Amazon EC2 examples using Amazon CLI - Amazon Command Line Interface
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This documentation is for Version 1 of the Amazon CLI only. For documentation related to Version 2 of the Amazon CLI, see the Version 2 User Guide.

Amazon EC2 examples using Amazon CLI

The following code examples show you how to perform actions and implement common scenarios by using the Amazon Command Line Interface with Amazon EC2.

Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.

Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.

Topics

Actions

The following code example shows how to use accept-address-transfer.

Amazon CLI

To accept an Elastic IP address transferred to your account

The following accept-address-transfer example accepts the transfer of the specified Elastic IP address to your account.

aws ec2 accept-address-transfer \ --address 100.21.184.216

Output:

{ "AddressTransfer": { "PublicIp": "100.21.184.216", "AllocationId": "eipalloc-09ad461b0d03f6aaf", "TransferAccountId": "123456789012", "TransferOfferExpirationTimestamp": "2023-02-22T20:51:10.000Z", "TransferOfferAcceptedTimestamp": "2023-02-22T22:52:54.000Z", "AddressTransferStatus": "accepted" } }

For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.

The following code example shows how to use accept-reserved-instances-exchange-quote.

Amazon CLI

To perform a Convertible Reserved Instance exchange

This example performs an exchange of the specified Convertible Reserved Instances.

Command:

aws ec2 accept-reserved-instances-exchange-quote --reserved-instance-ids 7b8750c3-397e-4da4-bbcb-a45ebexample --target-configurations OfferingId=b747b472-423c-48f3-8cee-679bcexample

Output:

{ "ExchangeId": "riex-e68ed3c1-8bc8-4c17-af77-811afexample" }

The following code example shows how to use accept-transit-gateway-peering-attachment.

Amazon CLI

To accept a transit gateway peering attachment

The following accept-transit-gateway-peering-attachment example accepts the specified transit gateway peering attachment. The --region parameter specifies the Region that the accepter transit gateway is located in.

aws ec2 accept-transit-gateway-peering-attachment \ --transit-gateway-attachment-id tgw-attach-4455667788aabbccd \ --region us-east-2

Output:

{ "TransitGatewayPeeringAttachment": { "TransitGatewayAttachmentId": "tgw-attach-4455667788aabbccd", "RequesterTgwInfo": { "TransitGatewayId": "tgw-123abc05e04123abc", "OwnerId": "123456789012", "Region": "us-west-2" }, "AccepterTgwInfo": { "TransitGatewayId": "tgw-11223344aabbcc112", "OwnerId": "123456789012", "Region": "us-east-2" }, "State": "pending", "CreationTime": "2019-12-09T11:38:31.000Z" } }

For more information, see Transit Gateway Peering Attachments in the Transit Gateways Guide.

The following code example shows how to use accept-transit-gateway-vpc-attachment.

Amazon CLI

To accept a request to attach a VPC to a transit gateway.

The following accept-transit-gateway-vpc-attachment example accepts the request forte specified attachment.

aws ec2 accept-transit-gateway-vpc-attachment \ --transit-gateway-attachment-id tgw-attach-0a34fe6b4fEXAMPLE

Output:

{ "TransitGatewayVpcAttachment": { "TransitGatewayAttachmentId": "tgw-attach-0a34fe6b4fEXAMPLE", "TransitGatewayId": "tgw-0262a0e521EXAMPLE", "VpcId": "vpc-07e8ffd50fEXAMPLE", "VpcOwnerId": "123456789012", "State": "pending", "SubnetIds": [ "subnet-0752213d59EXAMPLE" ], "CreationTime": "2019-07-10T17:33:46.000Z", "Options": { "DnsSupport": "enable", "Ipv6Support": "disable" } } }

For more information, see Transit Gateway Attachments to a VPC in the Transit Gateways Guide.

The following code example shows how to use accept-vpc-endpoint-connections.

Amazon CLI

To accept an interface endpoint connection request

This example accepts the specified endpoint connection request for the specified endpoint service.

Command:

aws ec2 accept-vpc-endpoint-connections --service-id vpce-svc-03d5ebb7d9579a2b3 --vpc-endpoint-ids vpce-0c1308d7312217abc

Output:

{ "Unsuccessful": [] }

The following code example shows how to use accept-vpc-peering-connection.

Amazon CLI

To accept a VPC peering connection

This example accepts the specified VPC peering connection request.

Command:

aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id pcx-1a2b3c4d

Output:

{ "VpcPeeringConnection": { "Status": { "Message": "Provisioning", "Code": "provisioning" }, "Tags": [], "AccepterVpcInfo": { "OwnerId": "444455556666", "VpcId": "vpc-44455566", "CidrBlock": "10.0.1.0/28" }, "VpcPeeringConnectionId": "pcx-1a2b3c4d", "RequesterVpcInfo": { "OwnerId": "444455556666", "VpcId": "vpc-111abc45", "CidrBlock": "10.0.0.0/28" } } }

The following code example shows how to use advertise-byoip-cidr.

Amazon CLI

To advertise an address range

The following advertise-byoip-cidr example advertises the specified public IPv4 address range.

aws ec2 advertise-byoip-cidr \ --cidr 203.0.113.25/24

Output:

{ "ByoipCidr": { "Cidr": "203.0.113.25/24", "StatusMessage": "ipv4pool-ec2-1234567890abcdef0", "State": "provisioned" } }

The following code example shows how to use allocate-address.

Amazon CLI

Example 1: To allocate an Elastic IP address from Amazon's address pool

The following allocate-address example allocates an Elastic IP address. Amazon EC2 selects the address from Amazon's address pool.

aws ec2 allocate-address

Output:

{ "PublicIp": "70.224.234.241", "AllocationId": "eipalloc-01435ba59eEXAMPLE", "PublicIpv4Pool": "amazon", "NetworkBorderGroup": "us-west-2", "Domain": "vpc" }

For more information, see Elastic IP addresses in the Amazon EC2 User Guide.

Example 2: To allocate an Elastic IP address and associate it with a network border group

The following allocate-address example allocates an Elastic IP address and associates it with the specified network border group.

aws ec2 allocate-address \ --network-border-group us-west-2-lax-1

Output:

{ "PublicIp": "70.224.234.241", "AllocationId": "eipalloc-e03dd489ceEXAMPLE", "PublicIpv4Pool": "amazon", "NetworkBorderGroup": "us-west-2-lax-1", "Domain": "vpc" }

For more information, see Elastic IP addresses in the Amazon EC2 User Guide.

Example 3: To allocate an Elastic IP address from an address pool that you own

The following allocate-address example allocates an Elastic IP address from an address pool that you have brought to your Amazon Web Services account. Amazon EC2 selects the address from the address pool.

aws ec2 allocate-address \ --public-ipv4-pool ipv4pool-ec2-1234567890abcdef0

Output:

{ "AllocationId": "eipalloc-02463d08ceEXAMPLE", "NetworkBorderGroup": "us-west-2", "CustomerOwnedIp": "18.218.95.81", "CustomerOwnedIpv4Pool": "ipv4pool-ec2-1234567890abcdef0", "Domain": "vpc" "NetworkBorderGroup": "us-west-2", }

For more information, see Elastic IP addresses in the Amazon EC2 User Guide.

The following code example shows how to use allocate-hosts.

Amazon CLI

Example 1: To allocate a Dedicated Host

The following allocate-hosts example allocates a single Dedicated Host in the eu-west-1a Availability Zone, onto which you can launch m5.large instances. By default, the Dedicated Host accepts only target instance launches, and does not support host recovery.

aws ec2 allocate-hosts \ --instance-type m5.large \ --availability-zone eu-west-1a \ --quantity 1

Output:

{ "HostIds": [ "h-07879acf49EXAMPLE" ] }

Example 2: To allocate a Dedicated Host with auto-placement and host recovery enabled

The following allocate-hosts example allocates a single Dedicated Host in the eu-west-1a Availability Zone with auto-placement and host recovery enabled.

aws ec2 allocate-hosts \ --instance-type m5.large \ --availability-zone eu-west-1a \ --auto-placement on \ --host-recovery on \ --quantity 1

Output:

{ "HostIds": [ "h-07879acf49EXAMPLE" ] }

Example 3: To allocate a Dedicated Host with tags

The following allocate-hosts example allocates a single Dedicated Host and applies a tag with a key named purpose and a value of production.

aws ec2 allocate-hosts \ --instance-type m5.large \ --availability-zone eu-west-1a \ --quantity 1 \ --tag-specifications 'ResourceType=dedicated-host,Tags={Key=purpose,Value=production}'

Output:

{ "HostIds": [ "h-07879acf49EXAMPLE" ] }

For more information, see Allocating Dedicated Hosts in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

  • For API details, see AllocateHosts in Amazon CLI Command Reference.

The following code example shows how to use allocate-ipam-pool-cidr.

Amazon CLI

To allocate a CIDR from an IPAM pool

The following allocate-ipam-pool-cidr example allocates a CIDR from an IPAM pool.

