ENI subnet-c88a35a1 vpc-f28a359b

ap-southeast-1a 053230519467 false available 02:78:d7:32:3f:ba
10.0.0.117 true
GROUP sg-854954e9 LinxuxGroup
PRIVATEIPADDRESS 10.0.0.117
NETWORKINTERFACE eni-69ce7500 Primary network interface subnet-
c
d8a35a4 vpc-f28a359b ap-southeast-1b 053230519467 false in-use
02:78:d7:18:ad:f0 10.0.1.152 true GROUP sg-dc4c51b0
quick-start-2
ATTACHMENT i-e0841fb4 eni-attach-696ba300 attached true
PRIVATEIPADDRESS 10.0.1.152
PRIVATEIPADDRESS 10.0.1.12
NETWORKINTERFACE eni-f25de69b subnet-c88a35a1 vpc-f28a359b
ap-southeast-1a 053230519467 false in-use 02:78:d7:2d:16:5b
10.0.0.133 true

This example filters for a network interface with the private IP address of 10.0.0.26.

PROMPT> ec2-describe-network-interfaces --filter "addresses.private-ip-ad

dress=10.0.0.26"
NETWORKINTERFACE eni-4cba0725 subnet-73ba071a vpc-6bba0702
ap-southeast-1b 013274050172 false available
02:75:3f:8e:3a:d3 10.0.0.26 true
GROUP sg-8fb3a1e3 default ASSOCIATION 203.0.113.12 013274050172
eipassoc-f008b799 10.0.0.26
PRIVATEIPADDRESS 10.0.0.26

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeNetworkInterfaces

Related Commands
• ec2-create-network-interface (p. 111)
• ec2-delete-network-interface (p. 185)
• ec2-describe-network-interface-attribute (p. 314)
• ec2-attach-network-interface (p. 37)
• ec2-detach-network-interface (p. 421)
• ec2-modify-network-interface-attribute (p. 483)
• ec2-reset-network-interface-attribute (p. 549)

API Version 2012-06-15

324
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-placement-groups

ec2-describe-placement-groups
Description
Describes the placement groups in your account. For more information about placement groups and
cluster instances, see Using Cluster Instances in the Amazon Elastic Compute Cloud User Guide.

You can filter the results to return information only about placement groups that match criteria you specify.
For example, you could filter the results to return only the groups whose state is deleted.You can specify
multiple values for a filter. A placement group must match at least one of the specified values for it to be
included in the results.

You can specify multiple filters (e.g., the group's state is deleted and the name includes the string
Project). The result includes information for a particular group only if it matches all your filters. If there's
no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

group-name The name of the placement group.

Type: String

state The state of the placement group.

Type: String
Valid values: pending | available | deleting | deleted

strategy The strategy of the placement group.

Type: String
Valid value: cluster

The short version of this command is ec2dpgrp.

ec2-describe-placement-groups [group_name] [[--filter name=value] ...]

Options
Name Description Required

group_name The name of the placement group. No

Type: String
Default: Describes all placement groups you own, or
only those otherwise specified.
Example: XYZ-cluster

API Version 2012-06-15

325
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all placement groups you own, or
only those otherwise specified.
Example: --filter "group-name=*Project*"

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

326
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns the following information:

• The PLACEMENTGROUP identifier

• The name of the placement group

API Version 2012-06-15

327
Amazon Elastic Compute Cloud CLI Reference
Examples

• The placement group strategy

• The status of the placement group (e.g., pending, available, deleting, deleted)

Examples
Example Request
This example describes all your placement groups.

PROMPT> ec2-describe-placement-groups
PLACEMENTGROUP XYZ-cluster cluster available
PLACEMENTGROUP ABC-cluster cluster available

Example Request
This example filters the results to display only placement groups that include the string Project in the
name.

PROMPT> ec2-describe-placement-groups --filter "group-name=Project"

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribePlacementGroups

Related Commands
• ec2-create-placement-group (p. 116)
• ec2-delete-placement-group (p. 188)

API Version 2012-06-15

328
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-regions

ec2-describe-regions
Description
Describes Regions that are currently available to the account.

You can use filters with this call just as you can with other "describe" calls.

The following table shows the available filters.

Filter Name Description

endpoint The endpoint of the Region (e.g., ec2.us-east-1.amazonaws.com).

Type: String

region-name The name of the Region.

Type: String

The short version of this command is ec2dre.

Syntax
ec2-describe-regions [region...] [[--filter name=value] ...]

Options
Name Description Required

region The name of a Region. No

Type: String
Default: Describes all Regions, or only those otherwise
specified.
Example: eu-west-1

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all Regions, or those otherwise
specified.
Example: --filter "endpoint=*ap*"

API Version 2012-06-15

329
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

330
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The REGION identifier

• The name of the Region
• The service endpoint to which you make requests

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example displays information about all the Regions that are available to the account.

PROMPT> ec2-describe-regions
REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com
REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com
..

API Version 2012-06-15

331
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Example Request
This example displays information about all Regions that have the string ap in the endpoint.

PROMPT> ec2-describe-regions --filter "endpoint=ap"

REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeRegions

Related Commands
• ec2-describe-availability-zones (p. 231)
• ec2-run-instances (p. 568)

API Version 2012-06-15

332
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-reserved-instances

ec2-describe-reserved-instances
Description
Describes the Reserved Instances that you purchased.

Starting with the 2011-11-01 API version, AWS expanded its offering for Amazon EC2 Reserved Instances
to address a range of projected instance use. There are three types of Reserved Instances based on
customer utilization levels: Heavy Utilization, Medium Utilization, and Light Utilization. The Medium
Utilization offering type is equivalent to the Reserved Instance offering available before API version
2011-11-01. If you are using tools that predate the 2011-11-01 API version, you only have access to the
Medium Utilization Reserved Instance offering type.

For more information about Reserved Instances, see Reserved Instances in the Amazon Elastic Compute
Cloud User Guide.

You can filter the results to return information about Reserved Instances that matches criteria you specify.
For example, you could get information about Reserved Instances in a particular Availability Zone. Or
you can specify multiple values for a filter. A Reserved Instance must match at least one of the specified
values for it to be included in the results.

You can specify multiple filters as well. For example, you could specify that your Reserved Instance must
be in a particular Availability Zone and must be tagged with a particular value. The result includes
information for a particular instance only if it matches all of your filters. If there's no match, no special
message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

availability-zone The Availability Zone where the Reserved Instance can be used.
Type: String

duration The duration of the Reserved Instance (one year or three years), in
seconds.
Type: xs:long
Valid values: 31536000 | 94608000

fixed-price The purchase price of the Reserved Instance (e.g., 9800.0)

Type: xs:double

instance-type The instance type on which the Reserved Instance can be used.
Type: String

product-description The product description of the Reserved Instance.

Type: String
Valid values: Linux/UNIX | Linux/UNIX (Amazon VPC) | Windows
| Windows (Amazon VPC)

reserved-instances-id The ID of the Reserved Instance.

Type: String

API Version 2012-06-15

333
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

start The time at which the Reserved Instance purchase request was
placed, e.g., 2010-08-07T11:54:42.000Z.
Type: xsd:dateTime

state The state of the Reserved Instance.

Type: String
Valid values: pending-payment | active | payment-failed |
retired

tag-key The key of a tag assigned to the resource. This filter is independent
of the tag-value filter. For example, if you use both the filter
tag-key=Purpose and the filter tag-value=X, you get any
resources assigned both the tag key Purpose (regardless of what
the tag's value is), and the tag value X (regardless of what the tag's
key is). If you want to list only resources where Purpose=X, see the
tag:key filter later in this table.
For more information about tags, see Using Tags in the Amazon
Elastic Compute Cloud User Guide.
Type: String

tag-value The value of a tag assigned to the resource. This filter is independent
of the tag-key filter.
Type: String

tag:key Filters the results based on a specific tag/value combination.

Example: To list just the resources assigned tag Purpose=X, then
specify:
--filter tag:Purpose=X
Example: To list just resources assigned tag Purpose=X OR
Purpose=Y, then specify:
--filter tag:Purpose=X --filter tag:Purpose=Y

usage-price The usage price of the Reserved Instance, per hour (e.g., 0.84)
Type: xs:double

The short version of this command is ec2dri.

Syntax
ec2-describe-reserved-instances [reservation_id ...] [[--filter name=value]
...]

API Version 2012-06-15

334
Amazon Elastic Compute Cloud CLI Reference
Options

Options
Name Description Required

reservation_id The IDs of the Reserved Instances. No

Type: String
Default: Describes all your Reserved Instances, or
only those otherwise specified.
Example: 4b2293b4-5813-4cc8-9ce3-1957fc1dcfc8

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all Reserved Instances you own,
or only those otherwise specified.
Example: --filter "tag-key=Production"

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

335
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

336
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The RESERVEDINSTANCES identifier

• The ID of the Reserved Instance
• The Availability Zone in which the Reserved Instance can be used
• The instance type
• The Reserved Instance description (Linux/UNIX, Windows, Linux/UNIX (Amazon VPC), or Windows
(Amazon VPC))
• The duration of the Reserved Instance
• The usage price of the Reserved Instance, per hour
• The purchase price of the Reserved Instance
• The number of Reserved Instances purchased
• The state of the Reserved Instance purchase (payment-pending, active, payment-failed)
• Any tags assigned to the Reserved Instance
• The tenancy of the reserved instance purchased. An instance with a tenancy of dedicated runs on
single-tenant hardware.
• The instance offering type
• The currency of the Reserved Instance purchased. It's specified using ISO 4217 standard code (e.g.,
USD, JPY).

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes Reserved Instances owned by your account.

PROMPT> ec2-describe-reserved-instances
RESERVEDINSTANCES 1ba8e2e3-2538-4a35-b749-1f4442d50744 us-east-1a
m1.small Linux/UNIX 3y 0.03 350.0 1 2009-03-13T16:01:39+0000
payment-pending
RESERVEDINSTANCES af9f760e-c1c1-449b-8128-1342d3a6927d us-east-1d
m1.xlarge Linux/UNIX 1y 0.24 1820.0 1 2009-03-13T16:01:39+0000
active

Example Request
This example filters the results to display only one-year, m1.small Linux/UNIX Reserved Instances. If you
want Linux/UNIX Reserved Instances specifically for use with Amazon VPC, set the product descripton
to Linux/UNIX (Amazon VPC).

API Version 2012-06-15

337
Amazon Elastic Compute Cloud CLI Reference
Related Topics

PROMPT> ec2-describe-reserved-instances --filter "duration=31536000" --filter

"instance-type=m1.small" --filter "product-description=Linux/UNIX"

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeReservedInstances

Related Commands
• ec2-describe-reserved-instances-offerings (p. 339)
• ec2-purchase-reserved-instances-offering (p. 497)

API Version 2012-06-15

338
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-reserved-instances-offerings

ec2-describe-reserved-instances-offerings
Description
Describes Reserved Instance offerings that are available for purchase. With Amazon EC2 Reserved
Instances, you purchase the right to launch Amazon EC2 instances for a period of time (without getting
insufficient capacity errors) and pay a lower usage rate for the actual time used.

Starting with the 2011-11-01 API version, AWS expanded its offering of Amazon EC2 Reserved Instances
to address a range of projected instance use. There are three types of Reserved Instances based on
customer utilization levels: Heavy Utilization, Medium Utilization, and Light Utilization. You determine the
type of the Reserved Instance offering by including the optional offering-type parameter when calling
ec2-describe-reserved-instances-offerings. The Medium Utilization offering type is equivalent
to the Reserved Instance offering available before API version 2011-11-01. If you are using tools that
predate the 2011-11-01 API version, ec2-describe-reserved-instances-offerings will only list
information about the Medium Utilization Reserved Instance offering type.

For more information about Reserved Instances, see Reserved Instances in the Amazon Elastic Compute
Cloud User Guide.

Our policy is to provide filters for all describe calls so that you can limit the results to your specified criteria.
Therefore, you can use filters to limit the results when describing Reserved Instances offerings, even
though you can use the regular request parameters to do something similar.

For example, you could use the regular request parameters or a filter to get the offerings for a particular
instance type. You can specify multiple request parameters or multiple filters (e.g., limit the results to the
m2.xlarge instance type, and only for Windows instances). The result includes information for a particular
offering only if it matches all of your request parameters or filters. If there's no match, no special message
is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

availability-zone The Availability Zone where the Reserved Instance

can be used.
Type: String

duration The duration of the Reserved Instance (e.g., one

year or three years), in seconds.
Type: Long
Valid values: 31536000 | 94608000

fixed-price The purchase price of the Reserved Instance (e.g.,

9800.0)
Type: Double

instance-type The Amazon EC2 instance type on which the

Reserved Instance can be used.
Type: String

API Version 2012-06-15

339
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

product-description The description of the Reserved Instance.

Type: String
Valid values: Linux/UNIX | Linux/UNIX
(Amazon VPC) | Windows | Windows (Amazon
VPC)

reserved-instances-offering-id The Reserved Instances offering ID.

Type: String

usage-price The usage price of the Reserved Instance, per hour

(e.g., 0.84)
Type: Double

The short version of this command is ec2drio.

Syntax
ec2-describe-reserved-instances-offerings [offering_id ...] [--type instance_type
...] [--offering-type offering] [--availability-zone zone ...] [--description
description ...] [[--filter name=value] ...] [--tenancy tenancy]

Options
Name Description Required

offering_id The ID of a Reserved Instance offering. No

Type: String
Default: None
Example: 438012d3-4967-4ba9-aa40-cbb1d13235e0

-t, --type The instance type on which the Reserved Instance No

instance_type can be used.
Type: String
Default: None
Example: -t m1.small

--offering-type The Reserved Instance offering type. No

offering-type Type: String
Default: None
Valid values: "Heavy Utilization" | "Medium
Utilization" | "Light Utilization"
Example: --offering-type "Medium Utilization"

-z, The Availability Zone in which the Reserved Instance No

--availability-zone can be used.
zone Type: String
Default: None
Example: -z us-east-1a

API Version 2012-06-15

340
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-d, --description The Reserved Instance description. Instances that No

description include (Amazon VPC) in the description are for use
with Amazon VPC.
Type: String
Default: None
Valid values: Linux/UNIX | Linux/UNIX (Amazon
VPC) | Windows | Windows (Amazon VPC)
Example: -d Linux/UNIX

-F, --filter FILTER A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all Reserved Instances offerings,
or those otherwise specified.
Example: --filter "instance-type=m1.small"

--tenancy TENANCY The tenancy of the Reserved Instance offering. A No

Reserved Instance with tenancy of dedicated will run
on single-tenant hardware and can only be launched
within a VPC.
Type: String
Default: default
Valid values: default | dedicated

Common Options
Option Description

API Version 2012-06-15

341
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

342
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The OFFERING identifier

• The ID of the offer
• The instance type
• The Availability Zone in which the Reserved Instance can be used
• The duration of the Reserved Instance
• The purchase price of the Reserved Instance
• The usage price of the Reserved Instance, per hour
• The Reserved Instance description (Linux/UNIX, Windows, Linux/UNIX (Amazon VPC), or Windows
(Amazon VPC))
• The tenancy of the Reserved Instance.
• The currency of the Reserved Instance. It's specified using ISO 4217 standard (e.g., USD, JPY). At
this time, the only supported currency is USD.
• The instance offering type

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes available Reserved Instance offerings in the us-east-1 Availability Zone.

PROMPT> ec2-describe-reserved-instances-offerings --region us-east-1 -H

Type ReservedInstancesOfferingId AvailabilityZone InstanceType Duration Fixed
Price UsagePrice ProductDescription Currency InstanceTenancy OfferingType
OFFERING 248e7b75-c83a-48c1-bcf7-b7f03e9c43fe us-east-1b c1.medium 3y 700.0
0.06 Linux/UNIX (Amazon VPC) USD default Medium Utilization
OFFERING 3a98bf7d-05c0-40d0-a173-81a3986ba568 us-east-1b c1.medium 3y 700.0
0.125 Windows USD default Medium Utilization
OFFERING 4b2293b4-ff40-4a1a-9fef-1f12ad37a711 us-east-1b c1.medium 3y 700.0
0.06 Linux/UNIX USD default Medium Utilization
...
OFFERING 4b2293b4-b3c5-4ad1-b7f5-b7832ecd6d63 us-east-1d m1.xlarge 3y 3600.0

API Version 2012-06-15

343
Amazon Elastic Compute Cloud CLI Reference
Related Topics

0.0 Linux/UNIX USD default Heavy Utilization

...
OFFERING 649fd0c8-efd6-4800-a7f3-0a9f1c3ea2c1 us-east-1d m2.xlarge 1y 1000.0
0.5 Linux/UNIX USD default Light Utilization
...

Example Request
This example filters the results to display only one-year, m1.small or m1.large Linux/UNIX Reserved
Instances. If you want Linux/UNIX Reserved Instances specifically for use with Amazon VPC, set the
product description to Linux/UNIX (Amazon VPC).

PROMPT> ec2-describe-reserved-instances-offerings --filter "duration=31536000"

--filter "instance-type=m1.small" --filter "instance-type=m1.large" --filter
"product-description=Linux/UNIX" -H
Type ReservedInstancesOfferingId AvailabilityZone InstanceType Duration Fixed
Price UsagePrice ProductDescription Currency InstanceTenancy OfferingType
OFFERING 649fd0c8-7d25-4e81-959e-0e1bc9410a87 us-east-1c m1.large 1y 910.0
0.12 Linux/UNIX USD default Medium Utilization
OFFERING 438012d3-278f-4ad6-9cb9-e23188dafcf5 us-east-1b m1.large 1y 910.0
0.12 Linux/UNIX USD default Medium Utilization
OFFERING 4b2293b4-20f5-4b3d-9969-46341f34b03c us-east-1d m1.large 1y 910.0
0.12 Linux/UNIX USD default Medium Utilization
OFFERING 3a98bf7d-abc6-47a0-870e-e245903ddf6a us-east-1a m1.large 1y 910.0
0.12 Linux/UNIX USD default Medium Utilization
OFFERING ceb6a579-757c-474b-b09b-52c84b605767 us-east-1c m1.small 1y 227.5
0.03 Linux/UNIX USD default Medium Utilization
OFFERING 60dcfab3-06bb-4b68-9503-53bf89823b5e us-east-1b m1.small 1y 227.5
0.03 Linux/UNIX USD default Medium Utilization
OFFERING 438012d3-80c7-42c6-9396-a209c58607f9 us-east-1d m1.small 1y 227.5
0.03 Linux/UNIX USD default Medium Utilization
OFFERING 649fd0c8-5d76-4881-a522-fe5224c10fcc us-east-1a m1.small 1y 227.5
0.03 Linux/UNIX USD default Medium Utilization
...

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeReservedInstancesOfferings

Related Commands
• ec2-describe-reserved-instances (p. 333)
• ec2-purchase-reserved-instances-offering (p. 497)

API Version 2012-06-15

344
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-route-tables

ec2-describe-route-tables
Description
Describes your route tables. You can filter the results to return information only about tables that match
criteria you specify. For example, you could get information only about a table associated with a particular
subnet. You can specify multiple values for the filter. The table must match at least one of the specified
values for it to be included in the results.

You can specify multiple filters (e.g., the table has a particular route, and is associated with a particular
subnet). The result includes information for a particular table only if it matches all your filters. If there's
no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

association.route-table-association-id The ID of an association ID for the route table.

Type: String

association.route-table-id The ID of the route table involved in the association.

Type: String

association.subnet-id The ID of the subnet involved in the association.

Type: String

association.main Indicates whether the route table is the main route

table in the VPC.
Type: Boolean

route-table-id The ID of the route table.

Type: String

route.destination-cidr-block The CIDR range specified in a route in the table.

Type: String

route.gateway-id The ID of a gateway specified in a route in the

table.
Type: String

route.instance-id The ID of an instance specified in a route in the

table.
Type: String

API Version 2012-06-15

345
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

route.state The state of a route in the route table. The

blackhole state indicates that the route's target
isn't available (e.g., the specified gateway isn't
attached to the VPC, the specified NAT instance
has been terminated, etc.).
Type: String
Valid values: active | blackhole

tag-key The key of a tag assigned to the resource. This

tag-value The value of a tag assigned to the resource. This

filter is independent of the tag-key filter.
Type: String

tag:key Filters the results based on a specific tag/value

vpc-id The ID of the VPC the route table is in.

Type: String

For more information about Amazon Virtual Private Cloud and route tables, see Route Tables in the
Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2drtb.

Syntax
ec2-describe-route-tables [route_table_id...]

API Version 2012-06-15

346
Amazon Elastic Compute Cloud CLI Reference
Options

Options
Name Description Required

route_table_id The IDs of the route tables. No

Type: String
Default: Returns all route tables, or only those
otherwise specified.
Example: rtb-7aa34613

-F, --filter name=value A filter for limiting the results. See the No
preceding table for a list of allowed filter names
and values. You need to use quotation marks
if the value string has a space (e.g.,
"name=value example"). If you're using the
command line tools on a Windows system, you
might need to use quotation marks, even when
there is no space in the value string (e.g.,
"name=value").
Type: String
Default: Describes all route tables in the VPC,
or only those otherwise specified.
Example: --filter "tag-key=Production"

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

347
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

348
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The ROUTETABLE identifier

• The ID of the route table
• The ID of the VPC the route table is in
• The ROUTE identifier
• The route's forwarding target (gateway or NAT instance)
• The route's state (active or blackhole). Blackhole means the route's forwarding target isn't available
(e.g., the gateway is detached, the NAT instance is terminated)
• The route's destination CIDR range
• The ASSOCIATION identifier
• The association ID representing the association of the route table to a subnet (or to the VPC if it's the
main route table)
• Any tags assigned to the route table
• Network interfaces associated with the route.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes the route table with ID rtb-6aa34603.

PROMPT> ec2-describe-route-tables rtb-6aa34603

ROUTETABLE rtb-6aa34603 vpc-9ea045f7
ROUTE local active 10.0.0.0/22
ROUTE igw-68a34601 active 0.0.0.0/0
ASSOCIATION rtbassoc-61a34608 subnet-92a045fb

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeRouteTables

API Version 2012-06-15

349
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Commands
• ec2-associate-route-table (p. 30)
• ec2-delete-route-table (p. 194)
• ec2-disassociate-route-table (p. 435)
• ec2-replace-route-table-association (p. 525)

API Version 2012-06-15

350
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-snapshot-attribute

ec2-describe-snapshot-attribute
Description
Describes an attribute of a snapshot. You can describe one attribute at a time.

The short version of this command is ec2dsnapatt.

Syntax
ec2-describe-snapshot-attribute snapshot_id attribute

Options
Name Description Required

snapshot_id The ID of the Amazon EBS snapshot. Yes

Type: String
Default: None
Example: snap-78a54011

-c, Describes the create volume permissions of the Conditional

--create-volume- snapshot.
permission Type: String
Default: None
Example: -c

-p, --product-codes Describes the product codes associated with the Conditional
snapshot. Each product code contains a product code
and a type.
Type: String
Default: None
Example: -p

Common Options
Option Description

API Version 2012-06-15

351
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

352
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The attribute type identifier

• The ID of the snapshot
• The attribute value

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes permissions for the snap-7ddb6e14 snapshot.

PROMPT> ec2-describe-snapshot-attribute snap-7ddb6e14 -c

createVolumePermission snap-7ddb6e14 userId 123456789012

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeSnapshotAttribute

Related Commands
• ec2-create-snapshot (p. 126)
• ec2-describe-snapshots (p. 354)
• ec2-modify-snapshot-attribute (p. 487)
• ec2-reset-snapshot-attribute (p. 553)

API Version 2012-06-15

353
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-snapshots

ec2-describe-snapshots
Description
Describes the Amazon EBS snapshots available to you. Snapshots available to you include public
snapshots available for any AWS account to launch, private snapshots you own, and private snapshots
owned by another AWS account but for which you've been given explicit create volume permissions.

The create volume permissions fall into 3 categories:

Permission Description

public The owner of the snapshot granted create volume permissions for the snapshot
to the all group. All AWS accounts have create volume permissions for these
snapshots.

explicit The owner of the snapshot granted create volume permissions to a specific AWS
account.

implicit An AWS account has implicit create volume permissions for all snapshots it owns.

You can modify the list of snapshots returned by specifying snapshot IDs, snapshot owners, or AWS
accounts with create volume permissions. If you don't specify any options, Amazon EC2 returns all
snapshots for which you have create volume permissions.

If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you
specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not
have access, it will not be included in the returned results.

If you specify one or more snapshot owners, only snapshots from the specified owners and for which you
have access are returned. The results can include the AWS account IDs of the specified owners, amazon
for snapshots owned by Amazon, or self for snapshots that you own.

If you specify a list of restorable users, only snapshots with create snapshot permissions for those users
are returned. You can specify AWS account IDs (if you own the snapshot(s)), self for snapshots for
which you own or have explicit permissions, or all for public snapshots.

Tip

Use the --help option to view examples of ways to use this command.

You can filter the results to return information only about snapshots that match criteria you specify. For
example, you could get information about snapshots whose status is pending. You can specify multiple
values for a filter (e.g., the snapshot's status is either pending or completed). A snapshot must match
at least one of the specified values for it to be included in the results.

You can specify multiple filters (e.g., the snapshot's status is pending, and it is tagged with a particular
value). The result includes information for a particular snapshot only if it matches all your filters. If there's
no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

API Version 2012-06-15

354
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

description A description of the snapshot.

Type: String

owner-alias The AWS account alias (e.g., amazon) that owns the snapshot.
Type: String

owner-id The ID of the AWS account that owns the snapshot.

Type: String

progress The progress of the snapshot, as a percentage (e.g., 80%).

Type: String

snapshot-id The snapshot ID.

Type: String

start-time The time stamp when the snapshot was initiated.

Type: xsd:dateTime

status The status of the snapshot.

Type: String
Valid values: pending | completed | error

tag-value The value of a tag assigned to the resource. This filter is independent of the
tag-key filter.
Type: String

tag:key Filters the results based on a specific tag/value combination.

volume-id The ID of the volume the snapshot is for.

Type: String

volume-size The size of the volume, in GiB (e.g., 20).

Type: String

The short version of this command is ec2dsnap.

API Version 2012-06-15

355
Amazon Elastic Compute Cloud CLI Reference
Syntax

Syntax
ec2-describe-snapshots [snapshot_id ...] [-a] [-o owner ...] [-r user_id]
[[--filter name=value] ...]

Options
Name Description Required

snapshot_id The ID of the Amazon EBS snapshot. No

Type: String
Default: Describes snapshots for which you have
launch permissions.
Example: snap-78a54011

-a, --all owner Describe all snapshots (public, private or shared) to No

which you have access.
Type: String
Default: None
Example: -a

-o, --owner owner Describes snapshots owned by the specified owner. No

Multiple owners can be specified.
Type: String
Valid values: self | amazon | AWS Account ID
Default: None
Example: -o AKIAIOSFODNN7EXAMPLE

-r, --restorable-by The ID of an AWS account that can create volumes No

user_id from the snapshot.
Type: String
Valid values: self | all | an AWS account ID
Default: None
Example: -r self

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all snapshots you own, or only
those otherwise specified.
Example: --filter "tag-key=Production"

API Version 2012-06-15

356
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

357
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The SNAPSHOT identifier

• The ID of the snapshot
• The ID of the volume
• The state of the snapshot (e.g., pending, completed, error)
• The time stamp when the snapshot initiated
• The percentage of completion
• The ID of the owner
• The size of the volume
• The description of the snapshot
• Any tags assigned to the snapshot

Amazon EC2 command line tools display errors on stderr.

API Version 2012-06-15

358
Amazon Elastic Compute Cloud CLI Reference
Examples

Examples
Example Request
This example describes snapshot snap-7ddb6e14.

PROMPT> ec2-describe-snapshots snap-7ddb6e14

SNAPSHOT snap-7ddb6e14 vol-9539dcfc completed 2009-09-15T22:06:15.000Z 100%
111122223333 1 Daily Backup

Example Request
This example filters the results to display only snapshots with the pending status, and that are also
tagged with a value that includes the string db_.