(Linux):

aws ec2 allocate-ipam-pool-cidr \ --ipam-pool-id ipam-pool-0533048da7d823723 \ --netmask-length 24

(Windows):

aws ec2 allocate-ipam-pool-cidr ^ --ipam-pool-id ipam-pool-0533048da7d823723 ^ --netmask-length 24

Output:

{ "IpamPoolAllocation": { "Cidr": "10.0.0.0/24", "IpamPoolAllocationId": "ipam-pool-alloc-018ecc28043b54ba38e2cd99943cebfbd", "ResourceType": "custom", "ResourceOwner": "123456789012" } }

For more information, see Manually allocate a CIDR to a pool to reserve IP address space in the Amazon VPC IPAM User Guide.

The following code example shows how to use apply-security-groups-to-client-vpn-target-network.

Amazon CLI

To apply security groups to a target network for a Client VPN endpoint

The following apply-security-groups-to-client-vpn-target-network example applies security group sg-01f6e627a89f4db32 to the association between the specified target network and Client VPN endpoint.

aws ec2 apply-security-groups-to-client-vpn-target-network \ --security-group-ids sg-01f6e627a89f4db32 \ --vpc-id vpc-0e2110c2f324332e0 \ --client-vpn-endpoint-id cvpn-endpoint-123456789123abcde

Output:

{ "SecurityGroupIds": [ "sg-01f6e627a89f4db32" ] }

For more information, see Target Networks in the Amazon Client VPN Administrator Guide.

The following code example shows how to use assign-ipv6-addresses.

Amazon CLI

To assign specific IPv6 addresses to a network interface

This example assigns the specified IPv6 addresses to the specified network interface.

Command:

aws ec2 assign-ipv6-addresses --network-interface-id eni-38664473 --ipv6-addresses 2001:db8:1234:1a00:3304:8879:34cf:4071 2001:db8:1234:1a00:9691:9503:25ad:1761

Output:

{ "AssignedIpv6Addresses": [ "2001:db8:1234:1a00:3304:8879:34cf:4071", "2001:db8:1234:1a00:9691:9503:25ad:1761" ], "NetworkInterfaceId": "eni-38664473" }

To assign IPv6 addresses that Amazon selects to a network interface

This example assigns two IPv6 addresses to the specified network interface. Amazon automatically assigns these IPv6 addresses from the available IPv6 addresses in the IPv6 CIDR block range of the subnet.

Command:

aws ec2 assign-ipv6-addresses --network-interface-id eni-38664473 --ipv6-address-count 2

Output:

{ "AssignedIpv6Addresses": [ "2001:db8:1234:1a00:3304:8879:34cf:4071", "2001:db8:1234:1a00:9691:9503:25ad:1761" ], "NetworkInterfaceId": "eni-38664473" }

The following code example shows how to use assign-private-ip-addresses.

Amazon CLI

To assign a specific secondary private IP address a network interface

This example assigns the specified secondary private IP address to the specified network interface. If the command succeeds, no output is returned.

Command:

aws ec2 assign-private-ip-addresses --network-interface-id eni-e5aa89a3 --private-ip-addresses 10.0.0.82

To assign secondary private IP addresses that Amazon EC2 selects to a network interface

This example assigns two secondary private IP addresses to the specified network interface. Amazon EC2 automatically assigns these IP addresses from the available IP addresses in the CIDR block range of the subnet the network interface is associated with. If the command succeeds, no output is returned.

Command:

aws ec2 assign-private-ip-addresses --network-interface-id eni-e5aa89a3 --secondary-private-ip-address-count 2

The following code example shows how to use assign-private-nat-gateway-address.

Amazon CLI

To assign private IP addresses to your private NAT gateway

The following assign-private-nat-gateway-address example assigns two private IP addresses to the specified private NAT gateway.

aws ec2 assign-private-nat-gateway-address \ --nat-gateway-id nat-1234567890abcdef0 \ --private-ip-address-count 2

Output:

{ "NatGatewayId": "nat-1234567890abcdef0", "NatGatewayAddresses": [ { "NetworkInterfaceId": "eni-0065a61b324d1897a", "IsPrimary": false, "Status": "assigning" }, { "NetworkInterfaceId": "eni-0065a61b324d1897a", "IsPrimary": false, "Status": "assigning" } ] }

For more information, see NAT gateways in the Amazon VPC User Guide.

The following code example shows how to use associate-address.

Amazon CLI

To associate an Elastic IP addresses in EC2-Classic

This example associates an Elastic IP address with an instance in EC2-Classic. If the command succeeds, no output is returned.

Command:

aws ec2 associate-address --instance-id i-07ffe74c7330ebf53 --public-ip 198.51.100.0

To associate an Elastic IP address in EC2-VPC

This example associates an Elastic IP address with an instance in a VPC.

Command:

aws ec2 associate-address --instance-id i-0b263919b6498b123 --allocation-id eipalloc-64d5890a

Output:

{ "AssociationId": "eipassoc-2bebb745" }

This example associates an Elastic IP address with a network interface.

Command:

aws ec2 associate-address --allocation-id eipalloc-64d5890a --network-interface-id eni-1a2b3c4d

This example associates an Elastic IP with a private IP address that's associated with a network interface.

Command:

aws ec2 associate-address --allocation-id eipalloc-64d5890a --network-interface-id eni-1a2b3c4d --private-ip-address 10.0.0.85

The following code example shows how to use associate-client-vpn-target-network.

Amazon CLI

To associate a target network with a Client VPN endpoint

The following associate-client-vpn-target-network example associates a subnet with the specified Client VPN endpoint.

aws ec2 associate-client-vpn-target-network \ --subnet-id subnet-0123456789abcabca \ --client-vpn-endpoint-id cvpn-endpoint-123456789123abcde

Output:

{ "AssociationId": "cvpn-assoc-12312312312312312", "Status": { "Code": "associating" } }

For more information, see Target Networks in the Amazon Client VPN Administrator Guide.

The following code example shows how to use associate-dhcp-options.

Amazon CLI

To associate a DHCP options set with your VPC

This example associates the specified DHCP options set with the specified VPC. If the command succeeds, no output is returned.

Command:

aws ec2 associate-dhcp-options --dhcp-options-id dopt-d9070ebb --vpc-id vpc-a01106c2

To associate the default DHCP options set with your VPC

This example associates the default DHCP options set with the specified VPC. If the command succeeds, no output is returned.

Command:

aws ec2 associate-dhcp-options --dhcp-options-id default --vpc-id vpc-a01106c2

The following code example shows how to use associate-iam-instance-profile.

Amazon CLI

To associate an IAM instance profile with an instance

This example associates an IAM instance profile named admin-role with instance i-123456789abcde123.

Command:

aws ec2 associate-iam-instance-profile --instance-id i-123456789abcde123 --iam-instance-profile Name=admin-role

Output:

{ "IamInstanceProfileAssociation": { "InstanceId": "i-123456789abcde123", "State": "associating", "AssociationId": "iip-assoc-0e7736511a163c209", "IamInstanceProfile": { "Id": "AIPAJBLK7RKJKWDXVHIEC", "Arn": "arn:aws:iam::123456789012:instance-profile/admin-role" } } }

The following code example shows how to use associate-instance-event-window.

Amazon CLI

Example 1: To associate one or more instances with an event window

The following associate-instance-event-window example associates one or more instances with an event window.

aws ec2 associate-instance-event-window \ --region us-east-1 \ --instance-event-window-id iew-0abcdef1234567890 \ --association-target "InstanceIds=i-1234567890abcdef0,i-0598c7d356eba48d7"

Output:

{ "InstanceEventWindow": { "InstanceEventWindowId": "iew-0abcdef1234567890", "Name": "myEventWindowName", "CronExpression": "* 21-23 * * 2,3", "AssociationTarget": { "InstanceIds": [ "i-1234567890abcdef0", "i-0598c7d356eba48d7" ], "Tags": [], "DedicatedHostIds": [] }, "State": "creating" } }

For event window constraints, see Considerations in the Scheduled Events section of the Amazon EC2 User Guide.

Example 2: To associate instance tags with an event window

The following associate-instance-event-window example associates instance tags with an event window. Enter an instance-event-window-id parameter to specify the event window. To associate instance tags, specify the association-target parameter, and for the parameter value, specify one or more tags.

aws ec2 associate-instance-event-window \ --region us-east-1 \ --instance-event-window-id iew-0abcdef1234567890 \ --association-target "InstanceTags=[{Key=k2,Value=v2},{Key=k1,Value=v1}]"

Output:

{ "InstanceEventWindow": { "InstanceEventWindowId": "iew-0abcdef1234567890", "Name": "myEventWindowName", "CronExpression": "* 21-23 * * 2,3", "AssociationTarget": { "InstanceIds": [], "Tags": [ { "Key": "k2", "Value": "v2" }, { "Key": "k1", "Value": "v1" } ], "DedicatedHostIds": [] }, "State": "creating" } }

For event window constraints, see Considerations in the Scheduled Events section of the Amazon EC2 User Guide.

Example 3: To associate a Dedicated Host with an event window

The following associate-instance-event-window example associates a Dedicated Host with an event window. Enter an instance-event-window-id parameter to specify the event window. To associate a Dedicated Host, specify the --association-target parameter, and for the parameter values, specify one of more Dedicated Host IDs.

aws ec2 associate-instance-event-window \ --region us-east-1 \ --instance-event-window-id iew-0abcdef1234567890 \ --association-target "DedicatedHostIds=h-029fa35a02b99801d"

Output:

{ "InstanceEventWindow": { "InstanceEventWindowId": "iew-0abcdef1234567890", "Name": "myEventWindowName", "CronExpression": "* 21-23 * * 2,3", "AssociationTarget": { "InstanceIds": [], "Tags": [], "DedicatedHostIds": [ "h-029fa35a02b99801d" ] }, "State": "creating" } }

For event window constraints, see Considerations in the Scheduled Events section of the Amazon EC2 User Guide.

The following code example shows how to use associate-ipam-resource-discovery.

Amazon CLI

To associate a resource discovery with an IPAM

In this example, you are an IPAM delegated admin and a resource discovery has been created and shared with you by another Amazon account so that you can use IPAM to manage and monitor resource CIDRs owned by the other account.

Note

To complete this request, you'll need the resource discovery ID which you can get with describe-ipam-resource-discoveries and the IPAM ID which you can get with describe-ipams.The resource discovery that you are associating must have first been shared with your account using Amazon RAM.The --region you enter must match the home Region of the IPAM you are associating it with.

The following associate-ipam-resource-discovery example associates a resource discovery with an IPAM.

aws ec2 associate-ipam-resource-discovery \ --ipam-id ipam-005f921c17ebd5107 \ --ipam-resource-discovery-id ipam-res-disco-03e0406de76a044ee \ --tag-specifications 'ResourceType=ipam-resource-discovery,Tags=[{Key=cost-center,Value=cc123}]' \ --region us-east-1

Output:

{ { "IpamResourceDiscoveryAssociation": { "OwnerId": "320805250157", "IpamResourceDiscoveryAssociationId": "ipam-res-disco-assoc-04382a6346357cf82", "IpamResourceDiscoveryAssociationArn": "arn:aws:ec2::320805250157:ipam-resource-discovery-association/ipam-res-disco-assoc-04382a6346357cf82", "IpamResourceDiscoveryId": "ipam-res-disco-0365d2977fc1672fe", "IpamId": "ipam-005f921c17ebd5107", "IpamArn": "arn:aws:ec2::320805250157:ipam/ipam-005f921c17ebd5107", "IpamRegion": "us-east-1", "IsDefault": false, "ResourceDiscoveryStatus": "active", "State": "associate-in-progress", "Tags": [] } } }

Once you associate a resource discovery, you can monitor and/or manage the IP addresses of resources created by the other accounts. For more information, see Integrate IPAM with accounts outside of your organization in the Amazon VPC IPAM User Guide.

The following code example shows how to use associate-nat-gateway-address.

Amazon CLI

To associate an Elastic IP address with a public NAT gateway

The following associate-nat-gateway-address example associates the specified Elastic IP address with the specified public NAT gateway. Amazon automatically assigns a secondary private IPv4 address.

aws ec2 associate-nat-gateway-address \ --nat-gateway-id nat-1234567890abcdef0 \ --allocation-ids eipalloc-0be6ecac95EXAMPLE

Output:

{ "NatGatewayId": "nat-1234567890abcdef0", "NatGatewayAddresses": [ { "AllocationId": "eipalloc-0be6ecac95EXAMPLE", "NetworkInterfaceId": "eni-09cc4b2558794f7f9", "IsPrimary": false, "Status": "associating" } ] }

For more information, see NAT gateways in the Amazon VPC User Guide.

The following code example shows how to use associate-route-table.

Amazon CLI

To associate a route table with a subnet

This example associates the specified route table with the specified subnet.

Command:

aws ec2 associate-route-table --route-table-id rtb-22574640 --subnet-id subnet-9d4a7b6c

Output:

{ "AssociationId": "rtbassoc-781d0d1a" }

The following code example shows how to use associate-subnet-cidr-block.

Amazon CLI

To associate an IPv6 CIDR block with a subnet

This example associates an IPv6 CIDR block with the specified subnet.

Command:

aws ec2 associate-subnet-cidr-block --subnet-id subnet-5f46ec3b --ipv6-cidr-block 2001:db8:1234:1a00::/64

Output:

{ "SubnetId": "subnet-5f46ec3b", "Ipv6CidrBlockAssociation": { "Ipv6CidrBlock": "2001:db8:1234:1a00::/64", "AssociationId": "subnet-cidr-assoc-3aa54053", "Ipv6CidrBlockState": { "State": "associating" } } }

The following code example shows how to use associate-transit-gateway-multicast-domain.

Amazon CLI

To associate a transit gateway with a multicast domain

The following associate-transit-gateway-multicast-domain example associates the specified subnet and attachment with the specified multicast domain.

aws ec2 associate-transit-gateway-multicast-domain \ --transit-gateway-multicast-domain-id tgw-mcast-domain-0c4905cef79d6e597 \ --transit-gateway-attachment-id tgw-attach-028c1dd0f8f5cbe8e \ --subnet-ids subnet-000de86e3b49c932a \ --transit-gateway-multicast-domain-id tgw-mcast-domain-0c4905cef7EXAMPLE

Output:

{ "Associations": { "TransitGatewayMulticastDomainId": "tgw-mcast-domain-0c4905cef79d6e597", "TransitGatewayAttachmentId": "tgw-attach-028c1dd0f8f5cbe8e", "ResourceId": "vpc-01128d2c240c09bd5", "ResourceType": "vpc", "Subnets": [ { "SubnetId": "subnet-000de86e3b49c932a", "State": "associating" } ] } }

For more information, see Managing multicast domains in the Transit Gateways Guide.

The following code example shows how to use associate-transit-gateway-route-table.

Amazon CLI

To associate a transit gateway route table with a transit gateway attachment

The following example associates the specified transit gateway route table with the specified VPC attachment.

aws ec2 associate-transit-gateway-route-table \ --transit-gateway-route-table-id tgw-rtb-002573ed1eEXAMPLE \ --transit-gateway-attachment-id tgw-attach-0b5968d3b6EXAMPLE

Output:

{ "Association": { "TransitGatewayRouteTableId": "tgw-rtb-002573ed1eEXAMPLE", "TransitGatewayAttachmentId": "tgw-attach-0b5968d3b6EXAMPLE", "ResourceId": "vpc-0065acced4EXAMPLE", "ResourceType": "vpc", "State": "associating" } }

For more information, see Associate a Transit Gateway Route Table in the Amazon Transit Gateways Guide.

The following code example shows how to use associate-vpc-cidr-block.

Amazon CLI

Example 1: To associate an Amazon-provided IPv6 CIDR block with a VPC

The following associate-vpc-cidr-block example associates an IPv6 CIDR block with the specified VPC.:

aws ec2 associate-vpc-cidr-block \ --amazon-provided-ipv6-cidr-block \ --ipv6-cidr-block-network-border-group us-west-2-lax-1 \ --vpc-id vpc-8EXAMPLE

Output:

{ "Ipv6CidrBlockAssociation": { "AssociationId": "vpc-cidr-assoc-0838ce7d9dEXAMPLE", "Ipv6CidrBlockState": { "State": "associating" }, "NetworkBorderGroup": "us-west-2-lax-1" }, "VpcId": "vpc-8EXAMPLE" }

Example 2:To associate an additional IPv4 CIDR block with a VPC

The following associate-vpc-cidr-block example associates the IPv4 CIDR block 10.2.0.0/16 with the specified VPC.

aws ec2 associate-vpc-cidr-block \ --vpc-id vpc-1EXAMPLE \ --cidr-block 10.2.0.0/16

Output:

{ "CidrBlockAssociation": { "AssociationId": "vpc-cidr-assoc-2EXAMPLE", "CidrBlock": "10.2.0.0/16", "CidrBlockState": { "State": "associating" } }, "VpcId": "vpc-1EXAMPLE" }

The following code example shows how to use attach-classic-link-vpc.

Amazon CLI

To link (attach) an EC2-Classic instance to a VPC

This example links instance i-1234567890abcdef0 to VPC vpc-88888888 through the VPC security group sg-12312312.

Command:

aws ec2 attach-classic-link-vpc --instance-id i-1234567890abcdef0 --vpc-id vpc-88888888 --groups sg-12312312

Output:

{ "Return": true }

The following code example shows how to use attach-internet-gateway.