PROMPT> ec2-describe-snapshots --filter "status=pending" --filter "tag-

value=*db_*"
SNAPSHOT snap-1a2b3c4d vol-8875daef pending 2010-07-29T04:12:01.000Z 30%
111122223333 15 demo_db_14_backup

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeSnapshots

Related Commands
• ec2-create-snapshot (p. 126)
• ec2-delete-snapshot (p. 197)

API Version 2012-06-15

359
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-spot-datafeed-subscription

ec2-describe-spot-datafeed-subscription
Description
Describes the datafeed for Spot Instances. For more information about Spot Instances, see Spot Instances
in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2dsds.

Syntax
ec2-describe-spot-datafeed-subscription

Options
This command does not have any options.

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

360
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

361
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The SPOTDATAFEEDSUBSCRPITION identifier

• The AWS account ID of the owner
• The Amazon S3 bucket where the data feed is located
• The prefix for the data feed files
• The state of the data feed (Active or Inactive)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes the datafeed for the account.

PROMPT> ec2-describe-spot-datafeed-subscription
SPOTDATAFEEDSUBSCRIPTION 111122223333 myawsbucket spotdata
Active

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeSpotDatafeedSubscription

Related Commands
• ec2-create-spot-datafeed-subscription (p. 130)
• ec2-delete-spot-datafeed-subscription (p. 200)

API Version 2012-06-15

362
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-spot-instance-requests

ec2-describe-spot-instance-requests
Description
Describes the Spot Instance requests that belong to your account. Spot Instances are instances that
Amazon EC2 starts on your behalf when the maximum price that you specify exceeds the current Spot
Price. Amazon EC2 periodically sets the Spot Price based on available Spot Instance capacity and current
Spot Instance requests. For more information about Spot Instances, see Spot Instances in the Amazon
Elastic Compute Cloud User Guide.

You can filter the results to return information only about Spot Instance requests that match criteria you
specify. For example, you could get information about requests where the Spot Price you specified is a
certain value (however, you can't use greater than or less than comparison, but you can use * and ?
wildcards). You can specify multiple values for a filter. A Spot Instance request must match at least one
of the specified values for it to be included in the results.

You can specify multiple filters (e.g., the Spot Price is equal to a particular value, and the instance type
is m1.small). The result includes information for a particular request only if it matches all your filters. If
there's no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

availability-zone-group The Availability Zone group. If you specify the same

Availability Zone group for all Spot Instance
requests, all Spot Instances are launched in the
same Availability Zone.
Type: String

create-time The time stamp when the Spot Instance request

was created.
Type: String

fault-code The fault code related to the request.

Type: String

fault-message The fault message related to the request.

Type: String

instance-id The ID of the instance that fulfilled the request.

Type: String

launch-group The Spot Instance launch group. Launch groups

are Spot Instances that launch together and
terminate together.
Type: String

launch.block-device-mapping.delete- Indicates whether an Amazon EBS volume mapped

on-termination to the instance is deleted on instance termination.
Type: Boolean

API Version 2012-06-15

363
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

launch.block-device-mapping.device-name The device name (e.g., /dev/sdh) for an Amazon

EBS volume mapped to the instance.
Type: String

launch.block-device-mapping.snapshot-id The ID of a snapshot mapped to the instance.

Type: String

launch.block-device-mapping.volume-size The size of an Amazon EBS volume mapped to

the instance (in GiB).
Type: String

launch.group-id A security group the instance is in.

Type: String

launch.image-id The AMI ID.

Type: String

launch.instance-type The type of instance (e.g., m1.small).

Type: String

launch.kernel-id The kernel ID.

Type: String

launch.key-name The name of the key pair the instance launched

with.
Type: String

launch.monitoring-enabled Indicates whether monitoring is enabled for the

Spot Instance.
Type: Boolean

launch.ramdisk-id The RAM disk ID.

Type: String

launch.network-interface.network-interface-id The ID of the network interface (available only in

Amazon Virtual Private Cloud).
Type: String

launch.network-interface.device-index The index of the device for the network interface

attachment on the instance (available only in
Amazon Virtual Private Cloud).
Type: Integer

launch.network-interface.subnet-id The ID of the subnet that the instance is in

(available only in Amazon Virtual Private Cloud).
Type: String

launch.network-interface.description A description of the network interface (available

only in Amazon Virtual Private Cloud).
Type: String

API Version 2012-06-15

364
Amazon Elastic Compute Cloud CLI Reference
Description

Filter Name Description

launch.network-interface.private-ip-address The primary private IP address of the network

interface (available only in Amazon Virtual Private
Cloud).
Type: String

launch.network-interface.delete-on-termination Indicates whether the network interface is deleted

when the instance is terminated (available only in
Amazon Virtual Private Cloud).
Type: Boolean

launch.network-interface.group-id The ID of the security group associated with the

network interface (available only in Amazon Virtual
Private Cloud).
Type: String

launch.network-interface.group-name The name of the security group associated with the

network interface (available only in Amazon Virtual
Private Cloud).
Type: String

launch.network-interface.addresses.primary Specifies whether or not the IP address is the

primary private IP address (available only in
Amazon Virtual Private Cloud).
Type: String

product-description The product description associated with the

instance.
Type: String
Valid values: Linux/UNIX | Windows

spot-instance-request-id The Spot Instance request ID.

Type: String

spot-price The maximum hourly price for any Spot Instance

launched to fulfill the request.
Type: String

state The state of the Spot Instance request.

Type: String
Valid values: active | cancelled | open |
closed | failed

API Version 2012-06-15

365
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

tag-key The key of a tag assigned to the resource. This

tag-value The value of a tag assigned to the resource. This

filter is independent of the tag-key filter.
Type: String

tag:key Filters the results based on a specific tag/value

type The type of Spot Instance request.

Type: String
Valid values: one-time | persistent

launched-availability-zone The Availability Zone in which the bid is launched.

Type: String
Valid values: us-east-1a, etc.

valid-from The start date of the request.

Type: xsd:dateTime

valid-until The end date of the request.

Type: xsd:dateTime

The short version of this command is ec2dsir.

Syntax
ec2-describe-spot-instance-requests [request_id ...] [[--filter name=value]
...]

API Version 2012-06-15

366
Amazon Elastic Compute Cloud CLI Reference
Options

Options
Name Description Required

request_id The ID of the Spot Instance request. No

Type: String
Default: None
Example: sir-8456a32b

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all Spot Instance requests you own,
or those otherwise specified.
Example: --filter "tag-key=Production"

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

367
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

368
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The request ID
• Spot Price
• Type
• State (active, open, closed, cancelled, failed)
• Fault
• Valid From
• Valid Until
• Launch Group
• Availability Zone Group
• Launched Availability Zone
• Launch Specification
• Create Time
• Description
• Any tags assigned to the request

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example returns information about a specific Spot Instance request.

PROMPT> ec2-describe-spot-instance-requests -H sir-64b4ee11

Type SpotInstanceRequestID Price RequestType ProductDescription State
Created ValidFrom ValidUntil LaunchGroup AZGroup InstanceID ImageID In
stanceType KeyName Groups AvailabilityZone KernelID RamdiskID Monitored
SubnetID LaunchedAvailabilityZone
SPOTINSTANCEREQUEST sir-64b4ee11 0.100000 one-time Linux/UNIX open 2011-
08-30T11:02:16-0800 2011-08-30T12:00:00-0800 test testAZ ami-8c1fece5
t1.micro SpotTest sg-c20e77ab us-east-1a monitoring-enabled us-east-1a

Example Request
This example describes all persistent Spot Instance requests that have resulted in the launch of at least
one m1.small instance, that has been fulfilled in the us-east-1a Availability Zone, and that also has
monitoring enabled.

API Version 2012-06-15

369
Amazon Elastic Compute Cloud CLI Reference
Related Topics

PROMPT> ec2-describe-spot-instance-requests --filter "type=persistent" --filter

"launch.instance-type=m1.small" --filter "launch.monitoring-enabled=true"

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeSpotInstanceRequests

Related Commands
• ec2-cancel-spot-instance-requests (p. 70)
• ec2-describe-spot-price-history (p. 371)
• ec2-request-spot-instances (p. 533)

API Version 2012-06-15

370
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-spot-price-history

ec2-describe-spot-price-history
Description
Describes the Spot Price history. Spot Instances are instances that Amazon EC2 starts on your behalf
when the maximum price that you specify exceeds the current Spot Price. Amazon EC2 periodically sets
the Spot Price based on available Spot Instance capacity and current Spot Instance requests. For more
information about Spot Instances, see Spot Instances in the Amazon Elastic Compute Cloud User Guide.

When you use the availability-zone option, this command describes the price history for the specified
Availability Zone with the most recent set of prices listed first. If you don't specify an Availability Zone,
the command returns the prices across all Availability Zones, starting with the most recent set. However,
if you use this command with versions of the API earlier than the 2011-05-15 version, this command
returns the lowest price across the Region for the given time period. The prices returned are listed in
chronological order — from the oldest to the most recent.

Note

Our policy is to provide filters for all "describe" calls so you can limit the results to your specified
criteria. Therefore, you can use filters to limit the results when describing Spot Price histories,
even though you can use the regular request parameters to do something similar.

For example, you could use the regular request parameters or a filter to get the history for a particular
instance type. You can specify multiple request parameters or multiple filters (e.g., limit the results to the
m2.xlarge instance type, and only for Windows instances). The result includes information for a particular
price history only if it matches all your request parameters or filters. If there's no match, no special message
is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

instance-type The type of instance (e.g., m1.small).

Type: String

product-description The product description for the Spot Price.

spot-price The Spot Price. The value must match exactly (or use wildcards; greater than
or less than comparison is not supported).
Type: String

timestamp The timestamp of the Spot Price history, e.g., 2010-08-16T05:06:11.000Z.

You can use wildcards (* and ?). Greater than or less than comparison is not
supported.
Type: xsd:dateTime

availability-zone The Availability Zone for which prices should be returned.

Type: String

API Version 2012-06-15

371
Amazon Elastic Compute Cloud CLI Reference
Syntax

The short version of this command is ec2dsph.

Syntax
ec2-describe-spot-price-history [--start-time timestamp] [--end-time timestamp]
[--instance-type type] [--product-description description] [[--filter name=value]
...] [--availability-zone zone]

Options
Name Description Required

-s, --start-time The start date and time of the Spot Instance price No
timestamp history data.
Type: DateTime
Default: None
Example: -s 2009-12-01T11:51:50.000Z

-e, --end-time The end date and time of the Spot Instance price No
timestamp history data.
Type: DateTime
Default: None
Example: -e 2009-12-31T11:51:50.000Z

-t, --instance-type The instance type to return. No

-d, Filters the results by basic product description. No

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Lists all available history information, or just
that information otherwise specified.
Example: --filter "product-description=Linux/UNIX"

API Version 2012-06-15

372
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-a, The Availability Zone for which you want to get the No
--availability-zone price history
zone Type: String
Default: None
Example: us-east-1a

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

API Version 2012-06-15

373
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The SPOTINSTANCEPRICE identifier

• Price
• Date and time
• Instance type
• Product description (e.g., Linux/UNIX)
• Availability Zone (e.g., us-east-1a)

API Version 2012-06-15

374
Amazon Elastic Compute Cloud CLI Reference
Examples

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example returns Spot Price history for m1.small instances for a particular day in May.

PROMPT> ec2-describe-spot-price-history -H --instance-type m1.xlarge --start-

time 2011-05-06T07:08:09 --end-time 2011-05-06T08:09:10
Type Price Timestamp InstanceType ProductDescription AvailabilityZone
SPOTINSTANCEPRICE 0.417000 2011-05-06T05:54:03-0800 m1.xlarge Windows us-east-
1b
SPOTINSTANCEPRICE 0.417000 2011-05-06T05:54:03-0800 m1.xlarge Windows us-east-
1d
SPOTINSTANCEPRICE 0.417000 2011-05-06T05:54:03-0800 m1.xlarge Windows us-east-
1a
...

The following example uses filters instead of request options to get the same results.

PROMPT> ec2-describe-spot-price-history -H --instance-type m1.xlarge --start-

time 2011-05-06T07:08:09 --end-time 2011-05-06T08:09:10 --product-description
'Linux/UNIX'
Type Price Timestamp InstanceType ProductDescription AvailabilityZone
SPOTINSTANCEPRICE 0.234000 2011-05-06T05:08:03-0800 m1.xlarge Linux/UNIX us-
east-1b
SPOTINSTANCEPRICE 0.234000 2011-05-06T05:08:03-0800 m1.xlarge Linux/UNIX us-
east-1c
SPOTINSTANCEPRICE 0.234000 2011-05-06T05:08:03-0800 m1.xlarge Linux/UNIX us-
east-1d
...

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeSpotPriceHistory

Related Commands
• ec2-cancel-spot-instance-requests (p. 70)
• ec2-describe-spot-instance-requests (p. 363)
• ec2-request-spot-instances (p. 533)

API Version 2012-06-15

375
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-subnets

ec2-describe-subnets
Description
Describes your subnets. You can filter the results to return information only about subnets that match
criteria you specify. For example, you could get information only about subnets whose state is available.
You can specify multiple values for the filter. The subnet must match at least one of the specified values
for it to be included in the results.

You can specify multiple filters (e.g., the subnet is in a particular VPC, and the subnet's state is
available). The result includes information for a particular subnet only if it matches all your filters. If
there's no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

availability-zone The Availability Zone the subnet is in.

Type: String

available-ip-address The number of IP addresses in the subnet that are available.

-count Type: String

cidr The CIDR block of the subnet. The CIDR block you specify must exactly
match the subnet's CIDR block for information to be returned for the subnet.
Type: String
Constraints: Must contain the slash followed by one or two digits (e.g., /28)

state The state of the subnet.

Type: String
Valid values: pending | available

subnet-id The ID of the subnet.

Type: String

tag-value The value of a tag assigned to the resource. This filter is independent of the
tag-key filter.
Type: String

API Version 2012-06-15

376
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

tag:key Filters the results based on a specific tag/value combination.

vpc-id The ID of the VPC the subnet is in.

Type: String

The short version of this command is ec2dsubnet.

Syntax
ec2-describe-subnets [ subnet_id ... ] [[--filter name=value] ...]

Options
Name Description Required

subnet_id A subnet ID. You can specify more than one No

in the request.
Type: String
Default: Returns information about all your
subnets.
Example: subnet-9d4a7b6c

-F, --filter name=value A filter for limiting the results. See the No
preceding table for a list of allowed filter names
and values. You need to use quotation marks
if the value string has a space (e.g.,
"name=value example"). If you're using the
command line tools on a Windows system, you
might need to use quotation marks, even when
there is no space in the value string (e.g.,
"name=value").
Type: String
Default: Describes all subnets you own, or only
those otherwise specified.
Example: --filter "tag-key=Production"

API Version 2012-06-15

377
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

378
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The SUBNET identifier

• The ID of the subnet
• The current state of the subnet (pending or available)
• the ID of the VPC the subnet is in
• The CIDR block assigned to the subnet
• The number of IP addresses in the subnet that are available
• The Availability Zone the subnet is in
• Any tags assigned to the subnet

Amazon EC2 command line tools display errors on stderr.

API Version 2012-06-15

379
Amazon Elastic Compute Cloud CLI Reference
Examples

Examples
Example Request
This example gives a description of two subnets with IDs subnet-9d4a7b6c and subnet-6e7f829e.

PROMPT> ec2-describe-subnets subnet-9d4a7b6c subnet-6e7f829e

SUBNET subnet-9d4a7b6c available vpc-1a2b3c4d 10.0.1.0/24 250 us-east-
1a
SUBNET subnet-6e7f829e available vpc-1a2b3c4d 10.0.0.0/24 250 us-east-
1a

Example Request
This example uses filters to give a description of any subnet you own that is in the VPC with ID
vpc-1a2b3c4d or vpc-6e7f8a92, and whose state is available. The response indicates that the VPC
with ID vpc-6e7f8a92 doesn't have any subnets that match.

PROMPT> ec2-describe-subnets --filter "vpc-id=vpc-1a2b3c4d" --filter "vpc-id=vpc-

6e7f8a92" --filter "state=available"
SUBNET subnet-9d4a7b6c available vpc-1a2b3c4d 10.0.1.0/24 250 us-east-
1a
SUBNET subnet-6e7f829e available vpc-1a2b3c4d 10.0.0.0/24 250 us-east-
1a

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeSubnets

Related Commands
• ec2-create-subnet (p. 133)
• ec2-delete-subnet (p. 203)

API Version 2012-06-15

380
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-tags

ec2-describe-tags
Description
Describes your tags. For more information about tags, see Using Tags in the Amazon Elastic Compute
Cloud User Guide.

You can use filters to limit the results when describing tags. For example, you could get only the tags for
a particular resource type. You can specify multiple values for a filter. A tag must match at least one of
the specified values for it to be included in the results.

You can specify multiple filters (e.g., limit the results to a specific resource type, and get only tags with
values that contain the string database). The result includes information for a particular tag only if it
matches all your filters. If there's no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

key The tag key.

Type: String

resource-id The resource ID.

Type: String

resource-type The resource type.

value The tag value.

Type: String

The short version of this command is ec2dtag.

Syntax
ec2-describe-tags [[--filter name=value] ...]

API Version 2012-06-15

381
Amazon Elastic Compute Cloud CLI Reference
Options

Options
Name Description Required

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all tags you own, or only those
otherwise specified.
Example: --filter "resource-type=instance"

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

382
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

383
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The TAG identifier

• The resource type
• The resource ID
• The tag key
• The tag value

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes all the tags belonging to your account.

PROMPT> ec2-describe-tags
TAG ami-1a2b3c4d image webserver
TAG ami-1a2b3c4d image stack Production
TAG i-5f4e3d2a instance webserver
TAG i-5f4e3d2a instance stack Production
TAG i-12345678 instance database_server
TAG i-12345678 instance stack Test

Example Request
This example describes the tags for the AMI with ID ami-1a2b3c4d.

PROMPT> ec2-describe-tags --filter "resource-id=ami-1a2b3c4d"

TAG ami-1a2b3c4d image webserver
TAG ami-1a2b3c4d image stack Production

Example Request
This example describes the tags for all your instances.

PROMPT> ec2-describe-tags --filter "resource-type=instance"

TAG i-5f4e3d2a instance webserver
TAG i-5f4e3d2a instance stack Production
TAG i-12345678 instance database_server
TAG i-12345678 instance stack Test

API Version 2012-06-15

384
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Example Request
This example describes the tags for all your instances tagged with the name webserver.

PROMPT> ec2-describe-tags --filter "resource-type=instance" --filter "key=web

server"
TAG i-5f4e3d2a instance webserver

Example Request
This example describes the tags for all your instances tagged with either stack=Test or stack=Production.

PROMPT> ec2-describe-tags --filter "resource-type=instance" --filter "key=stack"

--filter "value=Test" --filter "value=Production"
TAG i-5f4e3d2a instance stack Production
TAG i-12345678 instance stack Test

Example Request
This example describes the tags for all your instances tagged with Purpose=[empty string].

PROMPT> ec2-describe-tags --filter "resource-type=instance" --filter "key=Pur

pose" --filter "value="

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeTags

Related Commands
• ec2-create-tags (p. 137)
• ec2-delete-tags (p. 206)

API Version 2012-06-15

385
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-volume-attribute

ec2-describe-volume-attribute
Description
Describes an attribute of a volume.

Currently, volumes have two attributes: auto-enable-io and product-codes.

The short version of this command is ec2dvolatt.

Syntax
ec2-describe-volume-attribute volume_id ...
<replace>attribute</replace>

Options
Name Description Required

volume_id The ID of the volume. Yes

Type: String
Example: vol-4282672b

Attribute The instance attribute. Yes

Type: String
Default: None
Valid values: [--auto-enable-io | --product-codes] or
[-a | -p]
Example: --auto-enable-io
Example: -p

Common Options
Option Description

API Version 2012-06-15

386
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

387
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The ID of the volume

• Information about the attribute

Amazon EC2 command line tools display errors on stderr.

Example
Example Request
This example describes the autoEnableIo attribute of the volume vol-999999.

PROMPT> ec2-describe-volume-attribute vol-999999 -a

VolumeId Attribute
vol-999999 autoEnableIo
AUTO-ENABLE-IO true

Example Request
This example describes the productCodes attribute of the volume vol-777777.

PROMPT> ec2-describe-volume-attribute vol-777777 -p

VolumeId Attribute
vol-777777 productCodes
PRODUCT_CODES [marketplace: a1b2c3d4e5f6g7h8i9j10k11]

Related Topics
Download
• Getting Started with the Command Line Tools

API Version 2012-06-15

388
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Action
• DescribeVolumeAttribute

Related Commands
• ec2-describe-volume-status (p. 390)
• ec2-enable-volume-io (p. 438)
• ec2-modify-volume-attribute (p. 491)

API Version 2012-06-15

389
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-volume-status

ec2-describe-volume-status
Description
Describes the status of one or more volumes. Volume status provides the result of the checks performed
on your volumes to determine events that can impair the performance of your volumes. The performance
of a volume can be affected if an issue occurs on the volume's underlying host. If the volume's underlying
host experiences a power outage or system issue, once the system is restored, there could be data
inconsistencies on the volume. Volume events notify you if this occurs. Volume action notifies you if any
action needs to be taken in response to the event.

The DescribeVolumeStatus operation provides the following information about the specified volumes:

Status: Reflects the current status of the volume. The possible values are ok, impaired , or
insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the
overall status is impaired. If the status is insufficient-data, then the checks may still be taking
place on your volume at the time. We recommend you retry the request. For more information on volume
status, see Monitoring the Status of Your Volumes.

Events: Reflect the cause of a volume status and may require you to take an action. For example, if your
volume returns an impaired status, then the volume event might be potential-data-inconsistency.
This means that your volume has been impacted by an issue with the underlying host, has all I/O operations
disabled, and may have inconsistent data.

Actions: Reflect the actions you may have to take in response to an event. For example, if the status of
the volume is impaired and the volume event shows potential-data-inconsistency, then the
action will show enable-volume-io. This means that you may want to to enable the I/O operations for
the volume by issuing the ec2-enable-volume-io (p. 438) command and then check the volume for data
consistency.

Note

Volume status only has one status check. It does not check volume state as reported by
DescribeVolumes. Therefore, it does not detect volumes in the ERROR state (i.e., when a volume
is incapable of accepting I/Os because it is in an error state.)

You can filter the results to return information only about volumes that match criteria you specify. For
example, you could get information about volumes that have impaired status. You can specify multiple
values for a filter (e.g., more than one Availability Zone). A volume must match at least one of the specified
values for it to be included in the results.

You can specify multiple filters (e.g., the volume is in a specific Availability Zone and its status is set to
impaired). A volume must match all the filters for it to be included in the results. If there's no match, no
special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

availability-zone The Availability Zone of the instance.

Type: String

API Version 2012-06-15

390
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

volume-status.status The status of the volume.

Type: String
Valid values: ok | impaired |
insufficient-data

volume-status.details-name The cause for the volume-status.status.

Type: String
Valid values: io-enabled

volume-status.details-status The status of the

volume-status.details-name.
Type: String
Valid values: passed | failed

event.description A description of the event.

Type: String

event.not-after The latest end time for the event.

Type: dateType

event.not-before The earliest start time for the event.

Type: dateType

event.event-id The event ID.

Type: String

event.event-type The event type, e.g.,

potential-data-inconsistency
Type: String

action.code The action code for the event, e.g.,

enable-volume-io
Type: String

action.event-id The event ID associated with the action.

Type: String

action.description A description of the action.

Type: String

The short version of this command is ec2dvs.

Syntax
ec2-describe-volume-status [volume_id ...] [[--filter name=value] ...]

API Version 2012-06-15

391
Amazon Elastic Compute Cloud CLI Reference
Options

Options
Name Description Required

volume_id The ID of the volume. No

Type: String
Default: Describes the status of all volumes you own,
or only those otherwise specified.
Example: vol-4282672b

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all volumes you own, or those
otherwise specified.
Example: --filter "volume-status.status=Ok"

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

392
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

393
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The VOLUME identifier

• The ID of the volume
• The Availability Zone in which the volume launched
• The volume status name(e.g., Ok, impaired, io-enabled, insufficient-data)
• The EVENT identifier
• The ID of the event
• The event type (e.g., potential-data-inconsistencies)
• The description of the event
• notBefore (the earliest start time of the event)
• notAfter (the latest end time of the event)
• The ACTION identifier
• The action code (e.g., enable-volume-io)
• The ID of the event associated with the action
• The event type associated with the action (e.g., potential-data-inconsistency)
• The description of the event associated with the action

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes the status of the volumes vol-111111 and vol-222222.

PROMPT> ec2-describe-volume-status vol-111111 vol-222222

Type VolumeId AvailabilityZone VolumeStatus
VOLUME vol-111111 us-east-1a ok
VOLUME vol-222222 us-east-1b impaired
Type Name Status
VOLUMESTATUS io-enabled failed
Type EventType NotBefore NotAfter EventId EventDescrip
tion
EVENT potential-data-inconsistency 2011-12-01T14:00:00.000Z evol-
61a54008 This is an example
Type ActionCode EventId EventType
EventDescription
ACTION enable-volume-io evol-61a54008 potential-data-inconsistency
This is an example

API Version 2012-06-15

394
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Example Request
This example describes the volumes associated with your account that have failing I/O operations.

PROMPT> ec2-describe-volume-status --filter "volume-status.details-name=io-en

abled" --filter "volume-status.details-status=failed"

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeVolumeStatus

Related Commands
• ec2-describe-volume-attribute (p. 386)
• ec2-enable-volume-io (p. 438)
• ec2-modify-volume-attribute (p. 491)

API Version 2012-06-15

395
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-volumes

ec2-describe-volumes
Description
Describes your Amazon EBS volumes. For more information about Amazon EBS, see Using Amazon
Elastic Block Store in the Amazon Elastic Compute Cloud User Guide.

You can filter the results to return information only about volumes that match criteria you specify. For
example, you could get information about volumes whose status is available. You can specify multiple
values for a filter (e.g., the volume's status is either available or in-use). A volume must match at
least one of the specified values for it to be included in the results.

You can specify multiple filters (e.g., the volume's status is available, and it is tagged with a particular
value). The result includes information for a particular volume only if it matches all your filters. If there's
no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

attachment.attach-time The time stamp when the attachment initiated.

Type: xsd:dateTime

attachment.delete-on-termination Indicates whether the volume is deleted on instance

termination.
Type: Boolean

attachment.device The device name that is exposed to the instance

(e.g., /dev/sda1).
Type: String

attachment.instance-id The ID of the instance the volume is attached to.

Type: String

attachment.status The attachment state.

Type: String
Valid values: attaching | attached | detaching
| detached

availability-zone The Availability Zone in which the volume was

created.
Type: String

create-time The time stamp when the volume was created.

Type: xsd:dateTime

size The size of the volume, in GiB (e.g., 20).

Type: String

API Version 2012-06-15

396
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

snapshot-id The snapshot from which the volume was created.

Type: String

status The status of the volume.

tag-key The key of a tag assigned to the resource. This

tag-value The value of a tag assigned to the resource. This

filter is independent of the tag-key filter.
Type: String

tag:key Filters the results based on a specific tag/value

volume-id The volume ID.

Type: String

The short version of this command is ec2dvol.

Syntax
ec2-describe-volumes [volume_id ...] [[--filter name=value] ...]

API Version 2012-06-15

397
Amazon Elastic Compute Cloud CLI Reference
Options

Options
Name Description Required

volume_id The ID of the volume. No

Type: String
Default: Describes all volumes you own, or only those
otherwise specified.
Example: vol-4282672b

-F, --filter A filter for limiting the results. See the preceding table No
name=value for a list of allowed filter names and values. You need
to use quotation marks if the value string has a space
(e.g., "name=value example"). If you're using the
command line tools on a Windows system, you might
need to use quotation marks, even when there is no
space in the value string (e.g., "name=value").
Type: String
Default: Describes all volumes you own, or those
otherwise specified.
Example: --filter "tag-key=Production"

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

398
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

399
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The VOLUME identifier

• The ID of the volume
• The size of the volume, in GiBs
• The snapshot from which the volume was created, if applicable
• The Availability Zone in which the volume launched
• The volume state (e.g., creating, available, in-use, deleting, deleted, error)
• The time stamp when volume creation initiated
• Any tags assigned to the volume

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example describes all volumes associated with your account.