Amazon CLI

To attach an internet gateway to your VPC

The following attach-internet-gateway example attaches the specified internet gateway to the specific VPC.

aws ec2 attach-internet-gateway \ --internet-gateway-id igw-0d0fb496b3EXAMPLE \ --vpc-id vpc-0a60eb65b4EXAMPLE

This command produces no output.

For more information, see Internet gateways in the Amazon VPC User Guide.

The following code example shows how to use attach-network-interface.

Amazon CLI

Example 1: To attach a network interface to an instance

The following attach-network-interface example attaches the specified network interface to the specified instance.

aws ec2 attach-network-interface \ --network-interface-id eni-0dc56a8d4640ad10a \ --instance-id i-1234567890abcdef0 \ --device-index 1

Output:

{ "AttachmentId": "eni-attach-01a8fc87363f07cf9" }

For more information, see Elastic network interfaces in the Amazon EC2 User Guide.

Example 2: To attach a network interface to an instance with multiple network cards

The following attach-network-interface example attaches the specified network interface to the specified instance and network card.

aws ec2 attach-network-interface \ --network-interface-id eni-07483b1897541ad83 \ --instance-id i-01234567890abcdef \ --network-card-index 1 \ --device-index 1

Output:

{ "AttachmentId": "eni-attach-0fbd7ee87a88cd06c" }

For more information, see Elastic network interfaces in the Amazon EC2 User Guide.

The following code example shows how to use attach-verified-access-trust-provider.

Amazon CLI

To attach a trust provider to an instance

The following attach-verified-access-trust-provider example attaches the specified Verified Access trust provider to the specified Verified Access instance.

aws ec2 attach-verified-access-trust-provider \ --verified-access-instance-id vai-0ce000c0b7643abea \ --verified-access-trust-provider-id vatp-0bb32de759a3e19e7

Output:

{ "VerifiedAccessTrustProvider": { "VerifiedAccessTrustProviderId": "vatp-0bb32de759a3e19e7", "Description": "", "TrustProviderType": "user", "UserTrustProviderType": "iam-identity-center", "PolicyReferenceName": "idc", "CreationTime": "2023-08-25T19:00:38", "LastUpdatedTime": "2023-08-25T19:00:38" }, "VerifiedAccessInstance": { "VerifiedAccessInstanceId": "vai-0ce000c0b7643abea", "Description": "", "VerifiedAccessTrustProviders": [ { "VerifiedAccessTrustProviderId": "vatp-0bb32de759a3e19e7", "TrustProviderType": "user", "UserTrustProviderType": "iam-identity-center" } ], "CreationTime": "2023-08-25T18:27:56", "LastUpdatedTime": "2023-08-25T18:27:56" } }

For more information, see Verified Access instances in the Amazon Verified Access User Guide.

The following code example shows how to use attach-volume.

Amazon CLI

To attach a volume to an instance

This example command attaches a volume (vol-1234567890abcdef0) to an instance (i-01474ef662b89480) as /dev/sdf.

Command:

aws ec2 attach-volume --volume-id vol-1234567890abcdef0 --instance-id i-01474ef662b89480 --device /dev/sdf

Output:

{ "AttachTime": "YYYY-MM-DDTHH:MM:SS.000Z", "InstanceId": "i-01474ef662b89480", "VolumeId": "vol-1234567890abcdef0", "State": "attaching", "Device": "/dev/sdf" }
  • For API details, see AttachVolume in Amazon CLI Command Reference.

The following code example shows how to use attach-vpn-gateway.

Amazon CLI

To attach a virtual private gateway to your VPC

The following attach-vpn-gateway example attaches the specified virtual private gateway to the specified VPC.

aws ec2 attach-vpn-gateway \ --vpn-gateway-id vgw-9a4cacf3 \ --vpc-id vpc-a01106c2

Output:

{ "VpcAttachment": { "State": "attaching", "VpcId": "vpc-a01106c2" } }

The following code example shows how to use authorize-client-vpn-ingress.

Amazon CLI

To add an authorization rule for a Client VPN endpoint

The following authorize-client-vpn-ingress example adds an ingress authorization rule that permits all clients to access the internet (0.0.0.0/0).

aws ec2 authorize-client-vpn-ingress \ --client-vpn-endpoint-id cvpn-endpoint-123456789123abcde \ --target-network-cidr 0.0.0.0/0 \ --authorize-all-groups

Output:

{ "Status": { "Code": "authorizing" } }

For more information, see Authorization Rules in the Amazon Client VPN Administrator Guide.

The following code example shows how to use authorize-security-group-egress.

Amazon CLI

To add a rule that allows outbound traffic to a specific address range

This example command adds a rule that grants access to the specified address ranges on TCP port 80.

Command (Linux):

aws ec2 authorize-security-group-egress --group-id sg-1a2b3c4d --ip-permissions IpProtocol=tcp,FromPort=80,ToPort=80,IpRanges='[{CidrIp=10.0.0.0/16}]'

Command (Windows):

aws ec2 authorize-security-group-egress --group-id sg-1a2b3c4d --ip-permissions IpProtocol=tcp,FromPort=80,ToPort=80,IpRanges=[{CidrIp=10.0.0.0/16}]

To add a rule that allows outbound traffic to a specific security group

This example command adds a rule that grants access to the specified security group on TCP port 80.

Command (Linux):

aws ec2 authorize-security-group-egress --group-id sg-1a2b3c4d --ip-permissions IpProtocol=tcp,FromPort=80,ToPort=80,UserIdGroupPairs='[{GroupId=sg-4b51a32f}]'

Command (Windows):

aws ec2 authorize-security-group-egress --group-id sg-1a2b3c4d --ip-permissions IpProtocol=tcp,FromPort=80,ToPort=80,UserIdGroupPairs=[{GroupId=sg-4b51a32f}]

The following code example shows how to use authorize-security-group-ingress.

Amazon CLI

Example 1: To add a rule that allows inbound SSH traffic

The following authorize-security-group-ingress example adds a rule that allows inbound traffic on TCP port 22 (SSH).

aws ec2 authorize-security-group-ingress \ --group-id sg-1234567890abcdef0 \ --protocol tcp \ --port 22 \ --cidr 203.0.113.0/24

Output:

{ "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-01afa97ef3e1bedfc", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "CidrIpv4": "203.0.113.0/24" } ] }

Example 2: To add a rule that allows inbound HTTP traffic from another security group

The following authorize-security-group-ingress example adds a rule that allows inbound access on TCP port 80 from the source security group sg-1a2b3c4d. The source group must be in the same VPC or in a peer VPC (requires a VPC peering connection). Incoming traffic is allowed based on the private IP addresses of instances that are associated with the source security group (not the public IP address or Elastic IP address).

aws ec2 authorize-security-group-ingress \ --group-id sg-1234567890abcdef0 \ --protocol tcp \ --port 80 \ --source-group sg-1a2b3c4d

Output:

{ "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-01f4be99110f638a7", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "ReferencedGroupInfo": { "GroupId": "sg-1a2b3c4d", "UserId": "123456789012" } } ] }

Example 3: To add multiple rules in the same call

The following authorize-security-group-ingress example uses the ip-permissions parameter to add two inbound rules, one that enables inbound access on TCP port 3389 (RDP) and the other that enables ping/ICMP.

aws ec2 authorize-security-group-ingress --group-id sg-1234567890abcdef0 --ip-permissions IpProtocol=tcp,FromPort=3389,ToPort=3389,IpRanges="[{CidrIp=172.31.0.0/16}]" IpProtocol=icmp,FromPort=-1,ToPort=-1,IpRanges="[{CidrIp=172.31.0.0/16}]"

Output:

{ "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-00e06e5d3690f29f3", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "tcp", "FromPort": 3389, "ToPort": 3389, "CidrIpv4": "172.31.0.0/16" }, { "SecurityGroupRuleId": "sgr-0a133dd4493944b87", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "tcp", "FromPort": -1, "ToPort": -1, "CidrIpv4": "172.31.0.0/16" } ] }

Example 4: To add a rule for ICMP traffic

The following authorize-security-group-ingress example uses the ip-permissions parameter to add an inbound rule that allows the ICMP message Destination Unreachable: Fragmentation Needed and Don't Fragment was Set (Type 3, Code 4) from anywhere.

aws ec2 authorize-security-group-ingress --group-id sg-1234567890abcdef0 --ip-permissions IpProtocol=icmp,FromPort=3,ToPort=4,IpRanges="[{CidrIp=0.0.0.0/0}]"

Output:

{ "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-0de3811019069b787", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "icmp", "FromPort": 3, "ToPort": 4, "CidrIpv4": "0.0.0.0/0" } ] }

Example 5: To add a rule for IPv6 traffic

The following authorize-security-group-ingress example uses the ip-permissions parameter to add an inbound rule that allows SSH access (port 22) from the IPv6 range 2001:db8:1234:1a00::/64.