PROMPT> ec2-describe-volumes
VOLUME vol-4d826724 800 us-east-1a in-use 2008-02-14T00:00:00+0000
ATTACHMENT vol-4d826724 i-6058a509 /dev/sdh attached 2008-02-14T00:00:17+0000
VOLUME vol-50957039 13 us-east-1a available 2008-02-091T00:00:00+0000
VOLUME vol-6682670f 1 us-east-1a in-use 2008-02-11T12:00:00+0000
ATTACHMENT vol-6682670f i-69a54000 /dev/sdh attached 2008-02-11T13:56:00+0000
VOLUME vol-932685fa 15 snap-a08912c9 us-east-1a in-use 2010-03-
31T12:17:07+0000
ATTACHMENT vol-932685fa i-71ca481a /dev/sda1 attached 2010-04-
06T14:16:00+0000
VOLUME vol-8975dae0 15 snap-a08912c9 us-east-1c deleting 2010-04-
07T14:59:27+0000
VOLUME vol-35be105c 10 us-east-1a available 2010-04-08T07:57:15+0000

Example Request
This example describes all volumes that are both attached to instance i-1a2b3c4d and also set to delete
when the instance terminates.

PROMPT> ec2-describe-volumes --filter "attachment.instance-id=i-1a2b3c4d" --

filter "attachment.delete-on-termination=true"

API Version 2012-06-15

400
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeVolumes

Related Commands
• ec2-create-snapshot (p. 126)
• ec2-delete-snapshot (p. 197)

API Version 2012-06-15

401
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-vpcs

ec2-describe-vpcs
Description
Describes your VPCs. You can filter the results to return information only about VPCs that match criteria
you specify. For example, you could get information only about VPCs whose state is available. You
can specify multiple values for the filter. A VPC must match at least one of the specified values for it to
be included in the results.

You can specify multiple filters (e.g., the VPC uses one of several sets of DHCP options, and the VPC's
state is available). The result includes information for a particular VPC only if it matches all your filters.
If there's no match, no special message is returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

cidr The CIDR block of the VPC. The CIDR block you specify must exactly match
the VPC's CIDR block for information to be returned for the VPC.
Type: String
Constraints: Must contain the slash followed by one or two digits (e.g., /28)

dchp-options-id The ID of a set of DHCP options.

Type: String

state The state of the VPC.

Type: String
Valid Values: pending | available

tag-value The value of a tag assigned to the resource. This filter is independent of the
tag-key filter.
Type: String

tag:key Filters the results based on a specific tag/value combination.

API Version 2012-06-15

402
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

vpc-id The ID of the VPC.

Type: String

The short version of this command is ec2dvpc.

Syntax
ec2-describe-vpcs [ vpc_id ... ] [[--filter name=value] ...]

Options
Name Description Required

vpc_id The ID of a VPC. No

Type: String
Default: Returns information about all your
VPCs.
Example: vpc-1a2b3c4d

-F, --filter name=value A filter for limiting the results. See the No
preceding table for a list of allowed filter names
and values. You need to use quotation marks
if the value string has a space (e.g.,
"name=value example"). If you're using the
command line tools on a Windows system, you
might need to use quotation marks, even when
there is no space in the value string (e.g.,
"name=value").
Type: String
Default: Describes all VPCs you own, or only
those otherwise specified.
Example: --filter "tag-key=Production"

Common Options
Option Description

API Version 2012-06-15

403
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

404
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The VPC identifier

• The ID of the VPC
• The CIDR block of the VPC
• The current state of the VPC (pending or available)
• The ID of the DHCP options associated with the VPC (or default if none)
• Any tags assigned to the VPC
• The allowed tenancy of instances launched into the VPC

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example gives a description of the VPC with ID vpc-1a2b3c4d.

PROMPT> ec2-describe-vpcs vpc-1a2b3c4d

VPC vpc-1a2b3c4d available 10.0.0.0/23 dopt-7a8b9c2d

Example Request
This example uses filters to give a description of any VPC you own that uses the set of DHCP options
with ID dopt-7a8b9c2d or dopt-2b2a3d3c and whose state is available.

PROMPT> ec2-describe-vpcs --filter "dhcp-options-id=dopt-7a8b9c2d" --filter

"dhcp-options-id=dopt-2b2a3d3c" --filter "state=available"
VPC vpc-1a2b3c4d available 10.0.0.0/23 dopt-7a8b9c2d

API Version 2012-06-15

405
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeVpcs

Related Commands
• ec2-create-vpc (p. 145)
• ec2-delete-vpc (p. 213)
• ec2-associate-dhcp-options (p. 26)
• ec2-create-dhcp-options (p. 80)

API Version 2012-06-15

406
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-vpn-connections

ec2-describe-vpn-connections
Description
Describes your VPN connections. You can filter the results to return information only about VPN
connections that match criteria you specify. For example, you could get information only about VPN
connections whose state is pending or available. You can specify multiple values for the filter. A VPN
connection must match at least one of the specified values for it to be included in the results.

You can specify multiple filters (e.g., the VPN connection is associated with a particular virtual private
gateway, and the gateway's state is pending or available). The result includes information for a
particular VPN connection only if it matches all your filters. If there's no match, no special message is
returned; the response is simply empty.

The following table shows the available filters.

Filter Name Description

customer-gateway-con The configuration information for the customer gateway.

figuration Type: String

customer-gateway-id The ID of a customer gateway associated with the VPN connection.

Type: String

state The state of the VPN connection.

Type: String
Valid values: pending | available | deleting | deleted

tag-value The value of a tag assigned to the resource. This filter is independent of the
tag-key filter.
Type: String

tag:key Filters the results based on a specific tag/value combination.

API Version 2012-06-15

407
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

type The type of VPN connection. Currently the only supported type is ipsec.1.
Type: String
Valid values: ipsec.1

vpn-connection-id The ID of the VPN connection.

Type: String

vpn-gateway-id The ID of a virtual private gateway associated with the VPN connection.
Type: String

For VPN connections in the pending or available state only, you can also optionally get the configuration
information for the VPN connection's customer gateway. You do this by specifying a format with the
--format option, or by specifying an XSL stylesheet of your own design with the --stylesheet option
(you were also able to do this when you created the VPN connection).

For more information about Amazon Virtual Private Cloud and VPN connections, see Adding an IPsec
Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2dvpn.

Syntax
ec2-describe-vpn-connections [vpn_connection_id ... ] [{--format format} |
{--stylesheet your_stylesheet}] [[--filter name=value] ...]

Options
Name Description Required

vpn_connection_id A VPN connection ID. You can specify more No

than one in the request.
Type: String
Default: Returns information about all your VPN
connections.
Example: vpn-44a8938f

API Version 2012-06-15

408
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

--format format Includes customer gateway configuration No

information in the response, in the format
specified by this option. The information is
returned only if the VPN connection is in the
pending or available state. The returned
information can be formatted for various
devices, including a Cisco device (cisco-ios-isr)
or Juniper device (juniper-junos-j), in human
readable format (generic), or in the native XML
format (xml).
Type: String
Default: None
Valid values: cisco-ios-isr |
juniper-junos-j |
juniper-screenos-6.2 |
juniper-screenos-6.1 | generic | xml
Example: --format cisco-ios-isr

--stylesheet Includes customer gateway configuration No

your_stylesheet information in the response, formatted
according to the custom XSL stylesheet you
specify with this option. The information is
returned only if the VPN connection is in the
pending or available state.
Type: String
Default: None
Example: --stylesheet c:\my_stylesheet.xsl

-F, --filter name=value A filter for limiting the results. See the No
preceding table for a list of allowed filter names
and values. You need to use quotation marks
if the value string has a space (e.g.,
"name=value example"). If you're using the
command line tools on a Windows system, you
might need to use quotation marks, even when
there is no space in the value string (e.g.,
"name=value").
Type: String
Default: Describes all VPN connections you
own, or only those otherwise specified.
Example: --filter "tag-key=Production"

API Version 2012-06-15

409
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

410
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The VPNCONNECTION identifier

• The VPN connection ID
• The type of VPN connection
• The customer gateway ID
• The virtual private gateway ID
• The state of the VPN connection (pending, available, deleting, deleted)
• Configuration information for the customer gateway (optional and available only if the VPN connection
is in the pending or available state)
• Any tags assigned to the VPN connection

Amazon EC2 command line tools display errors on stderr.

API Version 2012-06-15

411
Amazon Elastic Compute Cloud CLI Reference
Examples

Examples
Example Request
This example gives a description of the VPN connection with ID vpn-44a8938f. The example specifies
that the configuration information be formatted as needed for a Cisco customer gateway. Because it's a
long set of information, we haven't displayed it here in the response. To see an example of the configuration
information, see the Amazon Virtual Private Cloud Network Administrator Guide.

PROMPT> ec2-describe-vpn-connections vpn-44a8938f --format cisco-ios-isr

VPNCONNECTION vpn-44a8938f ipsec.1 vgw-8db04f81 cgw-b4dc3961 available
<Long customer gateway configuration data formatted for Cisco device... >

Example Request
This example uses filters to give a description of any VPN connection you own associated with the
customer gateway with ID cgw-b4dc3961, and whose state is either pending or available. Note that
it doesn't use the option that causes the output to include the customer gateway configuration.

PROMPT> ec2-describe-vpn-connections --filter "customer-gateway-id=cgw-b4dc3961"

--filter "state=pending" --filter "state=available"
VPNCONNECTION vpn-44a8938f ipsec.1 vgw-8db04f81 cgw-b4dc3961 available

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeVpnConnections

Related Commands
• ec2-create-vpn-connection (p. 149)
• ec2-delete-vpn-connection (p. 216)

API Version 2012-06-15

412
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-vpn-gateways

ec2-describe-vpn-gateways
Description
Describes your virtual private gateways. You can filter the results to return information only about virtual
private gateways that match criteria you specify. For example, you could get information only about virtual
private gateways whose state is pending or available. You can specify multiple values for the filter.
A virtual private gateway must match at least one of the specified values for it to be included in the results.

You can specify multiple filters (e.g., the virtual private gateway is in a particular Availability Zone and
the gateway's state is pending or available). The result includes information for a particular virtual
private gateway only if it matches all your filters. If there's no match, no special message is returned; the
response is simply empty.

The following table shows the available filters.

Filter Name Description

attachment.state The current state of the attachment between the gateway and the VPC.
Type: String
Valid values: attaching | attached | detaching | detached

attachment.vpc-id The ID of an attached VPC.

Type: String

availability-zone The Availability Zone the virtual private gateway is in.

Type: String

state The state of the virtual private gateway.

Type: String
Valid values: pending | available | deleting | deleted

tag-value The value of a tag assigned to the resource. This filter is independent of the
tag-key filter.
Type: String

API Version 2012-06-15

413
Amazon Elastic Compute Cloud CLI Reference
Syntax

Filter Name Description

tag:key Filters the results based on a specific tag/value combination.

type The type of virtual private gateway. Currently the only supported type is
ipsec.1.
Type: String
Valid values: ipsec.1

vpn-gateway-id The ID of the virtual private gateway.

Type: String

For more information about Amazon Virtual Private Cloud and virtual private gateways, see Adding an
IPsec Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2dvgw.

Syntax
ec2-describe-vpn-gateways [vpn_gateway_id ... ] [[--filter name=value] ...]

Options
Name Description Required

vpn_gateway_id A virtual private gateway ID. You can specify No

more than one in the request.
Type: String
Default: Returns information about all your
virtual private gateways.
Example: vgw-8db04f81

-F, --filter name=value A filter for limiting the results. See the No
preceding table for a list of allowed filter names
and values. You need to use quotation marks
if the value string has a space (e.g.,
"name=value example"). If you're using the
command line tools on a Windows system, you
might need to use quotation marks, even when
there is no space in the value string (e.g.,
"name=value").
Type: String
Default: Describes all virtual private gateways
you own, or only those otherwise specified.
Example: --filter "tag-key=Production"

API Version 2012-06-15

414
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

415
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The VPNGATEWAY identifier

• The virtual private gateway ID
• The state of the virtual private gateway (pending, available, deleting, deleted)
• The Availability Zone where the virtual private gateway was created
• The type of VPN connection the virtual private gateway supports
• The VGWATTACHMENT identifier
• The ID of each attached VPC and the state of each attachment (attaching, attached, detaching, detached)
• Any tags assigned to the virtual private gateway

Amazon EC2 command line tools display errors on stderr.

API Version 2012-06-15

416
Amazon Elastic Compute Cloud CLI Reference
Examples

Examples
Example Request
This example gives a description of the virtual private gateway with ID vgw-8db04f81.

PROMPT> ec2-describe-vpn-gateways vgw-8db04f81

VPNGATEWAY vgw-8db04f81 available us-east-1a ipsec.1
VGWATTACHMENT vpc-1a2b3c4d attached

Example Request
This example uses filters to give a description of any virtual private gateway you own that is in the
us-east-1a Availability Zone, and whose state is either pending or available.

PROMPT> ec2-describe-vpn-gateways --filter "availability-zone=us-east-1a" --

filter "state=pending" --filter "state=available"
VPNGATEWAY vgw-8db04f81 available ipsec.1
VGWATTACHMENT vpc-1a2b3c4d attached

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DescribeVpnGateways

Related Commands
• ec2-create-vpn-gateway (p. 154)
• ec2-delete-vpn-gateway (p. 219)

API Version 2012-06-15

417
Amazon Elastic Compute Cloud CLI Reference
ec2-detach-internet-gateway

ec2-detach-internet-gateway
Description
Detaches an Internet gateway from a VPC, disabling connectivity between the Internet and the VPC. The
VPC must not contain any running instances with Elastic IP addresses. For more information about your
VPC and Internet gateway, see the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2detigw.

Syntax
ec2-detach-internet-gateway vpn_gateway_id -c vpc_id

Options
Name Description Required

vpn_gateway_id The ID of the Internet gateway. Yes

Type: String
Default: None
Example: igw-8db04f81

-c, --vpc vpc_id The ID of the VPC. Yes

Type: String
Default: None
Example: -c vpc-1a2b3c4d

Common Options
Option Description

API Version 2012-06-15

418
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

419
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• Boolean true or false

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example detaches the Internet gateway with ID igw-eaad4883 from the VPC with ID vpc-11ad4878.

PROMPT> ec2-detach-internet-gateway igw-eaad4883 -c vpc-11ad4878

RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DetachInternetGateway

Related Commands
• ec2-detach-internet-gateway (p. 34)
• ec2-create-internet-gateway (p. 96)
• ec2-delete-internet-gateway (p. 172)
• ec2-describe-internet-gateways (p. 299)

API Version 2012-06-15

420
Amazon Elastic Compute Cloud CLI Reference
ec2-detach-network-interface

ec2-detach-network-interface
Description
Detaches a network interface from an instance. The NETWORKATTACHMENT parameter is the ID of
the attachment.

The short version of this command is ec2detnic.

Syntax
ec2-detach-network-interface NETWORKATTACHMENT -f, --force

Options
Name Description Required

-f, --force Forcefully disconnect the network interface from the No

instance.
Type: String
Default: None

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

421
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

422
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns the name of the network attachment that was detached.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example detaches the specified network interface.

PROMPT> ec2-detach-network-interface eni-attach-083fda61

ATTACHMENT eni-attach-083fda61 detaching

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DetachNetworkInterface

Related Commands
• ec2-attach-network-interface (p. 37)
• ec2-create-network-interface (p. 111)
• ec2-delete-network-interface (p. 185)
• ec2-describe-network-interface-attribute (p. 314)
• ec2-describe-network-interfaces (p. 318)
• ec2-modify-network-interface-attribute (p. 483)
• ec2-reset-network-interface-attribute (p. 549)

API Version 2012-06-15

423
Amazon Elastic Compute Cloud CLI Reference
ec2-detach-volume

ec2-detach-volume
Description
Detaches an Amazon EBS volume from an instance. Make sure to unmount any file systems on the
device within your operating system before detaching the volume. Failure to do so will result in volume
being stuck in "busy" state while detaching. For more information about Amazon EBS, see Using Amazon
Elastic Block Store in the Amazon Elastic Compute Cloud User Guide.

Note

If an Amazon EBS volume is the root device of an instance, it cannot be detached while the
instance is in the ‘running’ state. To detach the root volume, stop the instance first.

If the root volume is detached from an instance with an AWS Marketplace product code, then
the AWS Marketplace product codes from that volume are no longer associated with the instance.

The short version of this command is ec2detvol.

Syntax
ec2-detach-volume volume_id [--instance instance_id [--device device]] [--force]

Options
Name Description Required

volume_id The ID of the volume. Yes

Type: String
Default: None
Example: vol-4282672b

-i, --instance The ID of the instance. No

instance_id Type: String
Default: None
Example: -i i-6058a509

-d, --device device The device name. No

Type: String
Default: None
Example: -d /dev/sdh

API Version 2012-06-15

424
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-f, --force Forces detachment if the previous detachment attempt No

did not occur cleanly (logging into an instance,
unmounting the volume, and detaching normally).This
option can lead to data loss or a corrupted file system.
Use this option only as a last resort to detach a volume
from a failed instance. The instance will not have an
opportunity to flush file system caches or file system
metadata. If you use this option, you must perform file
system check and repair procedures.
Type: Boolean
Default: None
Example: -f

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

425
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The ATTACHMENT identifier

• The ID of the volume

API Version 2012-06-15

426
Amazon Elastic Compute Cloud CLI Reference
Examples

• The ID of the instance

• The device name by which the volume is exposed within the instance
• The attachment state (e.g., detaching)
• The time stamp when detaching was initiated

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example detaches volume vol-4d826724.

PROMPT> ec2-detach-volume vol-4d826724

ATTACHMENT vol-4d826724 i-6058a509 /dev/sdh detaching 2008-02-14T00:00:17+0000

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DetachVolume

Related Commands
• ec2-attach-volume (p. 40)
• ec2-create-volume (p. 141)
• ec2-delete-volume (p. 210)
• ec2-describe-volumes (p. 396)

API Version 2012-06-15

427
Amazon Elastic Compute Cloud CLI Reference
ec2-detach-vpn-gateway

ec2-detach-vpn-gateway
Description
Detaches a virtual private gateway from a VPC. You do this if you're planning to turn off the VPC and not
use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by
describing the virtual private gateway (any attachments to the virtual private gateway are also described).

You must wait for the attachment's state to switch to detached before you can delete the VPC or attach
a different VPC to the virtual private gateway.

For more information about Amazon Virtual Private Cloud and virtual private gateways, see Adding an
IPsec Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2detvgw.

Syntax
ec2-detach-vpn-gateway -p vpn_gateway_id -c vpc_id

Options
Name Description Required

-p vpn_gateway_id The ID of the virtual private gateway. Yes

Type: String
Default: None
Example: -p vgw-8db04f81

-c vpc_id The ID of the VPC. Yes

Type: String
Default: None
Example: -c vpc-1a2b3c4d

Common Options
Option Description

API Version 2012-06-15

428
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

429
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The VPNGATEWAY identifier

• The ID of the VPC
• The state of detachment (attaching, attached, detaching, detached)

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example detaches the virtual private gateway with ID vgw-8db04f81 from the VPC with VPC ID
vpc-1a2b3c4d.

PROMPT> ec2-detach-vpn-gateway -p vgw-8db04f81 -c vpc-1a2b3c4d

VGWATTACHMENT vpc-1a2b3c4d detaching

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DetachVpnGateway

Related Commands
• ec2-attach-vpn-gateway (p. 44)
• ec2-describe-vpn-gateways (p. 413)

API Version 2012-06-15

430
Amazon Elastic Compute Cloud CLI Reference
ec2-disassociate-address

ec2-disassociate-address
Description
Disassociates an Elastic IP address from the instance or network interface it's assigned to.

This action applies to both EC2 Elastic IP addresses and VPC Elastic IP addresses. For information about
VPC addresses and how they differ from EC2 addresses, see Elastic IP Addresses in the Amazon Virtual
Private Cloud User Guide.

This is an idempotent action. If you enter it more than once, Amazon EC2 does not return an error.

The short version of this command is ec2disaddr.

Syntax
ec2-disassociate-address {ip_address | -a association_id}

Options
Name Description Required

ip_address The EC2 Elastic IP address. Conditional

Type: String
Default: None
Condition: Required for EC2 Elastic IP addresses.
Example: 192.0.2.1

-a, The association ID. Conditional

--association-id Type: String
assocation_id Default: None
Condition: Required for VPC Elastic IP addresses.
Example: -a eipassoc-fc5ca095

Common Options
Option Description

API Version 2012-06-15

431
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

432
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The ADDRESS identifier

• The Elastic IP address

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example disassociates the EC2 Elastic IP address (192.0.2.1) from the instance it's assigned to.

PROMPT> ec2-disassociate-address 192.0.2.1

ADDRESS 192.0.2.1

Example Request
This example disassociates the VPC Elastic IP address with association ID eipassoc-048c746d from the
instance it's assigned to.

PROMPT> ec2-disassociate-address -a eipassoc-048c746d

ADDRESS eipassoc-048c746d

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DisassociateAddress

API Version 2012-06-15

433
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Commands
• ec2-allocate-address (p. 13)
• ec2-associate-address (p. 21)
• ec2-describe-addresses (p. 225)
• ec2-release-address (p. 510)

API Version 2012-06-15

434
Amazon Elastic Compute Cloud CLI Reference
ec2-disassociate-route-table

ec2-disassociate-route-table
Description
Disassociates a subnet from a route table.

After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the
routes in the VPC's main route table. For more information about route tables, see Route Tables in the
Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2disrtb.

Syntax
ec2-disassociate-route-table route_table_association_id

Options
Name Description Required

route_table_associat The association ID representing the current Yes

ion_id association between the route table and
subnet.
Type: String
Default: None
Example: rtbassoc-61a34608

Common Options
Option Description

API Version 2012-06-15

435
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

436
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• Boolean true or false

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example disassociates the route table with association ID rtbassoc-fdad4894 from the subnet it's
associated to.

PROMPT> ec2-disassociate-route-table rtbassoc-fdad4894

RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• DisassociateRouteTable

Related Commands
• ec2-associate-route-table (p. 30)
• ec2-create-route-table (p. 123)
• ec2-delete-route-table (p. 194)
• ec2-describe-route-tables (p. 345)
• ec2-replace-route-table-association (p. 525)

API Version 2012-06-15

437
Amazon Elastic Compute Cloud CLI Reference
ec2-enable-volume-io

ec2-enable-volume-io
Description
Enables I/O operations for a volume that had I/O operations disabled because the data on the volume
was potentially inconsistent.

The short version of this command is ec2evio.

Syntax
ec2-enable-volume-io volume_id

Options
Name Description Required

volume_id The ID of the volume. Yes

Type: String
Default: None
Example: vol-43a4412a

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

438
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

439
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a Boolean value indicating whether the request succeeded.

• Boolean value representing whether the call succeeded.

Amazon EC2 command line tools display errors on stderr.

Example
Example Request
This example enables the I/O operations for the volume vol-232323.

PROMPT> ec2-enable-volume-io vol-232323

RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• EnableVolumeIO

Related Commands
• ec2-describe-volume-status (p. 390)

API Version 2012-06-15

440
Amazon Elastic Compute Cloud CLI Reference
ec2-fingerprint-key

ec2-fingerprint-key
Description
Computes and displays the fingerprint for a private key produced by Amazon EC2.

This operation is performed entirely on the client-side. Network access is not required.

The short version of this command is ec2fp.

Syntax
ec2-fingerprint-key keyfile

Options
Name Description Required

keyfile The path to a file containing an unencrypted Yes

PEM-encoded PKCS#8 private key.
Type: String
Default: None
Example: mykey.pem

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

441
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

442
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• A key fingerprint. This is formatted as a hash digest with each octet separated by a colon

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example computes and displays the fingerprint for the mykey.pem private key.

PROMPT> ec2-fingerprint-key mykey.pem

00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Related Topics
Download
• Getting Started with the Command Line Tools

Related Commands
• ec2-describe-keypairs (p. 304)

API Version 2012-06-15

443
Amazon Elastic Compute Cloud CLI Reference
ec2-get-console-output

ec2-get-console-output
Description
Retrieves console output for the specified instance.

Amazon EC2 instances do not have a physical monitor through which you can view their console output.
They also lack physical controls that allow you to power up, reboot, or shut them down. To allow these
actions, we provide them through the Amazon EC2 API and the command line tools.

Instance console output is buffered and posted shortly after instance boot, reboot, and termination.
Amazon EC2 preserves the most recent 64 KB output which will be available for at least one hour after
the most recent post.

For Linux/UNIX instances, the Amazon EC2 instance console output displays the exact console output
that would normally be displayed on a physical monitor attached to a machine. This output is buffered
because the instance produces it and then posts it to a store where the instance's owner can retrieve it.

For Windows instances, the Amazon EC2 instance console output displays the last three system event
log errors.

The short version of this command is ec2gcons.

Syntax
ec2-get-console-output instance_id [-r]

Options
Name Description Required

instance_id The ID of the instance. Yes

Type: String
Default: None
Example: i-10a64379

-r, Returns raw output without escapes to facilitate No

--raw-console-output reading.
Type: String
Default: Disabled
Example: -r

Common Options
Option Description

API Version 2012-06-15

444
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

445
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The instance ID
• A timestamp indicating the time of the last update
• The instance console output. By default the ^ESC character is escaped and duplicate new-lines are
removed to facilitate reading

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example retrieves the console output for the i-10a64379 Linux and UNIX instance.

PROMPT> ec2-get-console-output i-10a64379

i-10a64379
2010-04-08T09:20:29+0000
Linux version 2.6.21.7-2.ec2.v1.2.fc8xen (root@domU-12-34-56-0A-78-01) (gcc
version 4.1.2 20070925 (Red Hat 4.1.2-33)) #1 SMP Fri Nov 20 19:22:36 EST 2009
BIOS-provided physical RAM map:
sanitize start
sanitize bail 0
copy_e820_map() start: 0000000000000000 size: 000000006ac00000 end:
000000006ac00000 type: 1
Xen: 0000000000000000 - 000000006ac00000 (usable)
980MB HIGHMEM available.
727MB LOWMEM available.
NX (Execute Disable) protection: active
...

API Version 2012-06-15

446
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• GetConsoleOutput

Related Commands
• ec2-run-instances (p. 568)

API Version 2012-06-15

447
Amazon Elastic Compute Cloud CLI Reference
ec2-get-password

ec2-get-password
Description
Retrieves and decrypts the administrator password for the instances running Windows.

You must specify the key pair used to launch the instance.

Note

The Windows password is only generated the first time an AMI is launched. It is not generated
for rebundled AMIs or after the password is changed on an instance.
The password is encrypted using the key pair that you provided.
There is no SOAP or Query version of the ec2-get-password command.
Password generation and encryption takes a few moments. Please wait up to 15 minutes after
launching an instance before trying to retrieve the generated password.

The short version of this command is ec2gpass.

Syntax
ec2-get-password instanceId -k key_file

Options
Name Description Required

instance_id A Windows instance ID. Yes

Type: String
Default: None
Example: i-9b76d0f3

-k, The file that contains the private key used to launch Yes
--priv-launch-key the instance.
key_file Type: String
Default: None
Example: -k windows-keypair.pem

Common Options
Option Description

API Version 2012-06-15

448
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

449
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The Windows administrator password

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example returns the administrator password for the i-2574e22a instance.

PROMPT> ec2-get-password i-2574e22a -k windows-keypair.pem

q96A40B9w

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• GetPasswordData

Related Commands
• ec2-run-instances (p. 568)
• ec2-describe-instances (p. 285)

API Version 2012-06-15

450
Amazon Elastic Compute Cloud CLI Reference
ec2-import-instance

ec2-import-instance
Description
Creates a new import instance task using metadata from the specified disk image, and imports the image
to Amazon EC2. For more information about prerequisites for importing an instance, see Before You Get
Started and Using the Command Line Tools to Import Your Virtual Machine to Amazon EC2 in the Amazon
Elastic Compute Cloud User Guide.

Note

ec2-import-instance and ec2-import-volume commands that are part of Amazon EC2

API command line tools downloaded after 09-15-2011 upload the images to Amazon EC2 after
creating the import task. Previously, we used ec2-upload-disk-image for the upload task;
ec2-upload-disk-image is deprecated.

If the upload task doesn't complete, use ec2-resume-import to resume the import from where it was
interrupted.

The short version of this command is ec2iin.