aws ec2 authorize-security-group-ingress --group-id sg-1234567890abcdef0 --ip-permissions IpProtocol=tcp,FromPort=22,ToPort=22,Ipv6Ranges="[{CidrIpv6=2001:db8:1234:1a00::/64}]"

Output:

{ "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-0455bc68b60805563", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "CidrIpv6": "2001:db8:1234:1a00::/64" } ] }

Example 6: To add a rule for ICMPv6 traffic

The following authorize-security-group-ingress example uses the ip-permissions parameter to add an inbound rule that allows ICMPv6 traffic from anywhere.

aws ec2 authorize-security-group-ingress --group-id sg-1234567890abcdef0 --ip-permissions IpProtocol=icmpv6,Ipv6Ranges="[{CidrIpv6=::/0}]"

Output:

{ "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-04b612d9363ab6327", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "icmpv6", "FromPort": -1, "ToPort": -1, "CidrIpv6": "::/0" } ] }

Example 7: Add a rule with a description

The following authorize-security-group-ingress example uses the ip-permissions parameter to add an inbound rule that allows RDP traffic from the specified IPv4 address range. The rule includes a description to help you identify it later.

aws ec2 authorize-security-group-ingress --group-id sg-1234567890abcdef0 --ip-permissions IpProtocol=tcp,FromPort=3389,ToPort=3389,IpRanges="[{CidrIp=203.0.113.0/24,Description='RDP access from NY office'}]"

Output:

{ "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-0397bbcc01e974db3", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "tcp", "FromPort": 3389, "ToPort": 3389, "CidrIpv4": "203.0.113.0/24", "Description": "RDP access from NY office" } ] }

Example 8: To add an inbound rule that uses a prefix list

The following authorize-security-group-ingress example uses the ip-permissions parameter to add an inbound rule that allows all traffic for the CIDR ranges in the specified prefix list.

aws ec2 authorize-security-group-ingress --group-id sg-04a351bfe432d4e71 --ip-permissions IpProtocol=all,PrefixListIds="[{PrefixListId=pl-002dc3ec097de1514}]"

Output:

{ "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-09c74b32f677c6c7c", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "-1", "FromPort": -1, "ToPort": -1, "PrefixListId": "pl-0721453c7ac4ec009" } ] }

For more information, see Security groups in the Amazon VPC User Guide.

The following code example shows how to use bundle-instance.

Amazon CLI

To bundle an instance

This example bundles instance i-1234567890abcdef0 to a bucket called bundletasks. Before you specify values for your access key IDs, review and follow the guidance in Best Practices for Managing Amazon Access Keys.

Command:

aws ec2 bundle-instance --instance-id i-1234567890abcdef0 --bucket bundletasks --prefix winami --owner-akid AK12AJEXAMPLE --owner-sak example123example

Output:

{ "BundleTask": { "UpdateTime": "2015-09-15T13:30:35.000Z", "InstanceId": "i-1234567890abcdef0", "Storage": { "S3": { "Prefix": "winami", "Bucket": "bundletasks" } }, "State": "pending", "StartTime": "2015-09-15T13:30:35.000Z", "BundleId": "bun-294e041f" } }
  • For API details, see BundleInstance in Amazon CLI Command Reference.

The following code example shows how to use cancel-bundle-task.

Amazon CLI

To cancel a bundle task

This example cancels bundle task bun-2a4e041c.

Command:

aws ec2 cancel-bundle-task --bundle-id bun-2a4e041c

Output:

{ "BundleTask": { "UpdateTime": "2015-09-15T13:27:40.000Z", "InstanceId": "i-1234567890abcdef0", "Storage": { "S3": { "Prefix": "winami", "Bucket": "bundletasks" } }, "State": "cancelling", "StartTime": "2015-09-15T13:24:35.000Z", "BundleId": "bun-2a4e041c" } }

The following code example shows how to use cancel-capacity-reservation-fleets.

Amazon CLI

To cancel a Capacity Reservation Fleet

The following cancel-capacity-reservation-fleets example cancels the specified Capacity Reservation Fleet and the capacity it reserves. When you cancel a Fleet, its status changes to cancelled, and it can no longer create new Capacity Reservations. Additionally, all of the individual Capacity Reservations in the Fleet are cancelled, and the instances that were previously running in the reserved capacity continue to run normally in shared capacity.

aws ec2 cancel-capacity-reservation-fleets \ --capacity-reservation-fleet-ids crf-abcdef01234567890

Output:

{ "SuccessfulFleetCancellations": [ { "CurrentFleetState": "cancelling", "PreviousFleetState": "active", "CapacityReservationFleetId": "crf-abcdef01234567890" } ], "FailedFleetCancellations": [] }

For more information about Capacity Reservation Fleets, see Capacity Reservation Fleets in the Amazon EC2 User Guide.

The following code example shows how to use cancel-capacity-reservation.

Amazon CLI

To cancel a capacity reservation

The following cancel-capacity-reservation example cancels the specified capacity reservation.

aws ec2 cancel-capacity-reservation \ --capacity-reservation-id cr-1234abcd56EXAMPLE

Output:

{ "Return": true }

For more information, see Canceling a Capacity Reservation in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

The following code example shows how to use cancel-conversion-task.

Amazon CLI

To cancel an active conversion of an instance or a volume

This example cancels the upload associated with the task ID import-i-fh95npoc. If the command succeeds, no output is returned.

Command:

aws ec2 cancel-conversion-task --conversion-task-id import-i-fh95npoc

The following code example shows how to use cancel-export-task.

Amazon CLI

To cancel an active export task

This example cancels an active export task with the task ID export-i-fgelt0i7. If the command succeeds, no output is returned.

Command:

aws ec2 cancel-export-task --export-task-id export-i-fgelt0i7

The following code example shows how to use cancel-image-launch-permission.

Amazon CLI

To cancel having an AMI shared with your Amazon Web Services account

The following cancel-image-launch-permission example removes your account from the specified AMI's launch permissions.

aws ec2 cancel-image-launch-permission \ --image-id ami-0123456789example \ --region us-east-1

Output:

{ "Return": true }

For more information, see Cancel having an AMI shared with your Amazon Web Services account in the Amazon EC2 User Guide.

The following code example shows how to use cancel-import-task.

Amazon CLI

To cancel an import task

The following cancel-import-task example cancels the specified import image task.

aws ec2 cancel-import-task \ --import-task-id import-ami-1234567890abcdef0

Output:

{ "ImportTaskId": "import-ami-1234567890abcdef0", "PreviousState": "active", "State": "deleting" }

The following code example shows how to use cancel-reserved-instances-listing.

Amazon CLI

To cancel a Reserved Instance listing

The following cancel-reserved-instances-listing example cancels the specified Reserved Instance listing.

aws ec2 cancel-reserved-instances-listing \ --reserved-instances-listing-id 5ec28771-05ff-4b9b-aa31-9e57dexample

The following code example shows how to use cancel-spot-fleet-requests.

Amazon CLI

Example 1: To cancel a Spot fleet request and terminate the associated instances

The following cancel-spot-fleet-requests example cancels a Spot Fleet request and terminates the associated On-Demand Instances and Spot Instances.

aws ec2 cancel-spot-fleet-requests \ --spot-fleet-request-ids sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE \ --terminate-instances

Output:

{ "SuccessfulFleetRequests": [ { "SpotFleetRequestId": "sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE", "CurrentSpotFleetRequestState": "cancelled_terminating", "PreviousSpotFleetRequestState": "active" } ], "UnsuccessfulFleetRequests": [] }

For more information, see Cancel a Spot Fleet request in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

Example 2: To cancel a Spot fleet request without terminating the associated instances

The following cancel-spot-fleet-requests example cancels a Spot Fleet request without terminating the associated On-Demand Instances and Spot Instances.

aws ec2 cancel-spot-fleet-requests \ --spot-fleet-request-ids sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE \ --no-terminate-instances

Output:

{ "SuccessfulFleetRequests": [ { "SpotFleetRequestId": "sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE", "CurrentSpotFleetRequestState": "cancelled_running", "PreviousSpotFleetRequestState": "active" } ], "UnsuccessfulFleetRequests": [] }

For more information, see Cancel a Spot Fleet request in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

The following code example shows how to use cancel-spot-instance-requests.

Amazon CLI

To cancel Spot Instance requests

This example command cancels a Spot Instance request.

Command:

aws ec2 cancel-spot-instance-requests --spot-instance-request-ids sir-08b93456

Output:

{ "CancelledSpotInstanceRequests": [ { "State": "cancelled", "SpotInstanceRequestId": "sir-08b93456" } ] }

The following code example shows how to use confirm-product-instance.

Amazon CLI

To confirm the product instance

This example determines whether the specified product code is associated with the specified instance.

Command:

aws ec2 confirm-product-instance --product-code 774F4FF8 --instance-id i-1234567890abcdef0

Output:

{ "OwnerId": "123456789012" }

The following code example shows how to use copy-fpga-image.

Amazon CLI

To copy an Amazon FPGA image

This example copies the specified AFI from the us-east-1 region to the current region (eu-west-1).