Syntax
ec2-import-instance -t instance_type [-g group] -f file_format -a architecture
-b s3_bucket_name [-o owner] -w secret_key [--prefix prefix] [--manifest-url
url] [-s volume_size ] [-z availability_zone] [-d description] [--user-data
user_data] [--user-data-file disk_image_filename] [--subnet subnet_id]
[--private-ip-address ip_address] [--monitor]
[--instance-initiated-shutdown-behavior behavior ] [--x days]
[--ignore-region-affinity] [--dry-run] [--no-upload] [--dont-verify-format]

Options
Name Description Required

-t, --instance-type The type of instance to be launched. Yes

Note

The -a option is only honored if the -t option

is passed. If the -t option is not passed, then
-a is treated as i386. If the –t option is not
passed, the instance type defaults to
m1.small.

API Version 2012-06-15

451
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-g, --group group The security group within which the instances should No
be run. Determines the ingress firewall rules that are
applied to the launched instances. Only one security
group is supported for an instance.
Type: String
Default: Your default security group
Example: -g myGroup

-f, --format file_format The file format of the disk image. Yes
Type: String
Default: None
Valid values: VMDK | RAW | VHD
Example: -f VMDK

-a, --architecture The architecture of the image. Yes

architecture Type: String
Default: i386
Valid values: i386 | x86_64
Condition: Required if instance type is specified;
otherwise defaults to i386.

Note

Using this option ensures that your image is

imported as the expected instance type.

The -a option is only honored if the -t option

is passed. If the -t option is not passed, then
-a is treated as i386. If the –t option is not
passed, the instance type defaults to
m1.small.
Example: -a i386

--bucket s3_bucket_name The Amazon S3 destination bucket for the manifest. Yes
Type: String
Default: None
Condition: The --manifest-url parameter is not
specified.
Example: myawsbucket

-o, --owner-akid The access key ID of the bucket owner. No

access_key_id Type: String
Default: None
Example: AKIAIOSFODNN7EXAMPLE

-w, --owner-sak The secret access key of the bucket owner. Yes
secret_access_key Type: String
Default: None
Example:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

API Version 2012-06-15

452
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

--prefix prefix The prefix for the manifest file and disk image file parts No
within the Amazon S3 bucket.
Type: String
Default: None
Example: --prefix MyDiskParts

--manifest-url url The URL for an existing import manifest file already No
uploaded to Amazon S3.
Type: String
Default: None. This option cannot be specified if the
--bucket option is present.
Example: my-ami.manifest.xml

-s, --volume-size The size of the Amazon EBS volume, in GiB (2^30 No
volume_size bytes), that will hold the converted image. If not
specified, EC2 calculates the value using the disk
image file.
Type: String
Default: None
Example: -s 30

-z, --availability-zone The Availability Zone for the converted VM. No

availability_zone Type: String
Default: None
Valid values: Use
ec2-describe-availability-zones for a list of
values
Example: -z us-east-1

-d, --description An optional, free-form comment returned verbatim No

description during subsequent calls to
ec2-describe-conversion-tasks.
Type: String
Default: None
Constraint: Maximum length of 255 characters
Example: -d Test of ec2-import-instance

--user-data user_data User data to be made available to the imported No

instance.
Type: String
Default: None
Example: --user-data This is user data

--user-data-file The file containing user data made available to the No

disk_image_filename imported instance.
Type: String
Default: None
Example: --user-data-file my_data_file

API Version 2012-06-15

453
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

--subnet subnet_id If you're using Amazon Virtual Private Cloud, this No

specifies the ID of the subnet into which you're
launching the instance.
Type: String
Default: None
Example: --subnet subnet-f3e6ab83

--private-ip-address If you're using Amazon Virtual Private Cloud, this No

ip_address specifies the specific IP address within subnet to use.
Type: String
Default: None
Example: --private-ip-address 10.0.0.3

--monitor Enables monitoring of the specified instance(s). No

Type: String
Default: None
Example: --monitor

--instance-initiated If an instance shutdown is initiated, this determines No

-shutdown-behavior whether the instance stops or terminates.
behavior Type: String
Default: None
Valid values: stop | terminate
Example: --instance-initiated-shutdown-behavior stop

-x, --expires The validity period for the signed Amazon S3 URLS No
days that allow EC2 to access the manifest.
Type: String
Default: 30 days
Example: -x 10

--ignore-region-affinity Ignores the verification check to determine whether No

the bucket's Amazon S3 Region matches the EC2
Region where the conversion task is created.
Type: None
Default: None
Example: --ignore-region-affinity

--dry-run Does not create an import task, only validates that the No
disk image matches a known type.
Type: None
Default: None
Example: --dry-run

--no-upload Does not upload a disk image to Amazon S3, only No

creates an import task. To complete the import task
and upload the disk image, use ec2-resume-import.
Type: None
Default: None
Example: --no-upload

API Version 2012-06-15

454
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

--dont-verify-format Does not verify the file format. We don't recommend No

this option because it can result in a failed conversion.
Type: None
Default: None
Example: --dont-verify-format

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

API Version 2012-06-15

455
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns the following information:

• Task ID, which you will use in other commands

• General information about the disk image, such as the size and format
• General information about the import operation, such as the status, bytes received, and expiration
deadline

Amazon EC2 command line tools display errors on stderr.

API Version 2012-06-15

456
Amazon Elastic Compute Cloud CLI Reference
Example

Example
Example Request
This example creates an import instance task that migrates a Windows Server 2008 SP2 (32-bit) VM into
the AWS us-east-1 Region.

PROMPT> ec2-import-instance ./WinSvr8-disk1.vmdk –f VMDK -o AKIAIOSFODNN7EXAMPLE

-w wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -b myawsbucket

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ImportInstance

Related Commands
• ec2-cancel-conversion-task (p. 63)
• ec2-delete-disk-image (p. 164)
• ec2-describe-conversion-tasks (p. 240)
• ec2-import-volume (p. 462)
• ec2-resume-import (p. 557)

API Version 2012-06-15

457
Amazon Elastic Compute Cloud CLI Reference
ec2-import-keypair

ec2-import-keypair
Description
Imports the public key from an RSA key pair that you created with a third-party tool. Compare this with
ec2-create-keypair, in which AWS creates the key pair and gives the keys to you (AWS keeps a
copy of the public key). With ec2-import-keypair, you create the key pair and give AWS just the
public key. The private key is never transferred between you and AWS.

You can easily create an RSA key pair on Windows and Linux using the ssh-keygen command line tool
(provided with the standard OpenSSH installation). Standard library support for RSA key pair creation is
also available in Java, Ruby, Python, and many other programming languages.

Supported formats:

• OpenSSH public key format (e.g., the format in ~/.ssh/authorized_keys)

• Base64 encoded DER format
• SSH public key file format as specified in RFC4716

DSA keys are not supported. Make sure your key generator is set up to create RSA keys.

Supported lengths: 1024, 2048, and 4096.

The short version of this command is ec2ikey.

Syntax
ec2-import-keypair key_name --public-key-file key_file

Options
Name Description Required

key_name A unique name for the key pair. Yes

Type: String
Default: None
Constraints: Accepts alphanumeric characters, spaces,
dashes, and underscores.
Example: myfavoritekeypair

-f, The path and name of the file containing the public Yes
--public-key-file key.
key_file Type: String
Default: None
Example: -f C:\keys\myfavoritekeypair_public.ppk

API Version 2012-06-15

458
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

459
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
The command returns a table that contains the following information:

• The KEYPAIR identifier

• The name of the key pair
• The MD5 public key fingerprint as specified in section 4 of RFC4716

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example imports the public key from the file C:\keys\mykey.ppk.

PROMPT> ec2-import-keypair gsg-keypair --public-key-file C:\keys\mykey.ppk

KEYPAIR gsg-keypair 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

API Version 2012-06-15

460
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ImportKeyPair

Related Commands
• ec2-create-keypair (p. 99)
• ec2-delete-keypair (p. 175)
• ec2-describe-keypairs (p. 304)

API Version 2012-06-15

461
Amazon Elastic Compute Cloud CLI Reference
ec2-import-volume

ec2-import-volume
Description
Creates a new import volume task using metadata from the specified disk image, and imports the image
to Amazon EC2. For more information about prerequisites for importing a volume, see Before You Get
Started and Using the Command Line Tools to Import Your Virtual Machine to Amazon EC2 in the Amazon
Elastic Compute Cloud User Guide.

Note

ec2-import-instance and ec2-import-volume commands that are part of Amazon EC2

If the upload task doesn't complete, use ec2-resume-import to resume the import from where it was
interrupted.

The short version of this command is ec2ivol.

Syntax
ec2-import-volume disk_image -f file_format [-s volume_size] -z availability_zone
[-b s3_bucket_name] [-o owner] -w secret_key [--prefix prefix] [--manifest-url
url] [-d description] [--x days] [--ignore-region-affinity] [--dry-run]
[--no-upload] [--dont-verify-format]

Options
Name Description Required

disk_image The local file name of the disk image. Yes

Type: String
Default: None
Example: WinSvr8-64-disk1.vmdk

-f, --format file_format The file format of the disk image. Yes
Type: String
Default: None
Valid values: VMDK | RAW | VHD
Example: -f VMDK

-s, --volume-size The size, in GB (2^30 bytes), of an Amazon EBS No

volume_size volume that will hold the converted image. If not
specified, Amazon EC2 calculates the value using the
disk image file.
Type: String
Default: None
Example: -s 30

API Version 2012-06-15

462
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-z, --availability-zone The Availability Zone for the converted VM. No

zone Type: String
Valid values: Use
ec2-describe-availability-zones for a list of
values.
Example: -z us-east-1

-b, --bucket bucket The Amazon S3 destination bucket for the manifest. Yes
Type: String
Default: None
Condition: Required when the --manifest-url
parameter is not specified.
Example: -b myawsbucket

-o, --owner-akid The access key ID of the bucket owner. No

access_key_id Type: String
Default: None
Example: AKIAIOSFODNN7EXAMPLE

-w, --owner-sak The secret access key of the bucket owner. Yes
secret_access_key Type: String
Default: None
Example:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

--prefix prefix The prefix for the manifest file and disk image file parts No
within the Amazon S3 bucket.
Type: String
Default: None
Example: --prefix MyDiskParts

--manifest-url url The URL for an existing import manifest file already No
uploaded to Amazon S3.
Type: String
Default: None
Condition: This option cannot be specified if the
--bucket option is present.
Example: my-ami.manifest.xml

-d, --description An optional, free-form comment returned verbatim No

description during subsequent calls to
ec2-describe-conversion tasks.
Type: String
Default: None
Constraint: Maximum length of 255 characters
Example: -d Test of ec2-import-instance

API Version 2012-06-15

463
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-x, --expires The validity period for the signed Amazon S3 URLS No
days that allow EC2 to access the manifest.
Type: String
Default: 30 days
Example: -x 10

--ignore-region-affinity Ignores the verification check to determine whether No

the bucket's Amazon S3 Region matches the Amazon
EC2 Region where the conversion-task is created.
Type: None
Default: None
Example: --ignore-region-affinity

--dry-run Does not create an import task, only validates that the No
disk image matches a known type.
Type: None
Default: None
Example: --dry-run

--no-upload Does not upload a disk image to Amazon S3, only No

creates an import task. To complete the import task
and upload the disk image, use ec2-resume-import.
Type: None
Default: None
Example: --no-upload

--dont-verify-format Does not verify the file format. We don't recommend No

this option because it can result in a failed conversion.
Type: None
Default: None
Example: --dont-verify-format

Common Options
Option Description

API Version 2012-06-15

464
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

465
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns the following information:

• The percentage of the import completed

• The checksum value
• Information about the volume, such as the size and format

Amazon EC2 command line tools display errors on stderr.

Example
Example Request
This example creates an import volume task that migrates a Windows Server 2008 (32-bit) volume into
the AWS us-east-1 Region.

PROMPT>ec2-import-volume 123M.vmdk -f VMDK -z us-east-1a -s 9 -b myawsbucket -

o AKIAIOSFODNN7EXAMPLE -w wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ImportVolume

Related Commands
• ec2-cancel-conversion-task (p. 63)
• ec2-delete-disk-image (p. 164)
• ec2-describe-conversion-tasks (p. 240)

API Version 2012-06-15

466
Amazon Elastic Compute Cloud CLI Reference
Related Topics

• ec2-import-instance (p. 451)

• ec2-resume-import (p. 557)

API Version 2012-06-15

467
Amazon Elastic Compute Cloud CLI Reference
ec2-migrate-image

ec2-migrate-image
Description
Copies a bundled AMI from one Region to another.

Note

This tool replaces ec2-migrate-bundle (p. 613).

This tool does not work with AMIs backed by Amazon EBS.

The short version of this command is ec2mim.

Syntax
ec2-migrate-image --private-key private_key --cert cert -U url --owner-akid
access_key_id --owner-sak secret_access_key --bucket source_s3_bucket
--destination-bucket destination_s3_bucket --manifest manifest_path --acl acl
--location {US | EU} --ec2cert ec2_cert_path [--kernel kernel-id] [--ramdisk
ramdisk_id] {--no-mapping} --region mapping_region_name

Options
Name Description Required

-K, --private-key The path to your PEM-encoded RSA key file. No

private_key Type: String
Default: Uses EC2_PRIVATE_KEY environment
variable

-C, --cert cert The user's PEM encoded RSA public key certificate No
file.
Type: String
Default: Uses EC2_CERT environment variable
Example: -C
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem

-U, --url url The URL to use as the web service URL. No
Type: String
Default: https://ec2.amazonaws.com
Example: -U https://ec2.amazonaws.com

-o, --owner-akid The access key ID of the bucket owner. Yes

access_key_id Type: String
Default: None
Example: -o AKIAIOSFODNN7EXAMPLE

API Version 2012-06-15

468
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-w, --owner-sak The secret access key of the bucket owner. Yes
secret_access_key Type: String
Default: None
Example: -w
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

--bucket The source Amazon S3 bucket where the AMI is Yes

source_s3_bucket located, followed by an optional '/'-delimited path prefix.
Type: String
Default: None
Example: --bucket myawsbucket

--destination-bucket The destination Amazon S3 bucket, followed by an Yes

destination_s3_bucket optional '/'-delimited path prefix. If the destination
bucket does not exist, it is created.
Type: String
Default: None
Example: --destination-bucket myotherawsbucket

--manifest manifest The location of the Amazon S3 source manifest. Yes

Type: String
Default: None
Example: --manifest my-ami.manifest.xml

--location {US | The location of the destination Amazon S3 bucket. No

EU} Type: String
Valid values: US | EU
Default: US
Example: --location EU

--acl acl The access control list policy of the bundled image. Yes
Type: String
Valid values: public-read | aws-exec-read
Default: None
Example: --acl public-read

--kernel The ID of the kernel to select. No

Type: String
Default: None
Example: --kernel aki-ba3adfd3

--ramdisk The ID of the RAM disk to select. Some kernels require No

additional drivers at launch. Check the kernel
requirements for information on whether you need to
specify a RAM disk. To find kernel requirements, refer
to the Resource Center and search for the kernel ID.
Type: String
Default: None
Example: --ramdisk ari-badbad00

API Version 2012-06-15

469
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

--no-mapping Disables automatic mapping of kernels and RAM disks. No

Type: String
Default: Mapping is enabled.
Example: --no-mapping

--region region The Region to look up in the mapping file. No

Type: String
Default: Amazon EC2 attempts to determine the
Region from the location of the Amazon S3 bucket.
Example: --region eu-west-1

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

470
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• Status messages describing the stages and status of the migration

API Version 2012-06-15

471
Amazon Elastic Compute Cloud CLI Reference
Examples

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example copies the AMI specified in the my-ami.manifest.xml manifest from the US to the EU.

PROMPT> ec2-migrate-image --cert cert-THUMBPRINT.pem --private-key pk-THUMB

PRINT.pem --owner-akid
AKIAIOSFODNN7EXAMPLE --owner-sak wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY --
bucket myawsbucket
--destination-bucket my-eu-bucket --manifest my-ami.manifest.xml --acl aws-
exec-read --location EU
Copying 'my-ami.part.00'...
Copying 'my-ami.part.01'...
Copying 'my-ami.part.02'...
Copying 'my-ami.part.03'...
Copying 'my-ami.part.04'...
Copying 'my-ami.part.05'...
Copying 'my-ami.part.06'...
Copying 'my-ami.part.07'...
Copying 'my-ami.part.08'...
Copying 'my-ami.part.09'...
Copying 'my-ami.part.10'...
Your new bundle is in S3 at the following location:
my-eu-bucket/my-ami.manifest.xml

Related Topics
Download
• Getting Started with the Command Line Tools

Related Commands
• ec2-register (p. 504)
• ec2-run-instances (p. 568)

API Version 2012-06-15

472
Amazon Elastic Compute Cloud CLI Reference
ec2-modify-image-attribute

ec2-modify-image-attribute
Description
Modifies an attribute of an AMI.

Note

AWS Marketplace product codes cannot be modified. Images with an AWS Marketplace product
code cannot be made public.

The short version of this command is ec2mimatt.

Syntax
ec2-modify-image-attribute ami_id {-l (-a entity | -r entity) | --product-codes
code}

Options
Name Description Required

ami_id The AMI ID. Yes

Type: String
Default: None
Example: ami-2bb65342

-p, --product-codes The product code to add to the specified Amazon No

code S3-backed AMI. Once you add a product code to an
AMI, it can't be removed.
Type: String
Default: None
Example: -p D662E989

-l, Used with the --add or --remove flags to grant or Yes

--launch-permission revoke launch permissions.
Type: String
Default: None
Example: --launch-permission

-a, --add entity Adds a launch permission for the specified AWS Yes
account or for all accounts.
Type: String
Valid values: AWS account identifier | all
Default: None
Example: --launch-permission --add all

API Version 2012-06-15

473
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-r, --remove entity Removes a launch permission for the specified AWS Yes
account or for all users.
Type: String
Valid values: AWS account identifier | all
Default: None
Example: --launch-permission --remove all

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

API Version 2012-06-15

474
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The attribute type identifier

• The ID of the AMI on which attributes are being modified
• The action performed on the attribute
• The attribute or attribute list item value type
• The attribute or attribute list item value

Amazon EC2 command line tools display errors on stderr.

API Version 2012-06-15

475
Amazon Elastic Compute Cloud CLI Reference
Examples

Examples
Example Request
This example makes the AMI public (i.e., so any AWS account can launch it).

PROMPT> ec2-modify-image-attribute ami-2bb65342 -l -a all

launchPermission ami-2bb65342 ADD group all

Example Request
This example makes the AMI private (i.e., so only you as the owner can launch it).

PROMPT> ec2-modify-image-attribute ami-2bb65342 -l -r all

launchPermission ami-2bb65342 REMOVE group all

Example Request
This example grants launch permission to the AWS account with ID 444455556666.

PROMPT> ec2-modify-image-attribute ami-2bb65342 -l -a 444455556666

launchPermission ami-2bb65342 ADD userId 444455556666

Example Request
This example removes launch permission from the AWS account with ID 444455556666.

PROMPT> ec2-modify-image-attribute ami-2bb65342 -l -r 444455556666

launchPermission ami-2bb65342 REMOVE userId 444455556666

Example Request
This example adds the 774F4FF8 product code to the ami-61a54008 AMI.

PROMPT> ec2-modify-image-attribute ami-61a54008 -p 774F4FF8

productcodes ami-61a54008 productCode 774F4FF8

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ModifyImageAttribute

API Version 2012-06-15

476
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Commands
• ec2-reset-image-attribute (p. 542)
• ec2-describe-image-attribute (p. 262)

API Version 2012-06-15

477
Amazon Elastic Compute Cloud CLI Reference
ec2-modify-instance-attribute

ec2-modify-instance-attribute
Description
Modifies an attribute of an instance.

Note

If you want to add instance store volumes to an Amazon EBS-backed instance, you must add
them when you launch the instance. For more information, see Overriding the AMI's Block Device
Mapping in the Amazon Elastic Compute Cloud User Guide, or Adding A Default Instance Store
in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2minatt.

Syntax
ec2-modify-instance-attribute instance_id {--instance-type type | --kernel
kernel_id | --ramdisk ramdisk_id | --user-data user_data |
--disable-api-termination Boolean | --instance-initiated-shutdown-behavior
behavior | --block-device-mapping mapping | --source-dest-check Boolean |
--group-id group_id [...] }

Options
Name Description Required

instance_id The instance ID. Yes

Type: String
Default: None
Example: i-43a4412a

-t, --instance-type The type of the instance. No

type Type: String
Default: m1.small
Example: -t m1.large

--kernel kernel_id Sets the ID of the kernel associated with the AMI. No
Type: String
Default: None
Example: --kernel aki-1a2b3c4d

--ramdisk Sets the ID of the RAM disk associated with the AMI. No
ramdisk_id Type: String
Default: None
Example: --ramdisk ari-1a2b3c4d

API Version 2012-06-15

478
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

--user-data Specifies Base64-encoded MIME user data to be No

user_data made available to the instance(s) in this reservation.
Type: String
Default: None
Example: --user-data "My user data"

--disable-api-termin Specifies whether the instance can be terminated No

ation using the EC2 API. A value of true means you can't
Boolean terminate the instance using the API (i.e., the instance
is "locked"). A value of false means you can. You
must set this attribute to false to "unlock" an instance
and therefore be able to terminate it using the EC2
API.
Type: Boolean
Default: None
Example: --disable-api-termination false

--instance-initiated If an instance shutdown is initiated, this determines No

-shutdown-behavior whether the instance stops or terminates.
behavior Type: String
Valid values: stop | terminate
Default: stop
Example: --instance-initiated-shutdown-behavior stop

--block-device-mappi Modifies the DeleteOnTermination atttribute for No

ng volumes that are currently attached. The volume must
mapping be owned by the caller. If no value is specified for
DeleteOnTerminaton, the value defaults to true and
the volume will be deleted when the instance is
terminated.
Type: BlockDeviceMapping
Default: stop
Example: --b "/dev/sdb=vol-7eb96d16:false

--source-dest-check This attribute exists to enable a Network Address No

Boolean Translation (NAT) instance in a VPC to perform NAT.
The attribute controls whether source/destination
checking is enabled on the instance. A value of true
means checking is enabled, and false means
checking is disabled. The value must be false for
the instance to perform NAT. For more information,
see NAT Instances in the Amazon Virtual Private
Cloud User Guide.
Type: Boolean
Default: None
Example: --source-dest-check false

API Version 2012-06-15

479
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-g, --group-id This is applicable only to instances running in a VPC. No

group_id Use this parameter when you want to change the
security groups an instance is in. The new set of
groups you specify replaces the current set. You must
specify at least one group, even if it's just the default
security group in the VPC.You must specify the group
ID and not the group name.
For example, if you want the instance to be in
sg-1a1a1a1a and sg-9b9b9b9b, specify -g
sg-1a1a1a1a -g sg-9b9b9b9b.
Type: String
Default: None
Example: -g sg-1a1a1a1a

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

480
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The attribute type identifier

• The ID of the instance on which attributes are being modified

API Version 2012-06-15

481
Amazon Elastic Compute Cloud CLI Reference
Examples

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example changes the kernel for the instance.

PROMPT> ec2-modify-instance-attribute i-10a64379 --kernel aki-f70657b2

KERNEL i-10a64379 aki-f70657b2

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ModifyInstanceAttribute

Related Commands
• ec2-describe-instance-attribute (p. 274)
• ec2-reset-instance-attribute (p. 545)

API Version 2012-06-15

482
Amazon Elastic Compute Cloud CLI Reference
ec2-modify-network-interface-attribute

ec2-modify-network-interface-attribute
Description
Modifies a network interface attribute. You can specify only one attribute at a time.

The short version of this command is ec2mnicatt.

Syntax
ec2-modify-network-interface-attribute NETWORKINTERFACE -d, --description
DESCRIPTION -a, --attachment ATTACHMENT --delete-on-termination BOOLEAN
--source-dest-check BOOLEAN --group-id GROUP_ID

Options
Name Description Required

-d, --description Changes the description of the network interface. Yes

DESCRIPTION Type: String
Default: None
Example: -d "My Second ENI"

-a, --attachment Changes properties of the attachment. Yes

ATTACHMENT Type: String
Default: None
Constraints: Must be used in conjunction with
--delete-on-termination.
Example: -a eni-attach-09703260
–delete-on-termination false

--delete-on-termination Sets whether the network interface shall be deleted Yes

BOOLEAN when the network interface is detached.
Type: String
Default: None
Constraints: Must be used in conjunction with
--attachment.
Example: -a eni-attach-09703260
–delete-on-termination false

--source-dest-check Sets whether to enable the source/dest check on traffic Yes

BOOLEAN through this network interface.
Type: String
Default: None
Constraints: Valid options are 'true' and 'false'.
Example: --source-dest-check false

API Version 2012-06-15

483
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

--group-id GROUP_ID Replaces the security groups for this network interface. Yes
Type: String
Default: None
Example: --group-id sg-b90619d5 –groupd id
sg-a92639c9

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

API Version 2012-06-15

484
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns the name of the attribute that was modified.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example adds a description to the network interface.

API Version 2012-06-15

485
Amazon Elastic Compute Cloud CLI Reference
Related Topics

PROMPT> ec2-modify-network-interface-attribute eni-b35da6da -d "This is an ENI"

NETWORKINTERFACE eni-b35da6da description

This example turns off source/destination checking for network traffic across the network interface.

PROMPT> ec2-modify-network-interface-attribute eni-b35da6da --source-dest-check

false
NETWORKINTERFACE eni-b35da6da sourceDestCheck
SOURCEDESTCHECK false

This example changes the security group for the specified network interface.

PROMPT> ec2-modify-network-interface-attribute eni-b35da6da --group-id sg-

8ea1bce2
NETWORKINTERFACE eni-b35da6da group
GROUPID sg-8ea1bce2

This example retains the network interface when it is detached from an instance.

PROMPT> ec2-modify-network-interface-attribute eni-b35da6da --delete-on-termin

ation false -a eni-attach-083fda61
NETWORKINTERFACE eni-b35da6da attachment

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ModifyNetworkInterfaceAttribute

Related Commands
• ec2-attach-network-interface (p. 37)
• ec2-create-network-interface (p. 111)
• ec2-delete-network-interface (p. 185)
• ec2-describe-network-interface-attribute (p. 314)
• ec2-describe-network-interfaces (p. 318)
• ec2-detach-network-interface (p. 421)
• ec2-reset-network-interface-attribute (p. 549)

API Version 2012-06-15

486
Amazon Elastic Compute Cloud CLI Reference
ec2-modify-snapshot-attribute

ec2-modify-snapshot-attribute
Description
Adds or remove permission settings for the specified snapshot.

The short version of this command is ec2msnapatt.

Note

Snapshots with AWS Marketplace product codes cannot be made public.

Syntax
ec2-modify-snapshot-attribute snapshot_id -c [--add entity | --remove entity]

Options
Name Description Required

snapshot_id The ID of the snapshot. Yes

Type: String
Default: None
Example: snap-78a54011

-c, --crea Modifies the create volume permissions of the Yes

te-volume-permission snapshot.
Type: String
Default: None
Example: -c

-a, --add entity Adds a permission for the specified AWS account or
for all accounts.
Type: String
Valid values: AWS account identifier | all
Default: None
Example: -c --add all

--remove entity Removes a permission for the specified AWS account

or for all accounts.
Type: String
Valid values: AWS account identifier | all
Default: None
Example: -c --remove all

API Version 2012-06-15

487
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

488
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The createVolumePermission Identifier

• The ID of the snapshot
• The account IDs or 'all'
• The attribute type identifier
• The ID of the snapshot on which attributes are being modified
• The action performed on the attribute
• The attribute or attribute list item value type
• The attribute or attribute list item value

Amazon EC2 command line tools display errors on stderr.

API Version 2012-06-15

489
Amazon Elastic Compute Cloud CLI Reference
Examples

Examples
Example Request
This example makes the snap-78a54011 snapshot public.

PROMPT> ec2-modify-snapshot-attribute snap-7ddb6e14 -c --add 123456789012

createVolumePermission snap-7ddb6e14 ADD userId 123456789012

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ModifySnapshotAttribute

Related Commands
• ec2-create-snapshot (p. 126)
• ec2-describe-snapshot-attribute (p. 351)
• ec2-describe-snapshots (p. 354)
• ec2-reset-snapshot-attribute (p. 553)

API Version 2012-06-15

490
Amazon Elastic Compute Cloud CLI Reference
ec2-modify-volume-attribute

ec2-modify-volume-attribute
Description
Modifies a volume attribute.

By default, all I/O operations for the volume are suspended when the data on the volume is determined
to be potentially inconsistent, to prevent undetectable, latent data corruption. The I/O access to the volume
can be resumed by first issuing the ec2-enable-volume-io (p. 438) command to enable I/O access and
then checking the data consistency on your volume.

You can change the default behavior to resume I/O operations without issuing the
ec2-enable-volume-io (p. 438) command by setting the auto-enable-io attribute of the volume to true.
We recommend that you change this attribute only for volumes that are stateless or disposable, or for
boot volumes.

The short version of this command is ec2mvolatt.

Syntax
ec2-modify-volume-attribute volume_id ... --attribute_flag ATTRIBUTE_VALUE

Options
Name Description Required

volume_id The ID of the volume. Yes

Type: String
Example: vol-4282672b

-a --auto-enable-io Determines whether the volume should be Yes

auto-enabled for I/O operations.
Example: --auto-enable-io true

Common Options
Option Description

API Version 2012-06-15

491
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

492
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The ID of the volume

• A Boolean value for the attribute

Amazon EC2 command line tools display errors on stderr.

Example
Example Request
This example modifies the attribute of the volume vol-999999.

PROMPT> ec2-modify-volume-attribute vol-999999 --auto-enable-io true

VolumeId Attribute
vol-999999 autoEnableIo
AUTO-ENABLE-IO true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ModifyVolumeAttribute

Related Commands
• ec2-describe-volume-attribute (p. 386)
• ec2-describe-volume-status (p. 390)
• ec2-enable-volume-io (p. 438)

API Version 2012-06-15

493
Amazon Elastic Compute Cloud CLI Reference
ec2-monitor-instances

ec2-monitor-instances
Description
Enables monitoring for a running instance. For more information, see Monitoring Your Instances and
Volumes in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2min.

Syntax
ec2-monitor-instances instance_id [instance_id...]

Options
Name Description Required

instance_id The instance ID. Yes

Type: String
Default: None
Example: i-43a4412a

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

494
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

495
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The instance ID
• The monitoring state

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example enables monitoring for i-43a4412a and i-23a3397d.

PROMPT> ec2-monitor-instances i-43a4412a i-23a3397d

i-43a4412a monitoring-pending
i-23a3397d monitoring-pending

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• MonitorInstances

Related Commands
• ec2-run-instances (p. 568)
• ec2-unmonitor-instances (p. 594)

API Version 2012-06-15

496
Amazon Elastic Compute Cloud CLI Reference
ec2-purchase-reserved-instances-offering

ec2-purchase-reserved-instances-offering
Description
Purchases a Reserved Instance for use with your account. With Amazon EC2 Reserved Instances, you
purchase the right to launch Amazon EC2 instances for a period of time (without getting insufficient
capacity errors) and pay a lower usage rate for the actual time used.

Starting with the 2011-11-01 API version, AWS expanded its offering of Amazon EC2 Reserved Instances
to address a range of projected instance use. There are three types of Reserved Instances based on
customer utilization levels: Heavy Utilization, Medium Utilization, and Light Utilization. You determine the
type of the Reserved Instances offerings by including the optional offering-type parameter when
calling ec2-describe-reserved-instances-offerings. After you've identified the Reserved
Instance with the offering type you want, specify its --offering when you call
ec2-purchase-reserved-instances-offering.

The Medium Utilization offering type is equivalent to the Reserved Instance offering available before API
version 2011-11-01. If you are using tools that predate the 2011-11-01 API version,
ec2-describe-reserved-instances-offerings will only list information about the Medium
Utilization Reserved Instance offering type.

For more information about Reserved Instances, see Reserved Instances in the Amazon Elastic Compute
Cloud User Guide.

The short version of this command is ec2prio.

Syntax
ec2-purchase-reserved-instances-offering --offering offering --instance-count
count

Options
Name Description Required

-o, --offering The offering ID of the Reserved Instance. Yes

offering Type: String
Default: None
Example: -o 4b2293b4-5813-4cc8-9ce3-1957fc1dcfc8

-c, The number of Reserved Instances to purchase. Yes

--instance-count Type: Integer
count Default: 1
Example: -c 5

API Version 2012-06-15

497
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

498
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The RESERVEDINSTANCES identifier

• The ID(s) of the purchased Reserved Instances

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example illustrates a purchase of a Reserved Instances offering.

PROMPT> ec2-purchase-reserved-instances-offering --offering 649fd0c8-becc-49d9-

b259-fc8e2aa08833 --instance-count 3
RESERVEDINSTANCES b847fa93-0c31-405b-b745-b6bf00032333
b847fa93-0c31-405b-b745-b6bf00032334 b847fa93-0c31-405b-b745-b6bf00032335

API Version 2012-06-15

499
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• PurchaseReservedInstancesOffering

Related Commands
• ec2-describe-reserved-instances (p. 333)
• ec2-describe-reserved-instances-offerings (p. 339)

API Version 2012-06-15

500
Amazon Elastic Compute Cloud CLI Reference
ec2-reboot-instances

ec2-reboot-instances
Description
Requests a reboot of one or more instances. This operation is asynchronous; it only queues a request
to reboot the specified instance(s). The operation will succeed if the instances are valid and belong to
you. Requests to reboot terminated instances are ignored.

Note

If a Linux/UNIX instance does not cleanly shut down within four minutes, Amazon EC2 will
perform a hard reboot.

The short version of this command is ec2reboot.

Syntax
ec2-reboot-instances instance_id [instance_id ...]

Options
Name Description Required

instance_id One or more instance IDs of instances. Yes

Type: String
Default: None
Example: i-3ea74257

Common Options
Option Description

API Version 2012-06-15

501
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

502
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• This command displays no output on success

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example reboots an instance.

PROMPT> ec2-reboot-instances i-28a64341

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• RebootInstances

Related Commands
• ec2-run-instances (p. 568)

API Version 2012-06-15

503
Amazon Elastic Compute Cloud CLI Reference
ec2-register

ec2-register
Description
Registers a new AMI with Amazon EC2. When you're creating an AMI, this is the final step you must
complete before you can launch an instance from the AMI. For more information about creating AMIs,
see Creating Your Own AMIs in the Amazon Elastic Compute Cloud User Guide.

Note

For Amazon EBS-backed instances, the ec2-create-image command creates and registers
the AMI in a single request, so you don't have to register the AMI yourself.

You can also use the ec2-register-image action to create an EBS-backed AMI from a snapshot of
a root device volume. For more information, see Launching an Instance from a Snapshot in the Amazon
Elastic Compute Cloud User Guide.

If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by
Amazon S3 invalidates its registration. If you make changes to an image, deregister the previous image
and register the new image.

The short version of this command is ec2reg.

Note

You cannot register an image where a secondary (non-root) snapshot has AWS Marketplace
product codes.

Syntax
ec2-register {[manifest] -n name [-a architecture] [-b mapping [...]] [-d
description] [-s snapshot_id] [--kernel kernel_id] [--ramdisk ramdisk_id]
[--root-device-name name]}

Options
Name Description Required

manifest The full path to your AMI manifest in Amazon S3 Conditional

storage.
Type: String
Default: None
Condition: Required if registering an Amazon-S3
backed AMI.
Example: myawsbucket/image.manifest.xml

-n, --name name A name for your AMI. Yes

Type: String
Default: None
Constraints: 3-128 alphanumeric characters,
parenthesis (()), commas (,), slashes (/), dashes (-),
or underscores(_)
Example: -n "Standard Web Server"

API Version 2012-06-15

504
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-d, --description The description of the AMI. No

description Type: String
Default: None
Constraints: Up to 255 characters.
Example: -d "Standard Web Server AMI"

-a, --architecture The architecture of the image. No

architecture Type: String
Valid values: i386 | x86_64
Default: None
Example: -a i386

--kernel The ID of the kernel associated with the image. No

Type: String
Default: None
Example: --kernel aki-ba3adfd3

--ramdisk The ID of the RAM disk to associate with the image. No

Some kernels require additional drivers at launch.
Check the kernel requirements for information on
whether you need to specify a RAM disk.To find kernel
requirements, refer to the Resource Center and search
for the kernel ID.
Type: String
Default: None
Example: --ramdisk ari-badbad00

--root-device-name The root device name (e.g., /dev/sda1, or xvda). No

name Type: String
Default: /dev/sda1
Condition: Required if registering an Amazon
EBS-backed AMI.
Example: --root-device-name /dev/sda1

API Version 2012-06-15

505
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-b, Defines a block device mapping for the instance. This Conditional
--block-device-mapping argument is passed in the form of
mapping <devicename>=<blockdevice>.The devicename
is the name of the device within Amazon EC2. The
blockdevice can be one of the following values:

• none - specifies that an existing mapping of the

device from the AMI used to launch the instance
should be suppressed. For example:
/dev/sdc=none
• ephemeral[0..3] - specifies an instance store
volume to be mapped to the device. Example:
/dev/sdc=ephemeral0
• [snapshot-id]:[size]:[delete-on-termination
(true|false)] - specifies an EBS volume to be
mapped to the device. To create a volume from a
snapshot, specify the snapshot ID. To create an
empty EBS volume, omit the snapshot ID and pass
in a volume size instead; for example:
/dev/sdb=:20. You can also specify whether the
EBS volume should be deleted on termination of
the instance; this value is true by default.

You can specify multiple block-device-mapping

arguments in one call.
For more detailed information about block device
mapping, see Block Device Mapping in the Amazon
Elastic Compute Cloud User Guide.
Type: String
Default: None
Condition: If registering an Amazon EBS-backed AMI
from a snapshot, at a minimum you must specify a
block device mapping entry for the root device. Be
sure to include the device name (e.g., /dev/sda1 or
xvda) and the snapshot ID.
Example: -b "/dev/sda1=snap-7eb96d16"

Note

On Windows, the mapping argument must

be enclosed in double quotes, as shown in
the example.

-s, --snapshot The ID of the Amazon EBS snapshot to be used as No

snapshot the root device.
Type: String
Default: None
Example: -s snap-78a54011

API Version 2012-06-15

506
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

507
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The IMAGE identifier

• The ID of the newly registered machine image

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example registers the AMI specified in the image.manifest.xml manifest file, located in the bucket
named myawsbucket.

PROMPT> ec2-register myawsbucket/image.manifest.xml -n MyImage

IMAGE ami-78a54011

API Version 2012-06-15

508
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Example Request
This example registers an Amazon EBS snapshot to create an AMI backed by Amazon EBS.

PROMPT> ec2-register -n MyImage -s snap-65e34ab22

IMAGE ami-78a54023

Example Request
This example registers the AMI with an Amazon EBS snapshot as the root device, a separate snapshot
as a secondary device, and an empty 100 GiB Amazon EBS volume as a storage device.

PROMPT> ec2-register -n MyImage -s snap-6e3ad879 -b /dev/sdb=snap-823ea6df -b

/dev/sdc=:100
IMAGE ami-78a54043

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• RegisterImage

Related Commands
• ec2-deregister (p. 222)
• ec2-describe-images (p. 266)
• ec2-run-instances (p. 568)

API Version 2012-06-15

509
Amazon Elastic Compute Cloud CLI Reference
ec2-release-address

ec2-release-address
Description
Releases an Elastic IP address allocated to your account.

This command applies to both EC2 Elastic IP addresses and VPC Elastic IP addresses. For information
about VPC addresses and how they differ from EC2 addresses, see Elastic IP Addresses in the Amazon
Virtual Private Cloud User Guide.

If you run this action on an Elastic IP address that is already released, the address might be assigned to
another account, which will cause Amazon EC2 to return an error (AuthFailure).

Note

For EC2 addresses only: Releasing an IP address automatically disassociates it from any instance
it's associated with. To disassociate an IP address without releasing it, use the
ec2-diassociate-address command.
If you try to release a VPC address that's associated with an instance, Amazon EC2 returns an
error (InvalidIPAddress.InUse).

Important

After releasing an Elastic IP address, it is released to the IP address pool and might be unavailable
to your account. Make sure to update your DNS records and any servers or devices that
communicate with the address.

The short version of this command is ec2reladdr.

Syntax
ec2-release-address [ip_address | -a allocation_id}

Options
Name Description Required

ip_address The EC2 Elastic IP address. Conditional

Type: String
Default: None
Condition: Required for EC2 Elastic IP addresses.
Example: 192.0.2.1

-a, --allocation-id The allocation ID that AWS provided when you Conditional
allocation_id allocated the address for use with Amazon VPC.
Type: String
Default: None
Condition: Required for VPC Elastic IP addresses.
Example: -a eipalloc-5723d13e

API Version 2012-06-15

510
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

511
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The ADDRESS identifier

• The Elastic IP address

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example releases an EC2 Elastic IP address.

PROMPT> ec2-release-address 192.0.2.1

ADDRESS 192.0.2.1

API Version 2012-06-15

512
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Example Request
This example releases a VPC Elastic IP address associated with the account.

PROMPT> ec2-release-address -a eipalloc-5723d13e

ADDRESS eipalloc-5723d13e

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ReleaseAddress

Related Commands
• ec2-allocate-address (p. 13)
• ec2-associate-address (p. 21)
• ec2-describe-addresses (p. 225)
• ec2-disassociate-address (p. 431)

API Version 2012-06-15

513
Amazon Elastic Compute Cloud CLI Reference
ec2-replace-network-acl-association

ec2-replace-network-acl-association
Description
Changes which network ACL a subnet is associated with. By default when you create a subnet, it's
automatically associated with the default network ACL. For more information about network ACLs, see
Network ACLs in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2repnaclassoc.

Syntax
ec2-replace-network-acl-association network_acl_association_id -a network_acl_id

Options
Name Description Required

network_acl_associat The ID representing the current association Yes

ion_id between the original network ACL and the
subnet.
Type: String
Default: None
Example: aclassoc-33ae4b5a

-a, --network-acl The ID of the new ACL to associate with the Yes
network_acl_id subnet.
Type: String
Default: None
Example: -a acl-10b95c79

Common Options
Option Description

API Version 2012-06-15

514
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

515
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The ASSOCIATION identifier

• The new association ID and the network ACL ID

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example starts with a network ACL associated with a subnet, and a corresponding association ID
aclassoc-e5b95c8c. You want to associate a different network ACL (acl-5fb85d36) with the subnet. The
result is a new association ID representing the new association.

PROMPT> ec2-replace-network-acl-association aclassoc-e5b95c8c -a acl-5fb85d36

ASSOCIATION aclassoc-17b85d7e acl-5fb85d36

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ReplaceNetworkAclAssociation

Related Commands
• ec2-create-network-acl (p. 103)
• ec2-delete-network-acl (p. 178)
• ec2-describe-network-acls (p. 308)

API Version 2012-06-15

516
Amazon Elastic Compute Cloud CLI Reference
ec2-replace-network-acl-entry

ec2-replace-network-acl-entry
Description
Replaces an entry (i.e., rule) in a network ACL. For more information about network ACLs, see Network
ACLs in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2repnae.

Syntax
ec2-replace-network-acl-entry acl_id -n rule_number [--egress] -P protocol -r
cidr [-p port_range] [-t icmp_type_code] { --allow | --deny }

Options
Name Description Required

acl_id The ID of the ACL. Yes

Type: String
Default: None
Example: acl-5fb85d36

-n, --rule-number The rule number of the entry to replace. Yes

rule_number Type: Number
Default: None
Example: -n 100

--egress Optional flag to indicate whether to replace the egress No

rule.
Default: If no value is specified, we replace the ingress
rule

-r, --cidr cidr The CIDR range to allow or deny, in CIDR notation. Yes
Type: String
Default: None
Example: -r 172.16.0.0/24

API Version 2012-06-15

517
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

--allow Allows any traffic matching the rule. Conditional

Condition: Either --allow or --deny must be specified,
but not both.

--deny Denies any traffic matching the rule. Conditional

Condition: Either --allow or --deny must be specified,
but not both.

Common Options
Option Description

API Version 2012-06-15

518
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

519
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• Boolean true or false

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example replaces the egress entry numbered 110 in the network ACL with ID acl-2cb85d45. The
new rule denies egress traffic destined for anywhere (0.0.0.0/0) on TCP port 139.

PROMPT> ec2-replace-network-acl-entry acl-2cb85d45 -n 110 --egress -r 0.0.0.0/0

-P tcp -p 139 --deny
RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ReplaceNetworkAclEntry

Related Commands
• ec2-create-network-acl-entry (p. 106)
• ec2-delete-network-acl-entry (p. 181)
• ec2-describe-network-acls (p. 308)

API Version 2012-06-15

520
Amazon Elastic Compute Cloud CLI Reference
ec2-replace-route

ec2-replace-route
Description
Replaces an existing route within a route table in a VPC. For more information about route tables, see
Route Tables in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2reprt.

Syntax
ec2-replace-route route_table_id -r cidr {-g gateway_id | -i instance_id | -n,
--network-interface NETWORKINTERFACE}

Options
Name Description Required

route_table_id The ID of the route table. Yes

Type: String
Default: None
Example: rtb-5da34634

-r, --cidr The CIDR address block used for the Yes
cidr destination match. Routing decisions are based
on the most specific match.
Type: String
Default: None
Example: -r 0.0.0.0/0

-g, --gateway gateway_id The ID of a gateway in your VPC. Conditional

Type: String
Default: None
Condition: You must provide one of the
following: a gateway ID, instance ID, or a
network interface ID.
Example: -g igw-68a34601

-i, --instance The ID of a NAT instance in your VPC. Conditional

instance_id Type: String
Default: None
Condition: You must provide one of the
following: a gateway ID, instance ID, or a
network interface ID.
Example: -i i-a7c871e3

API Version 2012-06-15

521
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-n, --network-interface The network interface associated with the Conditional

NETWORKINTERFACE route.
Type: String
Default: None
Condition: You must provide one of the
following: a gateway ID, instance ID, or a
network interface.
Example: -n eni-5b729933

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

API Version 2012-06-15

522
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• Boolean true or false

Amazon EC2 command line tools display errors on stderr.

API Version 2012-06-15

523
Amazon Elastic Compute Cloud CLI Reference
Examples

Examples
Example Request
This example replaces a route in the route table with ID rtb-e4ad488d. The new route matches the CIDR
10.0.0.0/8 and sends it to the virtual private gateway with ID vgw-1d00376e.

PROMPT> ec2-replace-route rtb-e4ad488d -r 10.0.0.0/8 -g vgw-1d00376e

RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ReplaceRoute

Related Commands
• ec2-create-route (p. 119)
• ec2-delete-route (p. 191)
• ec2-describe-route-tables (p. 345)

API Version 2012-06-15

524
Amazon Elastic Compute Cloud CLI Reference
ec2-replace-route-table-association

ec2-replace-route-table-association
Description
Changes the route table associated with a subnet in a VPC.

You can also use this to change which table is the main route table in the VPC. You just specify the main
route table's association ID and the route table that you want to be the new main route table.

After you execute this action, the subnet uses the routes in the new route table it's associated with. For
more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2reprtbassoc.

Syntax
ec2-replace-route-table-association route_table_association_id -r route_table_id

Options
Name Description Required

route_table_associat The ID for the existing association to replace Yes

ion_id (which was returned to you when you
associated the original route table with the
subnet).
Type: String
Default: None
Example: rtbassoc-93a045fa

-r route_table_id The ID of the new route table to associate with Yes

the subnet.
Type: String
Default: None
Example: -r rtb-6aa34603

Common Options
Option Description

API Version 2012-06-15

525
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

526
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The ASSOCIATION identifier

• The new association ID
• The route table ID

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example starts with a route table associated with a subnet, and a corresponding association ID
rtbassoc-f8ad4891. You want to associate a different route table (table rtb-f9ad4890) to the subnet. The
result is a new association ID representing the new association.

PROMPT> ec2-replace-route-table-association rtbassoc-f8ad4891 -r rtb-f9ad4890

ASSOCIATION rtbassoc-61a34608 rtb-f9ad4890

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ReplaceRouteTableAssociation

API Version 2012-06-15

527
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Commands
• ec2-create-route-table (p. 123)
• ec2-delete-route-table (p. 194)
• ec2-describe-route-tables (p. 345)
• ec2-disassociate-route-table (p. 435)
• ec2-replace-route-table-association (p. 525)

API Version 2012-06-15

528
Amazon Elastic Compute Cloud CLI Reference
ec2-report-instance-status

ec2-report-instance-status
Description
Reports the status for instances that you own.

This command works only for instances that are in the running state. If you disagree with the instance
status returned by the ec2-report-instance-status action, use ec2-report-instance-status
command to report a more accurate status. Amazon EC2 collects this information to improve the accuracy
of status checks.

Note

Use of this action does not change the value returned by ec2-report-instance-status.

To report an instance's status, specify an instance ID with the INSTANCE parameter and a reason code
with the --reason parameter that applies to that instance. The following table contains descriptions of
all available reason codes.

Reason Code Description

instance-stuck-in-state My instance is stuck in a state.

unresponsive My instance is unresponsive.

not-accepting-credentials My instance is not accepting my credentials.

password-not-available A password is not available for my instance.

performance-network My instance is experiencing performance problems which I

believe are network related.

performance-instance-store My instance is experiencing performance problems which I

believe are related to the instance stores.

performance-ebs-volume My instance is experiencing performance problems which I

believe are related to an EBS volume.

performance-other My instance is experiencing performance problems.

other Other, explained in the submitted description parameter.

The short version of this command is ec2rep.

Syntax
ec2-report-instance-status [instance_id ...] [[--filter name=value] ...]

Options
Name Description Required

instance_id The IDs of the instances. Yes

Type: String
Example: i-15a4417c

API Version 2012-06-15

529
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

--status The status of all instances listed in the instance_id Yes

parameter.
Type: String
Valid values: ok | impaired

--reason A reason code that describes a specific instance's Yes

health state. Each code you supply corresponds to an
instance ID that you supply with the InstanceID.n
parameter. See the Description (p. 529) section for
descriptions of each reason code.
Type: String
Valid values: instance-stuck-in-state |
unresponsive | not-accepting-credentials |
password-not-available |
performance-network |
performance-instance-store |
performance-ebs-volume | performance-other
| other

--start-time The time at which the reported instance health state No

began.
The date uses the format: yyyy-MM-dd'T'HH:mm:ss
Type: DateTime
Example: 2011-07-25T14:00:00

--end-time The time at which the reported instance health state No

ended.
The date uses the format: yyyy-MM-dd'T'HH:mm:ss
Type: DateTime
Example: 2011-07-25T14:00:00

--description Descriptive text about the instance health state. No

Type: String
Default: None

Common Options
Option Description

API Version 2012-06-15

530
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

531
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The request ID
• A Boolean return value that indicates whether Amazon EC2 accepted the values.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example reports the current state of the instance as impaired.

PROMPT> ec2-report-instance-status i-15a4417c --status="impaired" --reason="un

responsive"

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ReportInstanceStatus

Related Commands
• ec2-describe-instance-status (p. 279)

API Version 2012-06-15

532
Amazon Elastic Compute Cloud CLI Reference
ec2-request-spot-instances

ec2-request-spot-instances
Description
Creates a Spot Instance request. Spot Instances are instances that Amazon EC2 starts on your behalf
when the maximum price that you specify exceeds the current Spot Price. Amazon EC2 periodically sets
the Spot Price based on available Spot Instance capacity and current Spot Instance requests. For more
information about Spot Instances, see Spot Instances in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2rsi.

Syntax
ec2-request-spot-instances ami_id --addressing addressing_type --price price
[--instance-count count] [--type type] [--valid-from timestamp] [--valid-until
timestamp] [--launch-group group] [--availability-zone-group group] [--user-data
data | --user-data-file data-file] [--group group [--group group ...]] [--key
key-pair] [--instance-type type] [--subnet subnet_id] [--availability-zone zone]
[--kernel kernel] [--ramdisk ramdisk] [--block-device-mapping mapping]
[--monitor] [--iam-profile arn|name]

Options
Name Description Required

ami_id The ID of the AMI. Yes

Type: String
Default: None
Example: ami-2bb65342

-p, --price price The maximum hourly price for any Spot Instance Yes
launched to fulfill the request.
Type: String
Default: None
Example: -p .15

-n, The maximum number of Spot Instances to launch. No

--instance-count Type: xs:integer
count Default: 1
Example: -n 10

-r, --type type The Spot Instance request type. No

Type: String
Valid values: one-time | persistent
Default: one-time
Example: -r persistent

API Version 2012-06-15

533
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-s, --subnet The ID of the Amazon VPC subnet in which to launch No

subnet_id the Spot Instance.
Type: String
Default: None
Example: -s subnet-baab943d3

--valid-from date The start date of the request. If this is a one-time No

request, the request becomes active at this date and
time and remains active until all instances launch, the
request expires, or the request is canceled. If the
request is persistent, the request becomes active at
this date and time and remains active until it expires
or is canceled.
Type: DateTime
Default: Request is effective indefinitely.
Example: --valid-from 2009-12-31T11:51:50

--valid-until date The end date of the request. If this is a one-time No

request, the request remains active until all instances
launch, the request is canceled, or this date is reached.
If the request is persistent, it remains active until it is
canceled or this date and time is reached.
Type: DateTime
Default: Request is effective indefinitely.
Example: --valid-until 2009-12-31T11:51:50

--launch-group The instance launch group. Launch groups are Spot No

group Instances that launch together and terminate together.
Type: String
Default: Instances are launched and terminated
individually.
Example: --launch-group Skynet

API Version 2012-06-15

534
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

--availability-zone- The user-specified name for a logical grouping of bids. No

group When you specify --availability-zone-group
group in a Spot Instance request, all Spot Instances in the
request are launched in the same Availability Zone.
Instance proximity is maintained with this parameter,
but choice of Availability Zone is not.
--availability-zone-group applies only to bids
for Spot Instances of the same instance type. Any
additional Spot Instance requests that are specified
with the same --availability-zone-group name
will be launched in that same Availability Zone, as long
as at least one instance from the group is still active.
If there is no active instance running in the Availability
Zone group that you specify for a new Spot Instance
request (i.e., all instances are terminated, the bid is
expired, or the bid falls below current market), then
Amazon EC2 will launch the instance in any Availability
Zone where the constraint can be met. Consequently,
the subsequent set of Spot Instances could be placed
in a different zone from the original request, even if
the same --availability-zone-group name was
specified.
To ensure that all Spot Instances across all bids are
launched into a particular Availability Zone, specify
LaunchSpecification.Placement.AvailabilityZone
in the API or –-availability-zone in the CLI.
Type: String
Default: Instances are launched in any available
Availability Zone.
Example: --availability-zone-group batchGroup01

--placement-group The name of an existing placement group you want No

group_name to launch the instance into (for cluster instances).
Type: String
Default: Instances are launched in the default
placement group.
Example: --placement-group default

-d, --user-data The user data to make available to the instances. No

user_data Type: String
Default: None
Example: -d "My user data"

-g, --group group The name of the security group. No

Type: String
Default: User's default group.
Example: -g websrv

API Version 2012-06-15

535
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-k, --key key_name The name of the key pair. No

Type: String
Default: None
Example: -k MyKeyPair

-t, --instance-type The instance type. No

-z, The placement constraint (i.e., specific Availability No

--availability-zone Zone) for launching the instances.
zone Specify if you want all of the Spot Instances in all of
your bids to be launched in a particular Availability
Zone. Specifying this option requires Amazon EC2 to
find capacity in the specified Availability Zone instead
of letting Amazon EC2 pick the best Availability Zone
available; this can potentially delay the fulfillment of
your bid, and/or require a higher bid price.
Type: String
Default: Amazon EC2 selects an Availability Zone in
the current Region.
Example: -z us-east-1b

--kernel kernel The ID of the kernel to select. No

Type: String
Default: None
Example: --kernel aki-ba3adfd3

--ramdisk ramdisk The ID of the RAM disk to select. Some kernels require No
additional drivers at launch. Check the kernel
requirements for information on whether you need to
specify a RAM disk and search for the kernel ID.
Type: String
Default: None
Example: --ramdisk ari-badbad00

API Version 2012-06-15

536
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-b, A block device mapping for the instance. This No

--block-device-mapping argument is passed in the form of
mapping <devicename>=<blockdevice>.The devicename
is the name of the device within Amazon EC2. The
blockdevice can be one of the following values:

• none - specifies that an existing mapping of the

You can specify multiple block-device-mapping

Note

On Windows, the mapping argument must

be enclosed in double quotes, as shown in
the example.