Command:

aws ec2 copy-fpga-image --name copy-afi --source-fpga-image-id afi-0d123e123bfc85abc --source-region us-east-1 --region eu-west-1

Output:

{ "FpgaImageId": "afi-06b12350a123fbabc" }
  • For API details, see CopyFpgaImage in Amazon CLI Command Reference.

The following code example shows how to use copy-image.

Amazon CLI

Example 1: To copy an AMI to another Region

The following copy-image example command copies the specified AMI from the us-west-2 Region to the us-east-1 Region and adds a short description.

aws ec2 copy-image \ --region us-east-1 \ --name ami-name \ --source-region us-west-2 \ --source-image-id ami-066877671789bd71b \ --description "This is my copied image."

Output:

{ "ImageId": "ami-0123456789abcdefg" }

For more information, see Copy an AMI in the Amazon EC2 User Guide.

Example 2: To copy an AMI to another Region and encrypt the backing snapshot

The following copy-image command copies the specified AMI from the us-west-2 Region to the current Region and encrypts the backing snapshot using the specified KMS key.

aws ec2 copy-image \ --source-region us-west-2 \ --name ami-name \ --source-image-id ami-066877671789bd71b \ --encrypted \ --kms-key-id alias/my-kms-key

Output:

{ "ImageId": "ami-0123456789abcdefg" }

For more information, see Copy an AMI in the Amazon EC2 User Guide.

Example 3: To include your user-defined AMI tags when copying an AMI

The following copy-image command uses the --copy-image-tags parameter to copy your user-defined AMI tags when copying the AMI.

aws ec2 copy-image \ --region us-east-1 \ --name ami-name \ --source-region us-west-2 \ --source-image-id ami-066877671789bd71b \ --description "This is my copied image." --copy-image-tags

Output:

{ "ImageId": "ami-0123456789abcdefg" }

For more information, see Copy an AMI in the Amazon EC2 User Guide.

  • For API details, see CopyImage in Amazon CLI Command Reference.

The following code example shows how to use copy-snapshot.

Amazon CLI

Example 1: To copy a snapshot to another Region

The following copy-snapshot example command copies the specified snapshot from the us-west-2 Region to the us-east-1 Region and adds a short description.

aws ec2 copy-snapshot \ --region us-east-1 \ --source-region us-west-2 \ --source-snapshot-id snap-066877671789bd71b \ --description "This is my copied snapshot."

Output:

{ "SnapshotId": "snap-066877671789bd71b" }

For more information, see Copy an Amazon EBS snapshot in the Amazon EC2 User Guide.

Example 2: To copy an unencrypted snapshot and encrypt the new snapshot

The following copy-snapshot command copies the specified unencrypted snapshot from the us-west-2 Region to the current Region and encrypts the new snapshot using the specified KMS key.

aws ec2 copy-snapshot \ --source-region us-west-2 \ --source-snapshot-id snap-066877671789bd71b \ --encrypted \ --kms-key-id alias/my-kms-key

Output:

{ "SnapshotId": "snap-066877671789bd71b" }

For more information, see Copy an Amazon EBS snapshot in the Amazon EC2 User Guide.

  • For API details, see CopySnapshot in Amazon CLI Command Reference.

The following code example shows how to use create-capacity-reservation-fleet.

Amazon CLI

To create a Capacity Reservation Fleet

The following create-capacity-reservation-fleet example creates a Capacity Reservation Fleet for the instance type specified in the request, up to the specified total target capacity. The number of instances for which the Capacity Reservation Fleet reserves capacity depends on the total target capacity and instance type weights that you specify in the request. Specify the instance types to use and a priority for each of the designated instance types.

aws ec2 create-capacity-reservation-fleet \ --total-target-capacity 24 \ --allocation-strategy prioritized \ --instance-match-criteria open \ --tenancy default \ --end-date 2022-12-31T23:59:59.000Z \ --instance-type-specifications file://instanceTypeSpecification.json

Contents of instanceTypeSpecification.json:

[ { "InstanceType": "m5.xlarge", "InstancePlatform": "Linux/UNIX", "Weight": 3.0, "AvailabilityZone":"us-east-1a", "EbsOptimized": true, "Priority" : 1 } ]

Output:

{ "Status": "submitted", "TotalFulfilledCapacity": 0.0, "CapacityReservationFleetId": "crf-abcdef01234567890", "TotalTargetCapacity": 24 }

For more information about Capacity Reservation Fleets, see Capacity Reservation Fleets in the Amazon EC2 User Guide.

For more information about instance type weight and total target capacity, see Instance type weight and Total target capacity in the Amazon EC2 User Guide.

For more information about designating priority for specified instance types, see Allocation strategy and Instance type priority in the Amazon EC2 User Guide.

The following code example shows how to use create-capacity-reservation.

Amazon CLI

Example 1: To create a Capacity Reservation

The following create-capacity-reservation example creates a capacity reservation in the eu-west-1a Availability Zone, into which you can launch three t2.medium instances running a Linux/Unix operating system. By default, the capacity reservation is created with open instance matching criteria and no support for ephemeral storage, and it remains active until you manually cancel it.

aws ec2 create-capacity-reservation \ --availability-zone eu-west-1a \ --instance-type t2.medium \ --instance-platform Linux/UNIX \ --instance-count 3

Output:

{ "CapacityReservation": { "CapacityReservationId": "cr-1234abcd56EXAMPLE ", "EndDateType": "unlimited", "AvailabilityZone": "eu-west-1a", "InstanceMatchCriteria": "open", "EphemeralStorage": false, "CreateDate": "2019-08-16T09:27:35.000Z", "AvailableInstanceCount": 3, "InstancePlatform": "Linux/UNIX", "TotalInstanceCount": 3, "State": "active", "Tenancy": "default", "EbsOptimized": false, "InstanceType": "t2.medium" } }

Example 2: To create a Capacity Reservation that automatically ends at a specified date/time

The following create-capacity-reservation example creates a capacity reservation in the eu-west-1a Availability Zone, into which you can launch three m5.large instances running a Linux/Unix operating system. This capacity reservation automatically ends on 08/31/2019 at 23:59:59.

aws ec2 create-capacity-reservation \ --availability-zone eu-west-1a \ --instance-type m5.large \ --instance-platform Linux/UNIX \ --instance-count 3 \ --end-date-type limited \ --end-date 2019-08-31T23:59:59Z

Output:

{ "CapacityReservation": { "CapacityReservationId": "cr-1234abcd56EXAMPLE ", "EndDateType": "limited", "AvailabilityZone": "eu-west-1a", "EndDate": "2019-08-31T23:59:59.000Z", "InstanceMatchCriteria": "open", "EphemeralStorage": false, "CreateDate": "2019-08-16T10:15:53.000Z", "AvailableInstanceCount": 3, "InstancePlatform": "Linux/UNIX", "TotalInstanceCount": 3, "State": "active", "Tenancy": "default", "EbsOptimized": false, "InstanceType": "m5.large" } }

Example 3: To create a Capacity Reservation that accepts only targeted instance launches

The following create-capacity-reservation example creates a capacity reservation that accepts only targeted instance launches.

aws ec2 create-capacity-reservation \ --availability-zone eu-west-1a \ --instance-type m5.large \ --instance-platform Linux/UNIX \ --instance-count 3 \ --instance-match-criteria targeted

Output:

{ "CapacityReservation": { "CapacityReservationId": "cr-1234abcd56EXAMPLE ", "EndDateType": "unlimited", "AvailabilityZone": "eu-west-1a", "InstanceMatchCriteria": "targeted", "EphemeralStorage": false, "CreateDate": "2019-08-16T10:21:57.000Z", "AvailableInstanceCount": 3, "InstancePlatform": "Linux/UNIX", "TotalInstanceCount": 3, "State": "active", "Tenancy": "default", "EbsOptimized": false, "InstanceType": "m5.large" } }

For more information, see Creating a Capacity Reservation in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

The following code example shows how to use create-carrier-gateway.

Amazon CLI

To create a carrier gateway

The following create-carrier-gateway example creates a carrier gateway for the specified VPC.

aws ec2 create-carrier-gateway \ --vpc-id vpc-0c529aEXAMPLE1111

Output:

{ "CarrierGateway": { "CarrierGatewayId": "cagw-0465cdEXAMPLE1111", "VpcId": "vpc-0c529aEXAMPLE1111", "State": "pending", "OwnerId": "123456789012" } }

For more information, see Carrier gateways in the Amazon Wavelength User Guide.

The following code example shows how to use create-client-vpn-endpoint.