--monitor Enables monitoring for the instance. No

Type: String
Default: Disabled
Example: --monitor

API Version 2012-06-15

537
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

--iam-profile The IAM instance profile to associate with the launched No

arn|name instance(s). IAM instance profiles enable you to
manage permissions for applications running on EC2.
This is either the Amazon Resource Name (ARN) of
the instance profile (e.g.,
arn:aws:iam::111111111111:instance-profile/s3access)
or the name of the role (e.g., s3access).
Type: String
Default: None
Example:
arn:aws:iam::111111111111:instance-profile/s3access

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

538
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The SPOTINSTANCEREQUEST identifier

• The ID of the Spot Instance request

API Version 2012-06-15

539
Amazon Elastic Compute Cloud CLI Reference
Examples

• Price
• Type (one-time or persistent)
• Product description (Linux/UNIX, Windows)
• State (active, open, closed, cancelled, failed)
• Create time
• Valid from
• Valid until
• Launch group
• Availability Zone group
• Image ID
• Instance type
• Key pair name
• Security group
• Monitoring status

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example creates a Spot Instances request for three m1.small instances.

PROMPT> ec2-request-spot-instances ami-b232d0db -p 0.04 --key gsg-keypair --

group default --instance-type m1.small -n 3 --type one-time
SPOTINSTANCEREQUEST sir-7545a802 0.04 one-time Linux/UNIX
open 2010-04-07T16:57:04+0200
ami-b232d0db m1.small gsg-keypair default mon
itoring-disabled
SPOTINSTANCEREQUEST sir-26d36202 0.04 one-time Linux/UNIX
open 2010-04-07T16:57:04+0200
ami-b232d0db m1.small gsg-keypair default mon
itoring-disabled
SPOTINSTANCEREQUEST sir-63fb5402 0.04 one-time Linux/UNIX
open 2010-04-07T16:57:04+0200
ami-b232d0db m1.small gsg-keypair default mon
itoring-disabled

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• RequestSpotInstances

API Version 2012-06-15

540
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Commands
• ec2-cancel-spot-instance-requests (p. 70)
• ec2-describe-spot-instance-requests (p. 363)
• ec2-describe-spot-price-history (p. 371)

API Version 2012-06-15

541
Amazon Elastic Compute Cloud CLI Reference
ec2-reset-image-attribute

ec2-reset-image-attribute
Description
Resets an attribute of an AMI to its default value.

Note

The productCodes attribute cannot be reset.

The short version of this command is ec2rimatt.

Syntax
ec2-reset-image-attribute ami_id -l

Options
Name Description Required

ami_id The ID of the AMI. Yes

Type: String
Default: None
Example: ami-15a4417c

-l, Resets the launch permissions of the AMI. No

--launch-permission Type: String
Default: None
Example: -l

Common Options
Option Description

API Version 2012-06-15

542
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

543
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The attribute type identifier

• The ID of the AMI
• The action identifier ("RESET")

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example resets the launchPermission attribute.

PROMPT> ec2-reset-image-attribute ami-6ba54002 -l

launchPermission ami-6ba54002 RESET

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ResetImageAttribute

Related Commands
• ec2-describe-image-attribute (p. 262)
• ec2-modify-image-attribute (p. 473)

API Version 2012-06-15

544
Amazon Elastic Compute Cloud CLI Reference
ec2-reset-instance-attribute

ec2-reset-instance-attribute
Description
Resets an attribute of an instance to its default value. To reset the kernel or RAM disk, the instance must
be in a stopped state. To reset the SourceDestCheck, the instance can be either running or stopped.

The SourceDestCheck attribute exists to enable a Network Address Translation (NAT) instance in a
VPC to perform NAT. The attribute controls whether source/destination checking is enabled on the
instance. The default value is true, which means checking is enabled. The value must be false for the
instance to perform NAT. For more information, see NAT Instances in the Amazon Virtual Private Cloud
User Guide.

The short version of this command is ec2rinatt.

Syntax
ec2-reset-instance-attribute instance_id { --kernel kernel_id | --ramdisk
ramdisk_id | --source-dest-check }

Options
Name Description Required

instance_id The ID of the instance. Yes

Type: String
Default: None
Example: i-43a4412a

--kernel Resets the ID of the kernel. No

Type: String
Default: None
Example: --kernel

--ramdisk Resets the ID of the RAM disk. No

Type: String
Default: None
Example: --ramdisk

--source-dest-check Resets the SourceDestCheck flag to true (which No

means source/destination checking is enabled).
Type: String
Default: None
Example: --source-dest-check

API Version 2012-06-15

545
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

546
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The attribute type identifier

• The ID of the instance
• The action identifier ("RESET")

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example resets the kernel attribute.

PROMPT> ec2-reset-instance-attribute i-10a64379 --kernel

kernel i-10a64379 RESET

API Version 2012-06-15

547
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ResetInstanceAttribute

Related Commands
• ec2-describe-instance-attribute (p. 274)
• ec2-modify-instance-attribute (p. 478)

API Version 2012-06-15

548
Amazon Elastic Compute Cloud CLI Reference
ec2-reset-network-interface-attribute

ec2-reset-network-interface-attribute
Description
Resets a network interface attribute. You can specify only one attribute at a time.

The short version of this command is ec2rnicatt.

Syntax
ec2-reset-network-interface-attribute NETWORKINTERFACE --source-dest-check

Options
Name Description Required

--source-dest-check Resets the source/dest check to the default value. Yes

Type: String
Default: True
Constraints: Valid options are 'true' and 'false'.
Example: --source-dest-check

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

549
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

550
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns the name of the network interface that was reset.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example resets network interface attributes for the specified network interface.

PROMPT> ec2-reset-network-interface-attribute eni-b35da6da --source-dest-check

sourceDestCheck eni-b35da6da RESET

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ResetNetworkInterfaceAttribute

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ResetNetworkInterfaceAttribute

Related Commands
• ec2-attach-network-interface (p. 37)
• ec2-create-network-interface (p. 111)
• ec2-delete-network-interface (p. 185)
• ec2-describe-network-interface-attribute (p. 314)

API Version 2012-06-15

551
Amazon Elastic Compute Cloud CLI Reference
Related Topics

• ec2-describe-network-interfaces (p. 318)

• ec2-detach-network-interface (p. 421)
• ec2-modify-network-interface-attribute (p. 483)

API Version 2012-06-15

552
Amazon Elastic Compute Cloud CLI Reference
ec2-reset-snapshot-attribute

ec2-reset-snapshot-attribute
Description
Resets permission settings for the specified snapshot.

The short version of this command is ec2rsnapatt.

Syntax
ec2-reset-snapshot-attribute snapshot_id -c

Options
Name Description Required

--snapshot snapshot The ID of the snapshot. Yes

Type: String
Default: None
Example: snap-78a54011

-c, --crea Resets the create volume permissions of the snapshot. Yes
te-volume-permission Type: String
Default: None
Example: -c

Common Options
Option Description

API Version 2012-06-15

553
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

554
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The createVolumePermission identifier

• The ID of the snapshot
• The action identifier ("RESET")

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example resets the permissions for snap-78a54011, making it a private snapshot that can only be
used by the account that created it.

PROMPT> ec2-reset-snapshot-attribute snap-7ddb6e14

createVolumePermission snap-7ddb6e14 RESET

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ResetSnapshotAttribute

Related Commands
• ec2-modify-snapshot-attribute (p. 487)
• ec2-describe-snapshot-attribute (p. 351)
• ec2-describe-snapshots (p. 354)

API Version 2012-06-15

555
Amazon Elastic Compute Cloud CLI Reference
Related Topics

• ec2-create-snapshot (p. 126)

API Version 2012-06-15

556
Amazon Elastic Compute Cloud CLI Reference
ec2-resume-import

ec2-resume-import
Description
Resumes the upload of a disk image associated with an import instance or import volume task ID. Amazon
EC2 supports import of VMDK, RAW, and VHD disk images.

If the upload task stops without completing, use this command to resume this upload. The upload task
will resume from where it left off. For more information, see Using the Command Line Tools to Import
Your Virtual Machine to Amazon EC2 in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2rim.

Syntax
ec2-resume-import -t task_id -o owner -w secret_key [-x days] [--user-threads
threads] [--part-size partsize] [--dry-run] [--dont-verify-format]
disk_image_filename

Options
Name Description Required

disk_image_filename The local file name of the disk image. Yes

Type: String
Default: None
Example: WinSvr8-32-disk1.vmdk

-t, --task The conversion task ID for the upload. Yes

task_id Type: String
Default: None
Example: -t import-i-ffvko9js

-o, --owner-akid The access key ID of the bucket owner. Yes

access_key_id Type: String
Default: None
Example: AKIAIOSFODNN7EXAMPLE

-w, --owner-sak The secret access key of the bucket owner. Yes
secret_access_key Type: String
Default: None
Example:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

-x, --expires The validity period for the signed Amazon S3 URLs No
days that allow EC2 to access your file.
Type: String
Default: 30 days
Example: -x 10

API Version 2012-06-15

557
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

--user-threads threads The maximum number of threads to concurrently No

upload the file with.
Type: String
Default: 20
Example: --user-threads 15

--part-size partsize The size of each individual file part (in MB) that will be No
uploaded. The file will be split into multiple parts at
most as large as the partsize parameter.
Type: String
Default: 8
Example: --part-size 3

--dry-run Does not upload the file, only validates that the disk No
image matches a known type.
Type: None
Default: None
Example: --dry-run

--dont-verify-format Does not verify the file format. We don't recommend No

this option because it can result in a failed conversion.
Type: None
Default: None
Example: --dont-verify-format

Common Options
Option Description

API Version 2012-06-15

558
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

559
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns the following information:

• The disk image size and format

• The converted volume size
• The EBS volume size
• The percentage of the upload completed

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example uploads the corresponding disk image of the Windows Server 2008 (32-bit) VM you want
to migrate.

PROMPT>ec2-resume-import ./WinSvr8-32-disk1.vmdk -t import-i-ffvko9js -o AKI

AIOSFODNN7EXAMPLE -w wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• ResumeImport

Related Commands
• ec2-cancel-conversion-task (p. 63)
• ec2-delete-disk-image (p. 164)

API Version 2012-06-15

560
Amazon Elastic Compute Cloud CLI Reference
Related Topics

• ec2-describe-conversion-tasks (p. 240)

• ec2-import-instance (p. 451)
• ec2-import-volume (p. 462)

API Version 2012-06-15

561
Amazon Elastic Compute Cloud CLI Reference
ec2-revoke

ec2-revoke
Description
Removes a rule from a security group. The rule can be for ingress traffic, or for egress traffic (only if this
is a VPC security group).

This command applies to both EC2 security groups and VPC security groups. For information about VPC
security groups and how they differ from EC2 security groups, see Security Groups in the Amazon Virtual
Private Cloud User Guide.

The values that you specify in the revoke request (e.g., ports, etc.) must match the existing rule's values
in order for the rule to be removed.

Permission changes are propagated to instances within the security group as quickly as possible. However,
a small delay might occur.

The short version of this command is ec2revoke.

Syntax
ec2-revoke group [--egress] [-P protocol] (-p port_range | -t icmp_type_code)
[-u source_or_dest_group_owner ...] [-o source_or_dest_group ...] [-s
source_or_dest_cidr ...]

Options
Name Description Required

group For EC2 groups: The name or ID of the security group Yes
to modify.
For VPC groups: The ID of the security group to modify
(e.g., sg-1a2b3c4d).
The group must belong to your AWS account.
Type: String
Default: None
Example: websrv

--egress Optional flag applicable only to VPC security groups. No

The flag designates the rule is an egress rule (i.e.,
controls traffic leaving the VPC security group).
Default: If this is not specified, the rule applies to
ingress traffic for the specified security group

API Version 2012-06-15

562
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-P, --protocol The name or number of the IP protocol to revoke (go Conditional
protocol to Protocol Numbers). EC2 security groups can have
rules only for TCP, UDP, and ICMP, whereas VPC
security groups can have rules assigned to any
protocol number.
When you call ec2-describe-group, the protocol
value returned is the number. Exception: For TCP,
UDP, and ICMP, the value returned is the name (e.g.,
tcp, udp, or icmp).
Type: String
Valid values for EC2 security groups: tcp | udp | icmp
or the corresponding protocol number (6 | 17 | 1).
Default for EC2 groups: Defaults to TCP if source
CIDR is specified (or implied by default), or all three
protocols (TCP, UDP, and ICMP) if source group is
specified (to ensure backwards compatibility).
Valid values for VPC groups: tcp | udp | icmp or any
protocol number (go to Protocol Numbers). Use all
to specify all protocols.
Condition: Required for VPC security groups.
Example: -P udp

-p port_range For TCP or UDP: The range of ports to revoke. Conditional

-t icmp_type_code For ICMP: The ICMP type and code to revoke. This Conditional
must be specified in the format type:code where both
are integers. You can use -1 for the type or code to
mean all types or all codes.
Type: String
Default: None
Condition: Required if specifying icmp (or the
equivalent number) for the protocol.
Example: -t -1:-1

API Version 2012-06-15

563
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-u, The ID of the AWS account that owns the source Conditional
source_or_dest_group_owner security group (for ingress rules) or destination security
group (for egress rules). If the group is in your own
account, set this to your own AWS account ID. Cannot
be used when specifying a CIDR IP address.
Type: String
Default: None
Condition: Required when revoking a rule that gives
access to one or more source security groups.
Example: -u 111122223333

-o The source security group (for ingress rules), or Conditional

source_or_dest_group destination security group (for egress rules). When
revoking a rule for a VPC security group, you must
specify the group's ID (e.g., sg-9d4e5f6g) instead of
its name. Cannot be used when specifying a CIDR IP
address with the -s option.
Type: String
Default: None
Condition: Required if revoking access to one or more
source or destination security groups.
Example: -o headoffice

-s, --cidr The CIDR range. Cannot be used when specifying a Conditional
source_or_dest_cidr source or destination security group with the -o option.
Type: String
Default: 0.0.0.0/0
Constraints: Valid CIDR IP address range.
Condition: Required if revoking access to one or more
IP address ranges.
Example: -s 205.192.8.45/24

Common Options
Option Description

API Version 2012-06-15

564
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

565
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns a table that contains the following information:

• The GROUP, PERMISSION identifier

• The group name; currently, an empty string
• The ype of rule; currently, only ALLOW rules are supported
• The protocol to allow
• The start of port range
• The end of port range
• The FROM identifier
• Source

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example revokes TCP port 80 access from the 205.192.0.0/16 address range for the websrv security
group.

PROMPT> ec2-revoke websrv -P tcp -p 80 -s 205.192.0.0/16

GROUP websrv
PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• RevokeSecurityGroupEgress

API Version 2012-06-15

566
Amazon Elastic Compute Cloud CLI Reference
Related Topics

• RevokeSecurityGroupIngress

Related Commands
• ec2-authorize (p. 48)
• ec2-create-group (p. 84)
• ec2-delete-group (p. 168)
• ec2-describe-group (p. 256)

API Version 2012-06-15

567
Amazon Elastic Compute Cloud CLI Reference
ec2-run-instances

ec2-run-instances
Description
Launches a specified number of instances of an AMI for which you have permissions.

If Amazon EC2 cannot launch the minimum number of AMIs you request, no instances are launched. If
there is insufficient capacity to launch the maximum number of AMIs you request, Amazon EC2 launches
the minimum number specified for each AMI and allocates the remaining available instances using round
robin.

Note

Every instance is launched in a security group (which you create using the ec2-create-group
command). If you don't specify a security group at launch time, the "default" security group is
used.

You can provide an optional key pair ID in the launch request (created using the ec2-create-keypair
or ec2-import-keypair command). The instances will have access to the public key at boot. You can
use this key to provide secure access to an instance of an image on a per-instance basis. Amazon EC2
public images use this feature to provide secure access without passwords.

The public key material is made available to the Linux instance at boot time by placing it in the
openssh_id.pub file on a logical device that is exposed to the instance as /dev/sda2 (the instance
store). The format of this file is suitable for use as an entry within ~/.ssh/authorized_keys (the
OpenSSH format). This can be done at boot (e.g., as part of rc.local) allowing for secure access
without passwords.

Important

Launching public images without a key pair ID will leave them inaccessible.

You can provide optional user data in the launch request. All instances that collectively comprise the
launch request have access to this data. For more information, see Instance Metadata in the Amazon
Elastic Compute Cloud User Guide.

Note

If any of the AMIs have a product code attached for which the user has not subscribed, the
ec2-run-instances command will fail.

The short version of this command is ec2run.

Syntax
ec2-run-instances ami_id [-n instance_count] [-g group [-g group ...]] [-k
keypair] [-d user_data |-f user_data_file] [--addressing addressing_type]
[--instance-type instance_type] [--availability-zone zone] [--kernel kernel_id]
[--ramdisk ramdisk_id] [--block-device-mapping block_device_mapping] [--monitor]
[--disable-api-termination] [--instance-initiated-shutdown-behavior behavior]
[--placement-group placement-group] [--tenancy tenancy] [--subnet subnet_id]
[--private-ip-address ip_address] [--client-token token] [--network-interface
networkinterface][--secondary-private-ip-address ip_address
|--secondary-private-ip-address-count count] [-p, --iam-profile arn|name]

API Version 2012-06-15

568
Amazon Elastic Compute Cloud CLI Reference
Options

Options
Name Description Required

ami_id The ID of the AMI, returned by a call to Yes

ec2-describe-images.
Type: String
Default: None
Example: ami-15a4417c

-n , The number of instances to launch. If Amazon EC2 No

--instance-count cannot launch the specified number of instances, no
min[-max] instances will launch. If this is specified as a range
(min-max), Amazon EC2 will try to launch the
maximum number, but no fewer than the minimum
number.
Type: String
Default: 1
Constraints: Between 1 and the maximum number
allowed for your account (default: 20).
Example: -n 5-10

-g, --group group The name of the security group. No

Type: String
Default: None
Example: -g websrv

-k, --key keypair The name of the key pair. No

Type: String
Default: None
Example: -k websvr-keypair

-d, --user-data Base64-encoded MIME user data to be made available No

user_data to the instance(s) in this reservation.
Type: String
Default: None
Example: -d s3-bucket:my-logs

-f, --user-data-file The file name of the user data to be made available No
filename to the instance(s) in this reservation.
Type: String
Default: None
Example: -f user-data.txt

--addressing Deprecated.

API Version 2012-06-15

569
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-t, --instance-type The instance type. No

-z, The Availability Zone in which to run the instance. No

--availability-zone Type: String
zone Default: None
Example: --availability-zone us-east-1a

--kernel kernel The ID of the kernel with which to launch the instance. No
Type: String
Default: None
Example: --kernel aki-ba3adfd3

--ramdisk ramdisk The ID of the RAM disk to select. Some kernels require No
additional drivers at launch. Check the kernel
requirements for information on whether you need to
specify a RAM disk. To find kernel requirements, refer
to the Resource Center and search for the kernel ID.
Type: String
Default: None
Example: --ramdisk ari-abcdef01

API Version 2012-06-15

570
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-b, A block device mapping for the instance. This No

--block-device-mapping argument is passed in the form of
mapping <devicename>=<blockdevice>.The devicename
is the device name of the physical device on the
instance to map. The blockdevice can be one of
the following values:

• none - specifies that an existing mapping of the

You can specify multiple blockdevicemapping

Note

On Windows, the mapping argument must

be enclosed in double quotes, as shown in
the example.

-m, --monitor Enables monitoring for the instance. No

Type: Boolean
Default: Disabled
Example: --monitor

API Version 2012-06-15

571
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

--disable-api-termin Disables the ability to terminate the instance using the No

ation EC2 API (i.e., "locks" the instance). To re-enable this
ability, you must change the
disableApiTermination attribute's value to false
using ec2-modify-instance-attribute.
Type: String
Default: False (you can terminate the instance using
the API)
Example: --disable-api-termination

--instance-initiated If an instance shutdown is initiated, this determines No

-shutdown-behavior whether the instance stops or terminates.
behavior Type: String
Valid values: stop | terminate
Default: stop
Example: --instance-initiated-shutdown-behavior stop

--placement-group The name of the placement group. No

placement-group Type: String
Valid values: cluster
Default: None
Example: --placement-group XYZ-cluster

--tenancy tenancy The tenancy of the instance. An instance with a No

tenancy of dedicated runs on single-tenant hardware
and can only be launched into a VPC.
Type: String
Valid values: default | dedicated
Default: default
Example: --tenancy dedicated

-s, --subnet If you're using Amazon Virtual Private Cloud, this No

subnet_id specifies the ID of the subnet you want to launch the
instance into.
Type: String
Default: None
Example: -s subnet-f3e6ab83

--private-ip-address If you're using Amazon Virtual Private Cloud, you can No

ip_address optionally use this parameter to assign the instance a
specific available primary private IP address from the
subnet.
Type: String
Default: Amazon VPC selects an IP address from the
subnet for the instance
Example: --private-ip-address 10.0.0.25

API Version 2012-06-15

572
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

--secondary-private-ip-address Assigns the specified IP address as a secondary No

IP_ADDRESS private IP address to the network interface or instance.
This option can be used multiple times to assign
multiple secondary IP addresses. This option is only
available for instances running in Amazon VPC.
You can do one of the following:

• Use the -–secondary-private–ip-address

option without a value, and AWS will automatically
assign a secondary private IP address within the
subnet range.
• Use the --secondary-private-ip-address
option and provide a specific IP address that you
want to assign.

You cannot specify this parameter when also

specifying
--secondary-private-ip-address-count
Type: String
Default: None
Example: --secondary-private-ip-address 10.0.2.18
-–secondary-private-ip-address 10.0.2.28

--secondary-private-ip-address-count The number of secondary IP addresses to assign to No

COUNT the network interface or instance. This option is only
available for instances running in Amazon VPC.
You cannot specify this parameter when also
specifying --secondary-private-ip-address
Type: Integer
Default: None
Example: --secondary-private-ip-address-count 2

--client-token Unique, case-sensitive identifier you provide to ensure No

token idempotency of the request. For more information, go
to How to Ensure Idempotency in the Amazon Elastic
Compute Cloud User Guide.
Type: String
Default: None
Constraints: Maximum 64 ASCII characters
Example: --client-token
550e8400-e29b-41d4-a716-446655440000

API Version 2012-06-15

573
Amazon Elastic Compute Cloud CLI Reference
Options

Name Description Required

-a, The network attachment for the launched instance. No

--network-interface The format of the NETWORKINTERFACE definition
NETWORKINTERFACE is as follows:
For an existing NETWORKINTERFACE - eni:dev
index
For a new NETWORKINTERFACE - dev
index:subnet[:description[:priv
IP[:SGs[:DOT[:SIP count [:SIPs]]]]]]] where SGs is a
comma separated list of security group IDs; DOT is
either true or false, denoting whether to delete the
interface on terminate;SIP count is the number of
secondary IP addresses to assign; and SIPs is a list
of secondary IP addresses. You cannot specify both
SIP count and SIPs.
Type: String
Default: None
Examples:

• Launch an instance with a specific interface for index

0 ec2run ami-0644f007 -a eni-d2b24dbb:0
• Launch an instance and specify interfaces for both
index 0 and index 1 ec2run ami-0644f007 -a
eni-d2b24dbb:0 -a eni-12345678:1
• Launch an instance and autocreate an interface for
index 0 with details and a specific interface for index
1 ec2-run-instances ami-31814f58 -a
:0:subnet-15ca247d:"My ENI" –a
eni-12345678:1
• Launch an instance with a specific interface for index
0 and autocreate an interface for index 1 with
specific values ec2-run-instances
ami-31814f58 -a eni-12345678:0 -a
:1:subnet-15ca247d:"My
ENI":10.0.0.10:sg-123456,sg-654321:false
• Launch an instance with a specific interface for index
0 with specific secondary IP addresses
ec2-run-instances ami-31814f58 -a
eni-12345678:0 -a
:1:subnet-15ca247d:"MyENI":::::10.0.0.18,10.0.0.25

-p, --iam-profile The IAM instance profile to associate with the launched No
arn|name instance(s). IAM instance profiles enable you to
manage permissions for applications running on EC2.
This is either the Amazon Resource Name (ARN) of
the instance profile (e.g.,
arn:aws:iam::111111111111:instance-profile/s3access)
or the name of the role (e.g., s3access).
Type: String
Default: None
Example:
arn:aws:iam::111111111111:instance-profile/s3access

API Version 2012-06-15

574
Amazon Elastic Compute Cloud CLI Reference
Common Options

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

API Version 2012-06-15

575
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The INSTANCE identifier

• The Instance ID
• The AMI ID of the image on which the instance(s) are based
• The instance state. This is usually pending, which indicates that the instance(s) are preparing to launch
• The key pair name (if a key pair was associated with the instance at launch)
• The AMI launch index
• The product code (if the AMI has a product code)
• The instance type
• The instance launch time
• The Availability Zone
• The kernel ID
• The RAM disk ID
• The monitoring status (monitoring-enabled or monitoring-disabled)
• The root device type (ebs or instance-store)
• The placement group of the cluster instance

API Version 2012-06-15

576
Amazon Elastic Compute Cloud CLI Reference
Examples

• The tenancy of the instance launched (if it is running within a VPC).

• The virtualization type (paravirtual or hvm)
• The hypervisor type (xen or ovm)
• Any private IP addresses associated with the instance (if it is running within a VPC).

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example launches three instances of the ami-b232d0db AMI.

PROMPT> ec2-run-instances ami-b232d0db -n 3 --availability-zone us-east-1a

RESERVATION r-385c5950 012301230123 default
INSTANCE i-5bca5a30 ami-b232d0db pending 0 m1.small 2010-04-07T12:25:47+0000
us-east-1a aki-94c527fd ari-96c527ff monitoring-disabled ebs paravirtual
xen
INSTANCE i-59ca5a32 ami-b232d0db pending 1 m1.small 2010-04-07T12:25:47+0000
us-east-1a aki-94c527fd ari-96c527ff monitoring-disabled ebs paravirtual
xen
INSTANCE i-5fca5a34 ami-b232d0db pending 2 m1.small 2010-04-07T12:25:47+0000
us-east-1a aki-94c527fd ari-96c527ff monitoring-disabled ebs paravirtual
xen

Example Request
This example launches an Amazon EBS-based Fedora image (ami-84db39ed) and provides a block
device mapping that mounts a public snapshot containing the 2000 US Census data.

PROMPT> ec2-run-instances ami-84db39ed -n 1 --b "/dev/sdb=snap-92d333fb::false"

RESERVATION r-5488ce3c 054794666394 default
INSTANCE i-770af21c ami-84db39ed pending 0 m1.small 2010-02-
25T00:08:00+0000 us-east-1c aki-94c527fd ari-96c527ff monitoring-
disabled ebs paravirtual xen

Example Request
This example launches an instance with a primary IP address of 10.0.0.146 and two secondary private
IP addresses of 10.0.0.148 and of 10.0.0.150 in subnet-c53c87ac.

PROMPT> ec2-run-instances ami-1cd4924e -k MyVPCKey -s subnet-c53c87ac -t

c1.medium --private-ip-address 10.0.0.146
--secondary-private-ip-address 10.0.0.148 --secondary-private-ip-address
10.0.0.150
RESERVATION r-68f2493c 053230519467
INSTANCE i-22197876 ami-1cd4924e pending MyVPCKey 0
c1.medium 2012-07-01T21:45:27+0000 ap-southeast-1b windows monitoring-
disabled 10.0.0.146
vpc-cc3c87a5 subnet-c53c87ac ebs hvm xen sg-3f4b5653 default

NIC eni-0f62d866 subnet-c53c87ac vpc-cc3c87a5 053230519467 in-use

API Version 2012-06-15

577
Amazon Elastic Compute Cloud CLI Reference
Related Topics

10.0.0.146 true
NICATTACHMENT eni-attach-6537fc0c 0 attaching 2012-07-01T14:45:27-
0700 true
GROUP sg-3f4b5653 default
PRIVATEIPADDRESS 10.0.0.146
PRIVATEIPADDRESS 10.0.0.148
PRIVATEIPADDRESS 10.0.0.150

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• RunInstances

Related Commands
• ec2-describe-instances (p. 285)
• ec2-stop-instances (p. 583)
• ec2-start-instances (p. 579)
• ec2-terminate-instances (p. 587)
• ec2-authorize (p. 48)
• ec2-revoke (p. 562)
• ec2-create-keypair (p. 99)
• ec2-create-group (p. 84)
• ec2-describe-group (p. 256)

API Version 2012-06-15

578
Amazon Elastic Compute Cloud CLI Reference
ec2-start-instances

ec2-start-instances
Description
Starts an instance that uses an Amazon EBS volume as its root device.

Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When
an instance is stopped, the compute resources are released and you are not billed for hourly instance
usage. However, your root partition Amazon EBS volume remains, continues to persist your data, and
you are charged for Amazon EBS volume usage. You can restart your instance at any time. Each time
you transition an instance from stopped to started, we charge a full instance hour, even if transitions
happen multiple times within a single hour.

Note

Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping
an instance does not preserve data stored in RAM.
Performing this operation on an instance that uses an instance store as its root device returns
an error.
You cannot start or stop Spot Instances.

For more information, see Using Amazon EBS-Backed AMIs and Instances.

The short version of this command is ec2start.

Syntax
ec2-start-instances instance_id [instance_id...]

Options
Name Description Required

instance_id The instance ID. Yes

Type: String
Default: None
Example: i-43a4412a

Common Options
Option Description

API Version 2012-06-15

579
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

580
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• INSTANCE identifier
• Instance ID
• Previous state
• Current state

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example starts the i-10a64379 instance.

PROMPT> ec2-start-instances i-10a64379

INSTANCE i-10a64379 stopped pending

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• StartInstances

API Version 2012-06-15

581
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Commands
• ec2-describe-instances (p. 285)
• ec2-run-instances (p. 568)
• ec2-stop-instances (p. 583)
• ec2-terminate-instances (p. 587)

API Version 2012-06-15

582
Amazon Elastic Compute Cloud CLI Reference
ec2-stop-instances

ec2-stop-instances
Description
Stops an instance that uses an Amazon EBS volume as its root device. Each time you transition an
instance from stopped to started, we charge a full instance hour, even if transitions happen multiple times
within a single hour.

Important

Although Spot Instances can use Amazon EBS-backed AMIs, they don't support Stop/Start. In
other words, you can't stop and start Spot Instances launched from an AMI with an Amazon EBS
root device.

Note

You can stop, start, and terminate EBS-backed instances. You can only terminate S3-backed instances.
What happens to an instance differs if you stop it or terminate it. For example, when you stop an instance,
the root device and any other devices attached to the instance persist. When you terminate an instance,
the root device and any other devices attached during the instance launch are automatically deleted. For
more information about the differences between stopping and terminating instances, go to the "Stop/Start"
and "Instance Termination" in Basics of Amazon EBS-Backed AMIS and Instances in the Amazon EC2
User Guide.

The short version of this command is ec2stop.

Syntax
ec2-stop-instances instance_id [instance_id...] [--force]

Options
Name Description Required

instance_id The ID of the instance. Yes

Type: String
Default: None
Example: i-43a4412a

API Version 2012-06-15

583
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-f, --force Forces the instance to stop. The instance will not have No
an opportunity to flush file system caches or file system
metadata. If you use this option, you must perform file
system check and repair procedures. This option is
not recommended for Windows instances.
Type: Boolean
Default: None
Example: None

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

API Version 2012-06-15

584
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

Output
This command returns a table that contains the following information:

• The INSTANCE identifier

• The ID of the instance
• The previous state
• The current state

API Version 2012-06-15

585
Amazon Elastic Compute Cloud CLI Reference
Examples

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example stops the i-10a64379 instance.

PROMPT> ec2-stop-instances i-10a64379

INSTANCE i-10a64379 running stopping

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• StopInstances

Related Commands
• ec2-describe-instances (p. 285)
• ec2-run-instances (p. 568)
• ec2-start-instances (p. 579)
• ec2-terminate-instances (p. 587)

API Version 2012-06-15

586
Amazon Elastic Compute Cloud CLI Reference
ec2-terminate-instances

ec2-terminate-instances
Description
Shuts down one or more instances. This operation is idempotent; if you terminate an instance more than
once, each call succeeds.

Terminated instances will remain visible after termination (approximately one hour).

Note

By default, Amazon EC2 deletes all Amazon EBS volumes that were attached when the instance
launched. Amazon EBS volumes attached after instance launch persist.

The short version of this command is ec2kill.

Syntax
ec2-terminate-instances instance_id [instance_id ...]

Options
Name Description Required

instance_id The IDs of instances to terminate. Yes

Type: String
Default: None
Example: i-43a4412a

Common Options
Option Description

API Version 2012-06-15

587
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

588
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The INSTANCE identifier

• The instance ID of the instance being terminated
• The state of the instance prior to being terminated
• The new state of the instance

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example terminates the i-3ea74257 instance.

PROMPT> ec2-terminate-instances i-3ea74257

INSTANCE i-3ea74257 running shutting-down

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• TerminateInstances

API Version 2012-06-15

589
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Commands
• ec2-describe-instances (p. 285)
• ec2-run-instances (p. 568)

API Version 2012-06-15

590
Amazon Elastic Compute Cloud CLI Reference
ec2-unassign-private-ip-addresses

ec2-unassign-private-ip-addresses
Description
Unassigns one or more secondary private IP addresses from a network interface in Amazon VPC. This
command is only available in Amazon VPC.

The short version of this command is ec2upip.

Syntax
ec2-unassign-private-addresses --network-interface NetworkInterface
--secondary-private-ip-address IP ADDRESS [--secondary-private-ip-address IP
ADDRESS ...]

Options
Name Description Required

--n, The network interface from which the secondary Yes

--network-interface private IP address will be unassigned.
interface_id Type: String
Default: None
Example: -n eni-bc7299d4

--seconadary-private-ip-address Specifies the secondary private IP addresses that you Yes

IP_ADDRESS want to unassign from the network interface. You can
specify this option multiple times to unassign more
than IP address.
Type: String
Default: None
Example: --secondary-private-ip-address 10.0.2.18
--secondary-private-ip-address 10.0.2.28

Common Options
Option Description

API Version 2012-06-15

591
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

592
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
The command returns a true value if the operation succeeds or an error if the operation fails.

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example unassigns the private IP addresses 10.0.0.118 and 10.0.0.119 from the network interface
specified.

PROMPT> ec2-unassign-private-ip-addresses --network-interface eni-c08a35a9 -

-secondary-private-ip-address 10.0.0.118 --secondary-private-ip-address
10.0.0.119
RETURN true

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• UnAssignPrivateIpAddresses

Related Commands
• ec2-assign-private-ip-addresses (p. 17)

API Version 2012-06-15

593
Amazon Elastic Compute Cloud CLI Reference
ec2-unmonitor-instances

ec2-unmonitor-instances
Description
Disables monitoring for a running instance. For more information, see Monitoring Your Instances and
Volumes in the Amazon Elastic Compute Cloud User Guide.

The short version of this command is ec2umin.

Syntax
ec2-unmonitor-instances instance_id [instance_id...]

Options
Name Description Required

instance_id The ID of the instance. Yes

Type: String
Default: None
Example: i-43a4412a

Common Options
Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

API Version 2012-06-15

594
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

Option Description

API Version 2012-06-15

595
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description

Output
This command returns a table that contains the following information:

• The ID of the instance.

• The monitoring state

Amazon EC2 command line tools display errors on stderr.

Examples
Example Request
This example disables monitoring for i-43a4412a and i-23a3397d.

PROMPT> ec2-unmonitor-instances i-43a4412a i-23a3397d

i-43a4412a monitoring-disabling
i-23a3397d monitoring-disabling

Related Topics
Download
• Getting Started with the Command Line Tools

Related Action
• UnmonitorInstances

Related Commands
• ec2-monitor-instances (p. 494)
• ec2-run-instances (p. 568)

API Version 2012-06-15

596
Amazon Elastic Compute Cloud CLI Reference
ec2-upload-disk-image

ec2-upload-disk-image
Description
Deprecated. Uploads the disk image associated with an import instance or an import volume task ID.
Instead, use ec2-import-instance and ec2-import-volume commands to create the import task
and upload the image to Amazon EC2. ec2-import-instance and ec2-import-volume commands
that are part of Amazon EC2 API command line tools downloaded after 09-15-2011 are enhanced to
perform the task previously performed by ec2-upload-disk-image. Amazon EC2 supports import of
VMDK, RAW, and VHD disk images. For more information, see Using the Command Line Tools to Import
Your Virtual Machine to Amazon EC2 in the Amazon Elastic Compute Cloud User Guide.

If the upload task doesn't complete, use ec2-resume-import to resume the import from where it was
interrupted.

The short version of this command is ec2udi.

Syntax
ec2-upload-disk-image -t task_id -o owner -w secret_key [-x days] [--user-threads
threads] [--part-size partsize] [--dry-run] [--dont-verify-format] disk_image

Options
Name Description Required

disk_image The local file name of the disk image that you want to Yes
upload.
Type: String
Default: None
Example: WinSvr8-32-disk1.vmdk

-t, --task The conversion task ID for the upload. Yes

task_id Type: String
Default: None
Example: -t import-i-ffvko9js

-o, --owner-akid The access key ID of the bucket owner. Yes

access_key_id Type: String
Default: None
Example: AKIAIOSFODNN7EXAMPLE

-w, --owner-sak The secret access key of the bucket owner. Yes
secret_access_key Type: String
Default: None
Example:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

API Version 2012-06-15

597
Amazon Elastic Compute Cloud CLI Reference
Common Options

Name Description Required

-x, --expires The validity period for the signed Amazon S3 URLS No
days that allow EC2 to access your file.
Type: String
Default: 30 days
Example: -x 10

--user-threads threads The maximum number of threads to concurrently No

upload the file with.
Type: String
Default: 20
Example: --user-threads 15

--dry-run Does not upload the file, only validates that the disk No
image matches a known type.
Type: None
Default: None
Example: --dry-run

--dont-verify-format Does not verify the file format. We don't recommend No

this option because it can result in a failed conversion.
Type: None
Default: None
Example: --dont-verify-format

Common Options
Option Description

API Version 2012-06-15

598
Amazon Elastic Compute Cloud CLI Reference
Common Options

Option Description

-O, --aws-access-key The AWS access key ID associated with your account.
AWS_ACCESS_KEY Default: The value of the AWS_ACCESS_KEY environment variable.
Example: -O AKIAIOSFODNN7EXAMPLE

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

Note

Using the private key and X.509 certificate is still supported, but
we recommend using the access key and secret access key
going forward. For more information, see Deprecated Options
below.

--connection-timeout Specifies a connection timeout (in seconds).

TIMEOUT Example: --connection-timeout 30

--request-timeout Specifies a request timeout (in seconds).

TIMEOUT Example: --request-timeout 45

-v, --verbose Displays verbose output by showing the API request and response on
the command line. This is particularly useful if you are building tools to
talk directly to our Query API.

-H, --headers Displays column headers in the output.

--show-empty-fields Shows empty columns as (nil).

--hide-tags Do not display tags for tagged resources.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

-?, --help, -h Displays Help.

- If - is specified as an argument to one of the parameters, a list of

arguments is read from standard input. This is useful for piping the output
of one command into the input of another.
Example: ec2-describe-instances | grep stopped | cut -f
2 | ec2-start-instances -

API Version 2012-06-15

599
Amazon Elastic Compute Cloud CLI Reference
Output

and access key in your command line. After that time period elapses, the key and certificate will no longer
be supported.

Option Description

Output
This command returns the following information:

• The disk image size and format

• The converted volume size
• The EBS volume size
• The percentage of the upload completed

Amazon EC2 command line tools display errors on stderr.

Example
Example Request
This example uploads the corresponding disk image of the Windows Server 2008 (32-bit) VM you want
to migrate.

PROMPT>ec2-upload-disk-image ./WinSvr8-32-disk1.vmdk -t import-i-ffvko9js -o

AKIAIOSFODNN7EXAMPLE -w wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Related Topics
Download
• Getting Started with the Command Line Tools

Related Commands
• ec2-delete-disk-image (p. 164)
• ec2-import-instance (p. 451)
• ec2-import-volume (p. 462)
• ec2-resume-import (p. 557)
• ec2-cancel-conversion-task (p. 63)
• ec2-describe-conversion-tasks (p. 240)

API Version 2012-06-15

600
Amazon Elastic Compute Cloud CLI Reference
Common Options for AMI Tools

AMI Tools Reference

Topics
• Common Options for AMI Tools (p. 601)
• ec2-bundle-image (p. 602)
• ec2-bundle-vol (p. 605)
• ec2-delete-bundle (p. 609)
• ec2-download-bundle (p. 611)
• ec2-migrate-bundle (p. 613)
• ec2-migrate-manifest (p. 616)
• ec2-unbundle (p. 618)
• ec2-upload-bundle (p. 620)

Common Options for AMI Tools

Most AMI tools described in this section accept the set of optional parameters described in the following
table.

Note

The AMI Tools are only designed for use with the AMIs backed by Amazon S3.

Option Description

--help, -h Display the help message.

--version Displays the version and copyright notice.

--manual Displays the manual entry.

--batch Runs in batch mode, suppressing user interaction and confirmation.

--debug Prints internal debugging information. This is useful to assist us when

troubleshooting problems.

API Version 2012-06-15

601
Amazon Elastic Compute Cloud CLI Reference
ec2-bundle-image

ec2-bundle-image
Description
Create a bundled AMI from an operating system image created in a loopback file. For more information,
go to the Amazon Elastic Compute Cloud User Guide.

Note

Syntax
ec2-bundle-image -k private_key -c cert -u user_id -i image_path -r {i386 |
x86_64} [-d destination] [-p ami_prefix] [--ec2cert cert_path] [--kernel
kernel-id] [--ramdisk ramdisk_id] [--block-device-mapping block_device_mapping]

Options
Option Description Required

-k, --privatekey The path to the user's PEM-encoded RSA key file. Yes
private_key Example: -k
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem

-c, --cert cert The user's PEM encoded RSA public key certificate Yes
file.
Example: -c
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem

-u, --user user_id The user's AWS account ID without dashes. Do not Yes
use the Access Key ID.
Example: -u 111122223333

-i, --image image_path The path to the image to bundle. Yes

Example: -i
/var/spool/my-image/version-2/debian.img

-r, --arch architecture Image architecture. If you don't provide this on the Yes
command line, you'll be prompted to provide it when
the bundling starts.
Valid Values: i386 | x86_64
Example: -r x86_64

-d, --destination The directory in which to create the bundle. No

destination Default: /tmp
Example: -d /var/run/my-bundle

API Version 2012-06-15

602
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description Required

-p, --prefix ami_prefix The filename prefix for bundled AMI files. No
Default: The name of the image file. For example, if
the image path is
/var/spool/my-image/version-2/debian.img,
then the default prefix is debian.img.
Example: -p my-image-is-special

--ec2cert cert_path The path to the Amazon EC2 X.509 public key No
certificate.
Default: /etc/ec2/amitools/cert-ec2.pem
(varies, depending on tools)
Example: --ec2cert
/etc/ec2/amiutil/cert-ec2.pem

--kernel kernel_id The ID of the kernel to select. No

Default: 2.6.16-xenU
Example: --kernel aki-ba3adfd3

--ramdisk ramdisk_id The ID of the RAM disk to select. No

Some kernels require additional drivers at launch.
Check the kernel requirements for information on
whether you need to specify a RAM disk.To find kernel
requirements, go to the Resource Center and search
for the kernel ID.
Example: --ramdisk ari-badbad00

--block-device-mapping Default block-device-mapping scheme with which to No

mappings launch the AMI. This defines how block devices are
exposed to an instance of this AMI if the instance type
supports the specified device.
The scheme is a comma-separated list of key=value
pairs, where each key is a virtual name and each value
is the desired device name. Virtual names include:

• ami—The root file system device, as seen by the

instance
• root—The root file system device, as seen by the
kernel
• swap—The swap device, as seen by the instance
• ephemeralN—The Nth ephemeral store

Example: --block-device-mapping
ami=sda1,root=/dev/sda1,ephemeral0=sda2,swap=sda3
Example: --block-device-mapping
ami=0,root=/dev/dsk/c0d0s0,ephemeral0=1

Output
Status messages describing the stages and status of the bundling process.

API Version 2012-06-15

603
Amazon Elastic Compute Cloud CLI Reference
Example

Example
This example creates a bundled AMI from an operating system image that was created in a loopback file.

$ ec2-bundle-image -k pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -c cert-HKZYK

TAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -u 111122223333 -i image.img -d bundled/ -p
fred -r x86_64
Please specify a value for arch [i386]:
Bundling image file...
Splitting bundled/fred.gz.crypt...
Created fred.part.00
Created fred.part.01
Created fred.part.02
Created fred.part.03
Created fred.part.04
Created fred.part.05
Created fred.part.06
Created fred.part.07
Created fred.part.08
Created fred.part.09
Created fred.part.10
Created fred.part.11
Created fred.part.12
Created fred.part.13
Created fred.part.14
Generating digests for each part...
Digests generated.
Creating bundle manifest...
ec2-bundle-image complete.

Related Topics
• ec2-bundle-vol (p. 605)
• ec2-unbundle (p. 618)
• ec2-upload-bundle (p. 620)
• ec2-download-bundle (p. 611)
• ec2-delete-bundle (p. 609)

API Version 2012-06-15

604
Amazon Elastic Compute Cloud CLI Reference
ec2-bundle-vol

ec2-bundle-vol
Description
Creates a bundled AMI by compressing, encrypting and signing a snapshot of the local machine's root
file system.

To use ec2-bundle-vol, first you must install the AMI tools on the instance you are bundling, then run
ec2-bundle-vol on that instance, not on a local system. For information about getting the AMI tools,
go to Amazon EC2 AMI Tools.

Note

Scripts that require a copy of the public key from the launch key pair must obtain the key from
the instance's metadata (not the key file in the instance store) for instances bundled with the
2007-08-29 AMI tools and later. AMIs bundled before this release will continue to work normally.
On a running instance, Amazon EC2 attempts to inherit product codes, kernel settings, RAM
disk settings, and block device mappings with which the instance launched.

Syntax
ec2-bundle-vol -k private_key -u user_id -c cert -r architecture [-s size] [-d
destination] [-e exclude_directory_1,exclude_directory_1,...] [-p ami_prefix]
[-v volume] [--ec2cert cert_path] [--fstab fstab_path] [--generate-fstab]
[--kernel kernel-id] [--ramdisk ramdisk_id] [--block-device-mapping
block_device_mapping] [--[no-]inherit] [--productcodes product_code]

Options
Option Description Required

-k, --privatekey The path to the user's PEM-encoded RSA key file. Yes
private_key Example: -k
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem

-u, --user user_id The user's AWS account ID without dashes. Do not Yes
use the Access Key ID.
Example: -u 111122223333

-c, --cert cert The user's PEM encoded RSA public key certificate Yes
file.
Example: -c
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem

API Version 2012-06-15

605
Amazon Elastic Compute Cloud CLI Reference
Options

Option Description Required

-s, --size size The size, in MB (1024 * 1024 bytes), of the image file No
to create. The maximum size is 10240 MB.
Default: 10240
Example: -s 2048

-d, --destination The directory in which to create the bundle. No

destination Default: /tmp
Example: -d /var/run/my-bundle

-e, --exclude A list of absolute directory paths and files to exclude No

directory_1,directory_2,... from the bundle operation. This parameter overrides
the --all option. When exclude is specified, the
directories and subdirectories listed with the parameter
will not be bundled with the volume.
Example: Assuming the mount point of the volume is
-v /foo, and you want to exclude directories /foo/bar
and /foo/baz, specify -e /bar,/baz.

-i, --include A list of files to include in the bundle operation. This No

file_1,file_2,... option overrides the exclusion of files that are by
default filtered out because they might contain
sensitive information.
Use this option to explicitly include a file that might
contain sensitive data — i.e., '*.sw', '*.swo', '*.swp',
'*.pem', '*.priv', '*.gpg', '*.jks', '*/.ssh/authorized_keys',
'*/.bash_history'. The files listed with the parameter
will be bundled with the volume.
Example: Assuming the mount point of the volume is
-v /mnt/myvol/ and you want to include file
/mnt/myvol/foo/bar.pem, specify -i /foo/bar.pem.

-p, --prefix ami_prefix The filename prefix for bundled AMI files. No
Default: image
Example: -p my-image-is-special

-v, --volume volume The absolute path to the mounted volume from which No
to create the bundle.
Default: The root directory (/)
Example: -v /mnt/my-customized-ami

-a, --all Bundle all directories, including those on remotely No

mounted filesystems.
Example: -a

--ec2cert cert_path The path to the Amazon EC2 X.509 public key No
certificate.
Default: /etc/ec2/amitools/cert-ec2.pem
(varies, depending on tools)
Example: --ec2cert
/etc/ec2/amiutil/cert-ec2.pem

API Version 2012-06-15

606
Amazon Elastic Compute Cloud CLI Reference
Options

Option Description Required

--fstab fstab_path The path to the fstab to bundle into the image. If this No
is not specified, Amazon EC2 bundles /etc/fstab.
Example: --fstab /etc/fstab

--generate-fstab Causes Amazon EC2 to bundle the volume using an No

Amazon EC2-provided fstab.
Example: --generate-fstab

--kernel kernel_id The ID of the kernel to select. No

Example: --kernel aki-ba3adfd3

--ramdisk ramdisk_id The ID of the RAM disk to select. No

Some kernels require additional drivers at launch.
Check the kernel requirements for information on
whether you need to specify a RAM disk. To find the
kernel requirements, go to the Resource Center and
search for the kernel ID.
Example: --ramdisk ari-badbad00

--block-device-mapping Default block-device-mapping scheme with which to No

• ami—The root file system device, as seen by the

instance
• root—The root file system device, as seen by the
kernel
• swap—The swap device, as seen by the instance
• ephemeralN—The Nth ephemeral store

Example: --block-device-mapping
ami=sda1,root=/dev/sda1,ephemeral0=sda2,swap=sda3
Example: --block-device-mapping
ami=0,root=/dev/dsk/c0d0s0,ephemeral0=1

--[no-]inherit Whether the image should inherit the instance's No

metadata (the default is to inherit). Bundling will fail if
you enable inherit but the instance metadata is not
accessible.
Example: --inherit

--productcodes Product code to attach to the image at registration No

product_code time.
Example: --productcodes 1234abcd

API Version 2012-06-15

607
Amazon Elastic Compute Cloud CLI Reference
Output

Output
Status messages describing the stages and status of the bundling.

Example
This example creates a bundled AMI by compressing, encrypting and signing a snapshot of the local
machine's root file system.

$ ec2-bundle-vol -d /mnt -k pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -c cert-

HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -u 111122223333 -r x86_64
Copying / into the image file /mnt/image...
Excluding:
sys
dev/shm
proc
dev/pts
proc/sys/fs/binfmt_misc
dev
media
mnt
proc
sys
tmp/image
mnt/img-mnt
1+0 records in
1+0 records out
mke2fs 1.38 (30-Jun-2005)
warning: 256 blocks unused.

Splitting /mnt/image.gz.crypt...
Created image.part.00
Created image.part.01
Created image.part.02
Created image.part.03
...
Created image.part.22
Created image.part.23
Generating digests for each part...
Digests generated.
Creating bundle manifest...
Bundle Volume complete.

Related Topics
• ec2-bundle-image (p. 602)
• ec2-unbundle (p. 618)
• ec2-upload-bundle (p. 620)
• ec2-download-bundle (p. 611)
• ec2-delete-bundle (p. 609)

API Version 2012-06-15

608
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-bundle

ec2-delete-bundle
Description
Deletes the specified bundle from Amazon S3 storage.

Syntax
ec2-delete-bundle -b s3_bucket -a access_key_id -s secret_key [-m manifest_path]
[-p ami_prefix] [--url url] [--retry] [-y] [--clear]

Options
Option Description Required

-b, --bucket The name of the Amazon S3 bucket containing the Yes
s3_bucket bundled AMI, followed by an optional '/'-delimited path
prefix
Example: -b myawsbucket/ami-001

-a, --access-key The AWS access key ID. Yes

access_key_id Example: -a AKIAIOSFODNN7EXAMPLE

-s, --secret-key The AWS secret access key. Yes

secret_key Example: -s
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

-m, --manifest The path to the unencrypted manifest file. Conditional

manifest_path Example: -m
/var/spool/my-first-bundle/image.manifest.xml
Condition: You must specify --prefix or
--manifest.

-p, --prefix The bundled AMI filename prefix. Provide the entire Conditional
ami_prefix prefix. For example, if the prefix is image.img, use -p
image.img and not -p image.
Example: -p image.img
Condition: You must specify --prefix or
--manifest.

--url url The Amazon S3 service URL. No

Default: https://s3.amazonaws.com
Example: --url https://s3.amazonaws.ie

--retry Automatically retries on all Amazon S3 errors, up to No

five times per operation.
Example: --retry

-y, --yes Automatically assumes the answer to all prompts is No

'yes'.
Example: -y

API Version 2012-06-15

609
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description Required

--clear Deletes the specified bundle from the Amazon S3 No

bucket and deletes the bucket, if empty.
Example: --clear

Output
Amazon EC2 displays status messages indicating the stages and status of the delete process.

Example
This example deletes a bundle from Amazon S3.

$ ec2-delete-bundle -b myawsbucket -a AKIAIOSFODNN7EXAMPLE -s wJalrXUtn

FEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -p fred
Deleting files:
myawsbucket/fred.manifest.xml
myawsbucket/fred.part.00
myawsbucket/fred.part.01
myawsbucket/fred.part.02
myawsbucket/fred.part.03
myawsbucket/fred.part.04
myawsbucket/fred.part.05
myawsbucket/fred.part.06
Continue? [y/n]
y
Deleted myawsbucket/fred.manifest.xml
Deleted myawsbucket/fred.part.00
Deleted myawsbucket/fred.part.01
Deleted myawsbucket/fred.part.02
Deleted myawsbucket/fred.part.03
Deleted myawsbucket/fred.part.04
Deleted myawsbucket/fred.part.05
Deleted myawsbucket/fred.part.06
ec2-delete-bundle complete.

Related Topics
• ec2-bundle-image (p. 602)
• ec2-bundle-vol (p. 605)
• ec2-unbundle (p. 618)
• ec2-upload-bundle (p. 620)
• ec2-download-bundle (p. 611)

API Version 2012-06-15

610
Amazon Elastic Compute Cloud CLI Reference
ec2-download-bundle

ec2-download-bundle
Description
Download the specified bundles from S3 storage.

Syntax
ec2-download-bundle -b s3_bucket [-m manifest] -a access_key_id -s secret_key
-k private_key [-p ami_prefix] [-d directory] [--retry] [--url url]

Options
Option Description Required

-b, --bucket The name of the Amazon S3 bucket where the bundle Yes
s3_bucket is located, followed by an optional '/'-delimited path
prefix.
Example: -b myawsbucket/ami-001

-m, --manifest The manifest filename (without the path). We No

manifest recommend you specify either the manifest (option
-m), or the filename prefix (option -p).
Example: -m my-image.manifest.xml

-a, --access-key Your AWS access key ID. Yes

access_key_id Example: -a AKIAIOSFODNN7EXAMPLE

-s, --secret-key Your AWS secret access key. Yes

secret_key Example: -s
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

-k, --privatekey The private key used to decrypt the manifest. Yes
private_key Example: -k
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem

-p, --prefix The filename prefix for the bundled AMI files. No
ami_prefix Default: image
Example: -p my-image

-d, --directory The directory where the downloaded bundle is saved. No

directory The directory must exist.
Default: The current working directory.
Example: -d /tmp/my-downloaded-bundle

--retry Automatically retries on all Amazon S3 errors, up to No

five times per operation.
Example: --retry

--url url The S3 service URL. No

Default: https://s3.amazonaws.com
Example: --url https://s3.amazonaws.ie

API Version 2012-06-15

611
Amazon Elastic Compute Cloud CLI Reference
Output

Output
Status messages indicating the various stages of the download process are displayed.

Example
This example creates the bundled directory and downloads the bundle from the myawsbucket Amazon
S3 bucket.