Amazon CLI

To create a Client VPN endpoint

The following create-client-vpn-endpoint example creates a Client VPN endpoint that uses mutual authentication and specifies a value for the client CIDR block.

aws ec2 create-client-vpn-endpoint \ --client-cidr-block "172.31.0.0/16" \ --server-certificate-arn arn:aws:acm:ap-south-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-11111EXAMPLE \ --authentication-options Type=certificate-authentication,MutualAuthentication={ClientRootCertificateChainArn=arn:aws:acm:ap-south-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-22222EXAMPLE} \ --connection-log-options Enabled=false

Output:

{ "ClientVpnEndpointId": "cvpn-endpoint-123456789123abcde", "Status": { "Code": "pending-associate" }, "DnsName": "cvpn-endpoint-123456789123abcde.prod.clientvpn.ap-south-1.amazonaws.com" }

For more information, see Client VPN Endpoints in the Amazon Client VPN Administrator Guide.

The following code example shows how to use create-client-vpn-route.

Amazon CLI

To create a route for a Client VPN endpoint

The following create-client-vpn-route example adds a route to the internet (0.0.0.0/0) for the specified subnet of the Client VPN endpoint.

aws ec2 create-client-vpn-route \ --client-vpn-endpoint-id cvpn-endpoint-123456789123abcde \ --destination-cidr-block 0.0.0.0/0 \ --target-vpc-subnet-id subnet-0123456789abcabca

Output:

{ "Status": { "Code": "creating" } }

For more information, see Routes in the Amazon Client VPN Administrator Guide.

The following code example shows how to use create-coip-cidr.

Amazon CLI

To create a range of customer-owned IP (CoIP) addresses

The following create-coip-cidr example creates the specified range of CoIP addresses in the specified CoIP pool.

aws ec2 create-coip-cidr \ --cidr 15.0.0.0/24 \ --coip-pool-id ipv4pool-coip-1234567890abcdefg

Output:

{ "CoipCidr": { "Cidr": "15.0.0.0/24", "CoipPoolId": "ipv4pool-coip-1234567890abcdefg", "LocalGatewayRouteTableId": "lgw-rtb-abcdefg1234567890" } }

For more information, see Customer-owned IP addresses in the Amazon Outposts User Guide.

  • For API details, see CreateCoipCidr in Amazon CLI Command Reference.

The following code example shows how to use create-coip-pool.

Amazon CLI

To create a pool of customer-owned IP (CoIP) addresses

The following create-coip-pool example creates a CoIP pool for CoIP addresses in the specified local gateway route table.

aws ec2 create-coip-pool \ --local-gateway-route-table-id lgw-rtb-abcdefg1234567890

Output:

{ "CoipPool": { "PoolId": "ipv4pool-coip-1234567890abcdefg", "LocalGatewayRouteTableId": "lgw-rtb-abcdefg1234567890", "PoolArn": "arn:aws:ec2:us-west-2:123456789012:coip-pool/ipv4pool-coip-1234567890abcdefg" } }

For more information, see Customer-owned IP addresses in the Amazon Outposts User Guide.

  • For API details, see CreateCoipPool in Amazon CLI Command Reference.

The following code example shows how to use create-customer-gateway.

Amazon CLI

To create a customer gateway

This example creates a customer gateway with the specified IP address for its outside interface.

Command:

aws ec2 create-customer-gateway --type ipsec.1 --public-ip 12.1.2.3 --bgp-asn 65534

Output:

{ "CustomerGateway": { "CustomerGatewayId": "cgw-0e11f167", "IpAddress": "12.1.2.3", "State": "available", "Type": "ipsec.1", "BgpAsn": "65534" } }

The following code example shows how to use create-default-subnet.

Amazon CLI

To create a default subnet

This example creates a default subnet in Availability Zone us-east-2a.

Command:

aws ec2 create-default-subnet --availability-zone us-east-2a { "Subnet": { "AvailabilityZone": "us-east-2a", "Tags": [], "AvailableIpAddressCount": 4091, "DefaultForAz": true, "Ipv6CidrBlockAssociationSet": [], "VpcId": "vpc-1a2b3c4d", "State": "available", "MapPublicIpOnLaunch": true, "SubnetId": "subnet-1122aabb", "CidrBlock": "172.31.32.0/20", "AssignIpv6AddressOnCreation": false } }

The following code example shows how to use create-default-vpc.

Amazon CLI

To create a default VPC

This example creates a default VPC.

Command:

aws ec2 create-default-vpc

Output:

{ "Vpc": { "VpcId": "vpc-8eaae5ea", "InstanceTenancy": "default", "Tags": [], "Ipv6CidrBlockAssociationSet": [], "State": "pending", "DhcpOptionsId": "dopt-af0c32c6", "CidrBlock": "172.31.0.0/16", "IsDefault": true } }

The following code example shows how to use create-dhcp-options.

Amazon CLI

To create a set of DHCP options

The following create-dhcp-options example creates a set of DHCP options that specifies the domain name, the domain name servers, and the NetBIOS node type.

aws ec2 create-dhcp-options \ --dhcp-configuration \ "Key=domain-name-servers,Values=10.2.5.1,10.2.5.2" \ "Key=domain-name,Values=example.com" \ "Key=netbios-node-type,Values=2"

Output:

{ "DhcpOptions": { "DhcpConfigurations": [ { "Key": "domain-name", "Values": [ { "Value": "example.com" } ] }, { "Key": "domain-name-servers", "Values": [ { "Value": "10.2.5.1" }, { "Value": "10.2.5.2" } ] }, { "Key": "netbios-node-type", "Values": [ { "Value": "2" } ] } ], "DhcpOptionsId": "dopt-06d52773eff4c55f3" } }

The following code example shows how to use create-egress-only-internet-gateway.

Amazon CLI

To create an egress-only Internet gateway

This example creates an egress-only Internet gateway for the specified VPC.

Command:

aws ec2 create-egress-only-internet-gateway --vpc-id vpc-0c62a468

Output:

{ "EgressOnlyInternetGateway": { "EgressOnlyInternetGatewayId": "eigw-015e0e244e24dfe8a", "Attachments": [ { "State": "attached", "VpcId": "vpc-0c62a468" } ] } }

The following code example shows how to use create-fleet.

Amazon CLI

Example 1: To create an EC2 Fleet that launches Spot Instances as the default purchasing model

The following create-fleet example creates an EC2 Fleet using the minimum parameters required to launch a fleet: a launch template, target capacity, and default purchasing model. The launch template is identified by its launch template ID and version number. The target capacity for the fleet is 2 instances, and the default purchasing model is spot, which results in the fleet launching 2 Spot Instances.

When you create an EC2 Fleet, use a JSON file to specify information about the instances to launch.

aws ec2 create-fleet \ --cli-input-json file://file_name.json

Contents of file_name.json:

{ "LaunchTemplateConfigs": [ { "LaunchTemplateSpecification": { "LaunchTemplateId": "lt-0e8c754449b27161c", "Version": "1" } } ], "TargetCapacitySpecification": { "TotalTargetCapacity": 2, "DefaultTargetCapacityType": "spot" } }

Output:

{ "FleetId": "fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE" }

Example 2: To create an EC2 Fleet that launches On-Demand Instances as the default purchasing model

The following create-fleet example creates an EC2 Fleet using the minimum parameters required to launch a fleet: a launch template, target capacity, and default purchasing model. The launch template is identified by its launch template ID and version number. The target capacity for the fleet is 2 instances, and the default purchasing model is on-demand, which results in the fleet launching 2 On-Demand Instances.

When you create an EC2 Fleet, use a JSON file to specify information about the instances to launch.

aws ec2 create-fleet \ --cli-input-json file://file_name.json

Contents of file_name.json:

{ "LaunchTemplateConfigs": [ { "LaunchTemplateSpecification": { "LaunchTemplateId": "lt-0e8c754449b27161c", "Version": "1" } } ], "TargetCapacitySpecification": { "TotalTargetCapacity": 2, "DefaultTargetCapacityType": "on-demand" } }

Output:

{ "FleetId": "fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE" }

Example 3: To create an EC2 Fleet that launches On-Demand Instances as the primary capacity

The following create-fleet example creates an EC2 Fleet that specifies the total target capacity of 2 instances for the fleet, and a target capacity of 1 On-Demand Instance. The default purchasing model is spot. The fleet launches 1 On-Demand Instance as specified, but needs to launch one more instance to fulfil the total target capacity. The purchasing model for the difference is calculated as TotalTargetCapacity - OnDemandTargetCapacity = DefaultTargetCapacityType, which results in the fleet launching 1 Spot Instance.

When you create an EC2 Fleet, use a JSON file to specify information about the instances to launch.

aws ec2 create-fleet \ --cli-input-json file://file_name.json

Contents of file_name.json:

{ "LaunchTemplateConfigs": [ { "LaunchTemplateSpecification": { "LaunchTemplateId": "lt-0e8c754449b27161c", "Version": "1" } } ], "TargetCapacitySpecification": { "TotalTargetCapacity": 2, "OnDemandTargetCapacity":1, "DefaultTargetCapacityType": "spot" } }

Output:

{ "FleetId": "fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE" }

Example 4: To create an EC2 Fleet that launches Spot Instances using the lowest-price allocation strategy

If the allocation strategy for Spot Instances is not specified, the default allocation strategy, which is lowest-price, is used. The following create-fleet example creates an EC2 Fleet using the lowest-price allocation strategy. The three launch specifications, which override the launch template, have different instance types but the same weighted capacity and subnet. The total target capacity is 2 instances and the default purchasing model is spot. The EC2 Fleet launches 2 Spot Instances using the instance type of the launch specification with the lowest price.