$ mkdir bundled
$ ec2-download-bundle -b myawsbucket -m fred.manifest.xml -a AKIAIOSFODNN7EXAMPLE
-s wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -k pk-HKZYKTAIG2ECMXY
IBH3HXV4ZBEXAMPLE.pem -d bundled
downloading manifest https://s3.amazonaws.com/myawsbucket/image.manifest.xml
to bundled/image.manifest.xml ...
downloading part https://s3.amazonaws.com/myawsbucket/image.part.00 to
bundled/image.part.00 ...
Downloaded image.part.00 from https://s3.amazonaws.com/myawsbucket.
downloading part https://s3.amazonaws.com/myawsbucket/image.part.01 to
bundled/image.part.01 ...
Downloaded image.part.01 from https://s3.amazonaws.com/myawsbucket.
downloading part https://s3.amazonaws.com/myawsbucket/image.part.02 to
bundled/image.part.02 ...
Downloaded image.part.02 from https://s3.amazonaws.com/myawsbucket.
downloading part https://s3.amazonaws.com/myawsbucket/image.part.03 to
bundled/image.part.03 ...
Downloaded image.part.03 from https://s3.amazonaws.com/myawsbucket.
downloading part https://s3.amazonaws.com/myawsbucket/image.part.04 to
bundled/image.part.04 ...
Downloaded image.part.04 from https://s3.amazonaws.com/myawsbucket.
downloading part https://s3.amazonaws.com/myawsbucket/image.part.05 to
bundled/image.part.05 ...
Downloaded image.part.05 from https://s3.amazonaws.com/myawsbucket.
downloading part https://s3.amazonaws.com/myawsbucket/image.part.06 to
bundled/image.part.06 ...
Downloaded image.part.06 from https://s3.amazonaws.com/myawsbucket.
Download Bundle complete.

Note

This example uses the Linux and UNIX mkdir command.

Related Topics
• ec2-bundle-image (p. 602)
• ec2-bundle-vol (p. 605)
• ec2-unbundle (p. 618)
• ec2-upload-bundle (p. 620)
• ec2-delete-bundle (p. 609)

API Version 2012-06-15

612
Amazon Elastic Compute Cloud CLI Reference
ec2-migrate-bundle

ec2-migrate-bundle
Description
Copy a bundled AMI from one Region to another. For information on Regions, go to the Amazon Elastic
Compute Cloud User Guide.

Note

After copying a bundled AMI to a new Region, make sure to register it as a new AMI.
During migration, Amazon EC2 replaces the kernel and RAM disk in the manifest file with a
kernel and RAM disk designed for the destination Region. Unless the --no-mapping parameter
is given, ec2-migrate-bundle might use the Amazon EC2 DescribeRegions and
DescribeImages operations to perform automated mappings.

Syntax
ec2-migrate-bundle -k private_key -c cert -a access_key_id -s secret_key --bucket
source_s3_bucket --destination-bucket destination_s3_bucket --manifest
manifest_path [--location location] [--ec2cert ec2_cert_path] [--kernel
kernel-id] [--ramdisk ramdisk_id] [--no-mapping] [--region mapping_region_name]

Options
Option Description Required

-k, --privatekey The path to the user's PEM-encoded RSA key file. Yes
private_key Example: -k
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem

-c, --cert cert The user's PEM encoded RSA public key certificate Yes
file.
Example: -c
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem

-a, --access-key The AWS access key ID. Yes

access_key_id Example: -a AKIAIOSFODNN7EXAMPLE

-s, --secret-key The AWS secret access key. Yes

secret_key Example: -s
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

-b, --bucket The source Amazon S3 bucket where the AMI is Yes
source_s3_bucket located, followed by an optional '/'-delimited path prefix.
Example: --bucket myawsbucket

-d, --destination-bucket The destination Amazon S3 bucket, followed by an Yes

destination_s3_bucket optional '/'-delimited path prefix. If the destination
bucket does not exist, it is created.
Example: --destination-bucket
myotherawsbucket

API Version 2012-06-15

613
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description Required

-m, --manifest manifest The location of the Amazon S3 source manifest. Yes
Default: None
Example: --manifest my-ami.manifest.xml

--location location The location of the destination Amazon S3 bucket. No

If the bucket exists and the location is specified, the
tool exits with an error. if the specified location does
not match the actual location. If the bucket exists and
no location is specified, the tool uses the bucket's
location. If the bucket does not exist and the location
is specified, the tool creates the bucket in the specified
location. If the bucket does not exist and location is
not specified, the tool creates the bucket without a
location constraint (in the US).
Valid Values: US | EU | us-west-1 | ap-southeast-1
Default: US
Example: --location EU

--acl {public-read | The access control list policy of the bundled image. No
aws-exec-read} Valid Values: public-read | aws-exec-read
Default: aws-exec-read
Example: --acl public-read

--retry Automatically retries on all Amazon S3 errors, up to No

five times per operation.
Example: --retry

--kernel kernel_id The ID of the kernel to select. No

Example: --kernel aki-ba3adfd3

--ramdisk ramdisk_id The ID of the RAM disk to select. No

--no-mapping Disables automatic mapping of kernels and RAM disks. No

Example: --no-mapping

--region Region to look up in the mapping file. If no Region is No

specified, Amazon EC2 attempts to determine the
Region from the location of the Amazon S3 bucket.
Example: --region eu-west-1

Output
Status messages describing the stages and status of the bundling process.

API Version 2012-06-15

614
Amazon Elastic Compute Cloud CLI Reference
Example

Example
This example copies the AMI specified in the my-ami.manifest.xml manifest from the US to the EU.

$ ec2-migrate-bundle --cert cert-THUMBPRINT.pem --privatekey pk-THUMBPRINT.pem

--access-key AKIAIOSFODNN7EXAMPLE --secret-key wJalrXUtnFEMI/K7MDENG/bPxRfi
CYEXAMPLEKEY --bucket myawsbucket --destination-bucket myotherawsbucket --
manifest my-ami.manifest.xml --location EU
Downloading manifest my-ami.manifest.xml from myawsbucket to /tmp/ami-migration-
my-ami.manifest.xml/my-ami.manifest.xml ...
Copying 'my-ami.part.00'...
Copying 'my-ami.part.01'...
Copying 'my-ami.part.02'...
Copying 'my-ami.part.03'...
Copying 'my-ami.part.04'...
Copying 'my-ami.part.05'...
Copying 'my-ami.part.06'...
Copying 'my-ami.part.07'...
Copying 'my-ami.part.08'...
Copying 'my-ami.part.09'...
Copying 'my-ami.part.10'...
Your new bundle is in S3 at the following location:
myotherawsbucket/my-ami.manifest.xml

Related Topics
• ec2-register (p. 504)
• ec2-run-instances (p. 568)

API Version 2012-06-15

615
Amazon Elastic Compute Cloud CLI Reference
ec2-migrate-manifest

ec2-migrate-manifest
Description
Modify a bundled AMI to work in a new Region. For information on Regions, go to the Amazon Elastic
Compute Cloud User Guide.

You must use this command if you are bundling in one Region for use in another or if you copy a bundled
AMI out of band (without using ec2-migrate-bundle) and want to use it in a different Region.

Note

This command replaces the kernel and RAM disk in the manifest file with a kernel and RAM disk
designed for the destination Region.

Syntax
ec2-migrate-manifest -k private_key -c cert -m manifest_path {(-a access_key_id
-s secret_key --region mapping_region_name) | --no-mapping} [--kernel kernel-id]
[--ramdisk ramdisk_id] [--ec2cert ec2_cert_path]

Options
Option Description Required

-k, --privatekey The path to the user's PEM-encoded RSA key file. Yes
private_key Example: -k
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem

-c, --cert cert The user's PEM encoded RSA public key certificate Yes
file.
Example: -c
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem

-a, --access-key The AWS access key ID. Conditional

access_key_id Condition: Required if using automatic mapping.
Example: -a AKIAIOSFODNN7EXAMPLE

-s, --secret-key The AWS secret access key. Conditional

secret_key Condition: Required if using automatic mapping.
Example: -s
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

--manifest manifest_path The manifest file. Yes

Example: --manifest my-ami.manifest.xml

--kernel kernel_id The ID of the kernel to select. No

Example: --kernel aki-ba3adfd3

API Version 2012-06-15

616
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description Required

--ramdisk ramdisk_id The ID of the RAM disk to select. No

--mapping-file Overrides the file containing kernel and RAM disk No

mapping_file Region mappings.
Example: --mapping-file eu-mappings

--mapping-url url Overrides the file containing kernel and RAM disk No
Region mappings from the specified hostname portion
of a URL.
Example: --mapping-url
mysite.com/eu-mappings

--no-mapping Disables automatic mapping of kernels and RAM disks. Conditional

Condition: Required if you're not providing the -a, -s,
and --region options (which are used for automatic
mapping).

--region Region to look up in the mapping file. Conditional

Condition: Required if using automatic mapping.
Example: --region eu-west-1

Output
Status messages describing the stages and status of the bundling process.

Example
This example copies the AMI specified in the my-ami.manifest.xml manifest from the US to the EU.

$ ec2-migrate-manifest --manifest my-ami.manifest.xml --cert cert-HKZYKTAIG2ECMXY

IBH3HXV4ZBZQ55CLO.pem --privatekey pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem --
region eu-west-1

Backing up manifest...
Successfully migrated my-ami.manifest.xml It is now suitable for use in eu-west-
1.

Related Topics
• ec2-register (p. 504)
• ec2-run-instances (p. 568)

API Version 2012-06-15

617
Amazon Elastic Compute Cloud CLI Reference
ec2-unbundle

ec2-unbundle
Description
Recreates the AMI from the bundled AMI parts.

Syntax
ec2-unbundle -m manifest -k private_key [-d destination_directory] [-s
source_directory]

Options
Option Description Required

-m, --manifest manifest The path to the unencrypted AMI manifest file. Yes
Example: -m
/var/spool/my-first-bundle/Manifest

-k, --privatekey The path to your PEM-encoded RSA key file. Yes
private_key Example: -k $HOME/pk-234242example.pem

-d, --destination The directory in which to unbundle the AMI. The No

destination_directory destination directory must exist.
Default: The current directory.
Example: -d /tmp/my-image

-s, --source The directory containing the bundled AMI parts. No

source_directory Default: The current directory.
Example: -s /tmp/my-bundled-image

Example
This Linux and UNIX example unbundles the AMI specified in the fred.manifest.xml file.

$ mkdir unbundled
$ ec2-unbundle -m fred.manifest.xml -s bundled -d unbundled

$ ls -l unbundled
total 1025008
-rw-r--r-- 1 root root 1048578048 Aug 25 23:46 fred.img

Output
Status messages indicating the various stages of the unbundling process are displayed.

API Version 2012-06-15

618
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Related Topics
• ec2-bundle-image (p. 602)
• ec2-bundle-vol (p. 605)
• ec2-upload-bundle (p. 620)
• ec2-download-bundle (p. 611)
• ec2-delete-bundle (p. 609)

API Version 2012-06-15

619
Amazon Elastic Compute Cloud CLI Reference
ec2-upload-bundle

ec2-upload-bundle
Description
Upload a bundled AMI to Amazon S3 storage.

Syntax
ec2-upload-bundle -b s3_bucket -m manifest -a access_key_id -s secret_key [--acl
acl] [-d directory] [--part part] [--location location] [--url url] [--retry]
[--skipmanifest]

Options
Option Description Required

-b, --bucket The name of the Amazon S3 bucket in which to store Yes
s3_bucket the bundle, followed by an optional '/'-delimited path
prefix. If the bucket doesn't exist it will be created (if
the bucket name is available).
Example: -b myawsbucket/ami-001

-m, --manifest The path to the manifest file. The manifest file is Yes
manifest created during the bundling process and can be found
in the directory containing the bundle.
Example: -m image.manifest.xml

-a, --access-key Your AWS access key ID. Yes

access_key_id Example: -a AKIAIOSFODNN7EXAMPLE

-s, --secret-key Your AWS secret access key. Yes

secret_key Example: -s
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

--acl acl The access control list policy of the bundled image. No
Valid Values: public-read | aws-exec-read
Default: aws-exec-read
Example: --acl public-read

-d, --directory The directory containing the bundled AMI parts. No

directory Default: The directory containing the manifest file (see
the -m option).
Example: -d /var/run/my-bundle

--part part Starts uploading the specified part and all subsequent No
parts.
Example: --part 04

API Version 2012-06-15

620
Amazon Elastic Compute Cloud CLI Reference
Output

Option Description Required

--location location The location of the destination Amazon S3 bucket. No

If the bucket exists and you specify a location that
doesn't match the bucket's actual location, the tool
exits with an error. If the bucket exists and you don't
specify a location, the tool uses the bucket's location.
If the bucket does not exist and you specify a location,
the tool creates the bucket in the specified location. If
the bucket does not exist and you don't specify a
location, the tool creates the bucket without a location
constraint (in the US).
Valid Values: US | EU | us-west-1 | ap-southeast-1
Default: US
Example: --location EU

--url url The S3 service URL. No

Default: https://s3.amazonaws.com
Example: --url https://s3.amazonaws.ie

--retry Automatically retries on all Amazon S3 errors, up to No

five times per operation.
Example: --retry

--skipmanifest Does not upload the manifest. No

Example: --skipmanifest

Output
Amazon EC2 displays status messages that indicate the stages and status of the upload process.

Example
This example uploads the bundle specified by the bundled/fred.manifest.xml manifest.

$ ec2-upload-bundle -b myawsbucket -m bundled/fred.manifest.xml -a AKIAIOSFOD

NN7EXAMPLE -s wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Creating bucket...
Uploading bundled image parts to the S3 bucket myawsbucket ...
Uploaded fred.part.00
Uploaded fred.part.01
Uploaded fred.part.02
Uploaded fred.part.03
Uploaded fred.part.04
Uploaded fred.part.05
Uploaded fred.part.06
Uploaded fred.part.07
Uploaded fred.part.08
Uploaded fred.part.09
Uploaded fred.part.10
Uploaded fred.part.11
Uploaded fred.part.12
Uploaded fred.part.13

API Version 2012-06-15

621
Amazon Elastic Compute Cloud CLI Reference
Related Topics

Uploaded fred.part.14
Uploading manifest ...
Uploaded manifest.
Bundle upload completed.

Related Topics
• ec2-bundle-image (p. 602)
• ec2-bundle-vol (p. 605)
• ec2-unbundle (p. 618)
• ec2-download-bundle (p. 611)
• ec2-delete-bundle (p. 609)

API Version 2012-06-15

622
Amazon Elastic Compute Cloud CLI Reference

Document History

The following table describes the important changes since the last release of the Amazon EC2
documentation set.

API version: 2012-06-15.

Latest documentation update: April 19, 2012.

Change Description Release Date

Support for AWS Added support for AWS Marketplace AMIs and a new API 19 April 2012
Marketplace and a version: 2012-04-01.
New API Version

Amazon EBS Volume Starting with API version 2012-03-01, you can check the 18 April 2012
Status Check operational status of your Amazon EBS volume. The volume
status check gives you information about the I/O, also known
as read/write, capability of your EBS volumes. The volume
status check lets you know when an EBS volume’s data is
potentially inconsistent. Amazon Web Services (AWS) gives
you options to handle the potentially inconsistent volume. For
information on the commands related to this release, see:

• ec2-describe-volume-status (p. 390)

• ec2-modify-volume-attribute (p. 491)
• ec2-describe-volume-attribute (p. 386)
• ec2-enable-volume-io (p. 438)

API Version 2012-06-15

623
Amazon Elastic Compute Cloud CLI Reference

Change Description Release Date

Amazon EBS Volume Starting with API version 2012-03-01, you can check the 12 March 2012
Status Check operational status of your Amazon EBS volume. The volume
status check gives you information about the I/O, also known
as read/write, capability of your EBS volumes. The volume
status check lets you know when an EBS volume’s data is
potentially inconsistent. Amazon Web Services (AWS) gives
you options to handle the potentially inconsistent volume. For
information on the commands related to this release, see:

• ec2-describe-volume-status (p. 390)

• ec2-modify-volume-attribute (p. 491)
• ec2-describe-volume-attribute (p. 386)
• ec2-enable-volume-io (p. 438)

Instance Status Starting with API version 2011-12-15, you can use the 30 December
Checks ec2-describe-instance-status command to retrieve 2011
results of automated checks performed by Amazon EC2.These
status checks detect problems that may impair an instance’s
ability to run your applications. You can use
ec2-report-instance-status to send us feedback or
report an inaccurate instance status.

Elastic Network Starting with API version 2011-12-01, you can attach an elastic 21 December
Interfaces (ENIs) for network interface (ENI) to an EC2 instance in a VPC. For more 2011
Amazon EC2 information, see:
Instances in Amazon
Virtual Private Cloud • ec2-attach-network-interface (p. 37)
• ec2-detach-network-interface (p. 421)
• ec2-create-network-interface (p. 111)
• ec2-delete-network-interface (p. 185)
• ec2-describe-network-interfaces (p. 318)
• ec2-describe-network-interface-attribute (p. 314)
• ec2-modify-network-interface-attribute (p. 483)
• ec2-reset-network-interface-attribute (p. 549)

New Offering Types Starting with API version 2011-11-01, you can use the new 01 December
for Amazon EC2 offering-type parameter of 2011
Reserved Instances ec2-describe-reserved-instances-offerings to
identify the Reserved Instance offerings that address your
projected use: Heavy Utilization, Medium Utilization, and Light
Utilization. See
ec2-describe-reserved-instances-offerings (p. 339).

Support for Amazon The ec2-describe-instance-status (p. 279) command allows you 14 November
EC2 Instance Status to view the status of your instances and any upcoming 2011
scheduled events.

API Version 2012-06-15

624
Amazon Elastic Compute Cloud CLI Reference

Change Description Release Date

Support for Amazon The ec2-request-spot-instances (p. 533) command is updated 11 October
EC2 Spot Instances in with the subnet option, which enables you to specify an 2011
Amazon VPC Amazon VPC subnet into which to launch your Spot Instances.

Added common The common options table now appears in each command 18 September
options table to each description as well as on the existing Common Options for API 2011
entry Tools (p. 5) page.

Updates to VM import We've added ec2-resume-import for restarting an 15 September

functionality incomplete upload at the point the task stopped, and 2011
deprecated ec2-upload-disk-image because its
functionality is now performed by the enhanced
ec2-import-instance and ec2-import-volume. For more
information, see the API actions:

• ec2-resume-import
• ec2-upload-disk-image
• ec2-import-instance
• ec2-import-volume.

Support for VHD file We've added VHD as one of the VM file formats supported for 24 August
format added to the import into Amazon EC2. See the API actions ImportInstance 2011
2011-07-15 API and ImportVolume, and the CLI commands ec2-import-instance
version and ec2-import-volume.

Spot Instances We've updated several actions that explain API changes for 26 May 2011
Availability Zone the Spot Instances Availability Zone pricing feature. We've
pricing changes also added new Availability Zone pricing options as part of the
information returned by Spot Instance Requests and Spot Price
History API calls.

Updates for the We've updated several existing actions for the 2011-05-15 API 26 May 2011
2011-05-15 API release.
Version

Dedicated Instances As part of the Dedicated Instances feature release, we've 27 March 2011
added new options related to the tenancy attribute of instances,
and the instance tenancy attribute of VPCs.

Updates for the We've updated several existing actions for the 2011-02-28 API 27 March 2011
2011-02-28 API release.
version

Updates for the We've added new actions and updated several existing actions 11 March 2011
2011-01-01 API for the 2011-01-01 API release. The new and updated actions
version are related to these Amazon VPC objects: Internet gateways,
route tables, network ACLs, VPC security groups, and VPC
Elastic IP addresses.

Merged Amazon VPC We've merged the Amazon VPC actions into this guide. 11 March 2011
Documentation

API Version 2012-06-15

625
Amazon Elastic Compute Cloud CLI Reference

Change Description Release Date

VM Import Added the following new actions, which allow you to import a 15 December
virtual machine or volume into Amazon EC2: 2010

• ec2-import-instance (p. 451)

• ec2-import-volume (p. 462)
• ec2-upload-disk-image (p. 597)
• ec2-describe-conversion-tasks (p. 240)
• ec2-cancel-conversion-task (p. 63)

Modifying Block Removed information from 20 November

Device Mapping ec2-modify-instance-attribute (p. 478) about modifying an 2010
instance's block device mapping attribute. You currently can't
modify an instance's block device mapping with this action.

Filters and Tags Added information about filters to many of the describe actions. 19 September
Added information about creating, describing, and deleting 2010
tags.
For more information about the commands for tags, see
ec2-create-tags (p. 137), ec2-delete-tags (p. 206), and
ec2-describe-tags (p. 381).

Idempotent Instance Updated ec2-run-instances to include a --client-token 19 September

Launch option to ensure idempotency. 2010
For more information about the change, see
ec2-run-instances (p. 568).

Import Key Pair Added ec2-import-keypair . 19 September

For more information, see ec2-import-keypair (p. 458). 2010

Placement Groups for Added information about placement groups, which you use 12 July 2010
Cluster Compute with cluster compute instances.
Instances For more information about the commands for placement
groups, see ec2-create-placement-group (p. 116),
ec2-describe-placement-groups (p. 325), and
ec2-delete-placement-group (p. 188).

Amazon VPC IP Amazon VPC users can now specify the IP address to assign 12 July 2010
Address Designation an instance launched in a VPC.
For information about the using the --private-ip-address
parameter with ec2-run-instances, see
ec2-run-instances (p. 568).

Security Group Clarified the information about authorizing security group 28 April 2010
Permissions permissions. For more information, see ec2-authorize (p. 48).

New Region Amazon EC2 now supports the Asia Pacific (Singapore) 28 April 2010
Region. The new endpoint for requests to this Region is
ec2.ap-southeast-1.amazonaws.com.

API Version 2012-06-15

626
Amazon Elastic Compute Cloud CLI Reference

Change Description Release Date

Clarification about Clarified that you can't stop and start Spot Instances that use 1 February
Spot Instances an Amazon EBS root device. For more information about 2010
stopping instances, see ec2-stop-instances (p. 583).

Spot Instances To support customers that use Amazon EC2 instances, but 14 December
have more flexible usage requirements (e.g., when instances 2009
run, how long they run, or whether usage completes within a
specific timeframe), Amazon EC2 now provides Spot Instances.
A Spot Instance is an instance that Amazon EC2 automatically
runs for you when its maximum price is greater than the Spot
Price. For conceptual information about Spot Instances, go to
the Amazon Elastic Compute Cloud User Guide.

API Version 2012-06-15

627

AWS Partner-AWS Cloud Practitioner Essentials - Presentation Deck Final
No ratings yet
AWS Partner-AWS Cloud Practitioner Essentials - Presentation Deck Final
84 pages
ECS CLI Reference
No ratings yet
ECS CLI Reference
144 pages
Tutorials+Dojo+ +AWS+Certified+Developer+Associate+DVA C01+Video+Slides
No ratings yet
Tutorials+Dojo+ +AWS+Certified+Developer+Associate+DVA C01+Video+Slides
709 pages
Amazon EC2 API
100% (5)
Amazon EC2 API
231 pages
Amazon Elastic Compute Cloud
100% (1)
Amazon Elastic Compute Cloud
833 pages
Ec2 Class Notes
No ratings yet
Ec2 Class Notes
15 pages
AWS Container Day A Journey To Modern App
No ratings yet
AWS Container Day A Journey To Modern App
60 pages
Ecs DG
No ratings yet
Ecs DG
745 pages
Ec2 Ug
No ratings yet
Ec2 Ug
931 pages
Mastering AWS 2
No ratings yet
Mastering AWS 2
80 pages
Latest Aws Soft
No ratings yet
Latest Aws Soft
341 pages
Ec2 Ug
No ratings yet
Ec2 Ug
372 pages
Ec2 Ug
No ratings yet
Ec2 Ug
622 pages
Amazon ECS - Free AWS Cheat Sheets
No ratings yet
Amazon ECS - Free AWS Cheat Sheets
20 pages
ECS DevelopersGuide
No ratings yet
ECS DevelopersGuide
396 pages
Ec2 Api
No ratings yet
Ec2 Api
955 pages
Ec2 CLT
No ratings yet
Ec2 CLT
829 pages
Ec2 Faq
No ratings yet
Ec2 Faq
87 pages
Amazon Web Services
100% (1)
Amazon Web Services
34 pages
Lesson 3 AWS Compute
No ratings yet
Lesson 3 AWS Compute
70 pages
Amazon User Guide
No ratings yet
Amazon User Guide
691 pages
DevOps Ultimate Guide BBFGRW
No ratings yet
DevOps Ultimate Guide BBFGRW
112 pages
Amazon EC2 API Reference
No ratings yet
Amazon EC2 API Reference
592 pages
Assignment CC 1
0% (1)
Assignment CC 1
8 pages
Lesson 03 Amazon Elastic Compute Cloud
No ratings yet
Lesson 03 Amazon Elastic Compute Cloud
86 pages
Amazon ECR: User Guide API Version 2015-09-21
No ratings yet
Amazon ECR: User Guide API Version 2015-09-21
151 pages
Amazon ECR: User Guide API Version 2015-09-21
No ratings yet
Amazon ECR: User Guide API Version 2015-09-21
151 pages
Amazon ECR: User Guide API Version 2015-09-21
No ratings yet
Amazon ECR: User Guide API Version 2015-09-21
132 pages
BECE 355L AWS Cloud Module 2
No ratings yet
BECE 355L AWS Cloud Module 2
73 pages
Bece 355l Aws Cloud Module 2 F
No ratings yet
Bece 355l Aws Cloud Module 2 F
73 pages
As Api
No ratings yet
As Api
224 pages
Getting Started With Amazon EC2: Ian Massingham, Technical Evangelist at AWS
No ratings yet
Getting Started With Amazon EC2: Ian Massingham, Technical Evangelist at AWS
73 pages
Amazon-Elastic Container Registry
No ratings yet
Amazon-Elastic Container Registry
101 pages
Amazon EC2 Windows Guide
No ratings yet
Amazon EC2 Windows Guide
135 pages
Module 01
No ratings yet
Module 01
36 pages
Ecr Ug
No ratings yet
Ecr Ug
65 pages
MODULE 5 CC TSNOTESUntitled Document
No ratings yet
MODULE 5 CC TSNOTESUntitled Document
20 pages
Aws Cli PDF
No ratings yet
Aws Cli PDF
89 pages
Cloud Computing 2024
No ratings yet
Cloud Computing 2024
28 pages
Week#10 (ECS)
No ratings yet
Week#10 (ECS)
24 pages
Amazon Web Services V06jun2013
No ratings yet
Amazon Web Services V06jun2013
15 pages
Amazon Elastic Compute Cloud: Getting Started Guide API Version 2010-06-15
No ratings yet
Amazon Elastic Compute Cloud: Getting Started Guide API Version 2010-06-15
27 pages
I. Amazon Elastic Compute Cloud (Amazon EC2)
No ratings yet
I. Amazon Elastic Compute Cloud (Amazon EC2)
16 pages
1 - Ec2
No ratings yet
1 - Ec2
14 pages
Hard
No ratings yet
Hard
47 pages
GettingStartedwithAWS Sample PDF
No ratings yet
GettingStartedwithAWS Sample PDF
21 pages
Cloud Platforms in Industry
No ratings yet
Cloud Platforms in Industry
18 pages
AWS Command Line Interface Part 1
No ratings yet
AWS Command Line Interface Part 1
22 pages
Amazon Elastic Compute Cloud: Getting Started Guide API Version 2011-01-01
No ratings yet
Amazon Elastic Compute Cloud: Getting Started Guide API Version 2011-01-01
31 pages
AWS Compute Services - Educative
No ratings yet
AWS Compute Services - Educative
9 pages
Aws Ec2 1
No ratings yet
Aws Ec2 1
18 pages
Amazon EC2 Quick Reference Card
No ratings yet
Amazon EC2 Quick Reference Card
2 pages
Amazon Elastic Compute Cloud: Getting Started Guide API Version 2012-12-01
No ratings yet
Amazon Elastic Compute Cloud: Getting Started Guide API Version 2012-12-01
21 pages
AmazonElasticComputeCloud-Getting Started With EC2
No ratings yet
AmazonElasticComputeCloud-Getting Started With EC2
19 pages
Amazon Elastic Compute Cloud
No ratings yet
Amazon Elastic Compute Cloud
3 pages
Amazon Elastic Kubernetes Service (Amazon EKS) 04-07-2020 (Amazon EKS) (Summary)
No ratings yet
Amazon Elastic Kubernetes Service (Amazon EKS) 04-07-2020 (Amazon EKS) (Summary)
2 pages
(Version 2013-02-01) Quick Reference Card (Page 1) : Instance Tools
No ratings yet
(Version 2013-02-01) Quick Reference Card (Page 1) : Instance Tools
2 pages