When you create an EC2 Fleet, use a JSON file to specify information about the instances to launch.

aws ec2 create-fleet \ --cli-input-json file://file_name.jsonContents of file_name.json:: { "LaunchTemplateConfigs": [ { "LaunchTemplateSpecification": { "LaunchTemplateId": "lt-0e8c754449b27161c", "Version": "1" }, "Overrides": [ { "InstanceType": "c4.large", "WeightedCapacity": 1, "SubnetId": "subnet-a4f6c5d3" }, { "InstanceType": "c3.large", "WeightedCapacity": 1, "SubnetId": "subnet-a4f6c5d3" }, { "InstanceType": "c5.large", "WeightedCapacity": 1, "SubnetId": "subnet-a4f6c5d3" } ] } ], "TargetCapacitySpecification": { "TotalTargetCapacity": 2, "DefaultTargetCapacityType": "spot" } }

Output:

{ "FleetId": "fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE" }
  • For API details, see CreateFleet in Amazon CLI Command Reference.

The following code example shows how to use create-flow-logs.

Amazon CLI

Example 1: To create a flow log

The following create-flow-logs example creates a flow log that captures all rejected traffic for the specified network interface. The flow logs are delivered to a log group in CloudWatch Logs using the permissions in the specified IAM role.

aws ec2 create-flow-logs \ --resource-type NetworkInterface \ --resource-ids eni-11223344556677889 \ --traffic-type REJECT \ --log-group-name my-flow-logs \ --deliver-logs-permission-arn arn:aws:iam::123456789101:role/publishFlowLogs

Output:

{ "ClientToken": "so0eNA2uSHUNlHI0S2cJ305GuIX1CezaRdGtexample", "FlowLogIds": [ "fl-12345678901234567" ], "Unsuccessful": [] }

For more information, see VPC Flow Logs in the Amazon VPC User Guide.

Example 2: To create a flow log with a custom format

The following create-flow-logs example creates a flow log that captures all traffic for the specified VPC and delivers the flow logs to an Amazon S3 bucket. The --log-format parameter specifies a custom format for the flow log records. To run this command on Windows, change the single quotes (') to double quotes (").

aws ec2 create-flow-logs \ --resource-type VPC \ --resource-ids vpc-00112233344556677 \ --traffic-type ALL \ --log-destination-type s3 \ --log-destination arn:aws:s3:::flow-log-bucket/my-custom-flow-logs/ \ --log-format '${version} ${vpc-id} ${subnet-id} ${instance-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${tcp-flags} ${type} ${pkt-srcaddr} ${pkt-dstaddr}'

For more information, see VPC Flow Logs in the Amazon VPC User Guide.

Example 3: To create a flow log with a one-minute maximum aggregation interval

The following create-flow-logs example creates a flow log that captures all traffic for the specified VPC and delivers the flow logs to an Amazon S3 bucket. The --max-aggregation-interval parameter specifies a maximum aggregation interval of 60 seconds (1 minute).

aws ec2 create-flow-logs \ --resource-type VPC \ --resource-ids vpc-00112233344556677 \ --traffic-type ALL \ --log-destination-type s3 \ --log-destination arn:aws:s3:::flow-log-bucket/my-custom-flow-logs/ \ --max-aggregation-interval 60

For more information, see VPC Flow Logs in the Amazon VPC User Guide.

  • For API details, see CreateFlowLogs in Amazon CLI Command Reference.

The following code example shows how to use create-fpga-image.

Amazon CLI

To create an Amazon FPGA image

This example creates an AFI from the specified tarball in the specified bucket.

Command:

aws ec2 create-fpga-image --name my-afi --description test-afi --input-storage-location Bucket=my-fpga-bucket,Key=dcp/17_12_22-103226.Developer_CL.tar --logs-storage-location Bucket=my-fpga-bucket,Key=logs

Output:

{ "FpgaImageId": "afi-0d123e123bfc85abc", "FpgaImageGlobalId": "agfi-123cb27b5e84a0abc" }

The following code example shows how to use create-image.

Amazon CLI

Example 1: To create an AMI from an Amazon EBS-backed instance

The following create-image example creates an AMI from the specified instance.

aws ec2 create-image \ --instance-id i-1234567890abcdef0 \ --name "My server" \ --description "An AMI for my server"

Output:

{ "ImageId": "ami-abcdef01234567890" }

For more information about specifying a block device mapping for your AMI, see Specifying a block device mapping for an AMI in the Amazon EC2 User Guide.

Example 2: To create an AMI from an Amazon EBS-backed instance without reboot

The following create-image example creates an AMI and sets the --no-reboot parameter, so that the instance is not rebooted before the image is created.

aws ec2 create-image \ --instance-id i-1234567890abcdef0 \ --name "My server" \ --no-reboot

Output:

{ "ImageId": "ami-abcdef01234567890" }

For more information about specifying a block device mapping for your AMI, see Specifying a block device mapping for an AMI in the Amazon EC2 User Guide.

Example 3: To tag an AMI and snapshots on creation

The following create-image example creates an AMI, and tags the AMI and the snapshots with the same tag cost-center=cc123

aws ec2 create-image \ --instance-id i-1234567890abcdef0 \ --name "My server" \ --tag-specifications "ResourceType=image,Tags=[{Key=cost-center,Value=cc123}]" "ResourceType=snapshot,Tags=[{Key=cost-center,Value=cc123}]"

Output:

{ "ImageId": "ami-abcdef01234567890" }

For more information about tagging your resources on creation, see Add tags on resource creation in the Amazon EC2 User Guide.

  • For API details, see CreateImage in Amazon CLI Command Reference.

The following code example shows how to use create-instance-connect-endpoint.

Amazon CLI

To create an EC2 Instance Connect Endpoint

The following create-instance-connect-endpoint example creates an EC2 Instance Connect Endpoint in the specified subnet.

aws ec2 create-instance-connect-endpoint \ --region us-east-1 \ --subnet-id subnet-0123456789example

Output:

{ "VpcId": "vpc-0123abcd", "InstanceConnectEndpointArn": "arn:aws:ec2:us-east-1:111111111111:instance-connect-endpoint/eice-0123456789example", "AvailabilityZone": "us-east-1a", "NetworkInterfaceIds": [ "eni-0123abcd" ], "PreserveClientIp": true, "Tags": [], "FipsDnsName": "eice-0123456789example.0123abcd.fips.ec2-instance-connect-endpoint.us-east-1.amazonaws.com", "StateMessage": "", "State": "create-complete", "DnsName": "eice-0123456789example.0123abcd.ec2-instance-connect-endpoint.us-east-1.amazonaws.com", "SubnetId": "subnet-0123abcd", "OwnerId": "111111111111", "SecurityGroupIds": [ "sg-0123abcd" ], "InstanceConnectEndpointId": "eice-0123456789example", "CreatedAt": "2023-04-07T15:43:53.000Z" }

For more information, see Create an EC2 Instance Connect Endpoint in the Amazon EC2 User Guide.

The following code example shows how to use create-instance-event-window.

Amazon CLI

Example 1: To create an event window with a time range

The following create-instance-event-window example creates an event window with a time range. You can't also specify the cron-expression parameter.

aws ec2 create-instance-event-window \ --region us-east-1 \ --time-range StartWeekDay=monday,StartHour=2,EndWeekDay=wednesday,EndHour=8 \ --tag-specifications "ResourceType=instance-event-window,Tags=[{Key=K1,Value=V1}]" \ --name myEventWindowName

Output:

{ "InstanceEventWindow": { "InstanceEventWindowId": "iew-0abcdef1234567890", "TimeRanges": [ { "StartWeekDay": "monday", "StartHour": 2, "EndWeekDay": "wednesday", "EndHour": 8 } ], "Name": "myEventWindowName", "State": "creating", "Tags": [ { "Key": "K1", "Value": "V1" } ] } }

For event window constraints, see Considerations in the Scheduled Events section of the Amazon EC2 User Guide.

Example 2: To create an event window with a cron expression

The following create-instance-event-window example creates an event window with a cron expression. You can't also specify the time-range parameter.

aws ec2 create-instance-event-window \ --region us-east-1 \ --cron-expression "* 21-23 * * 2,3" \ --tag-specifications "ResourceType=instance-event-window,Tags=[{Key=K1,Value=V1}]" \ --name myEventWindowName

Output:

{ "InstanceEventWindow": { "InstanceEventWindowId": "iew-0abcdef1234567890", "Name": "myEventWindowName", "CronExpression": "* 21-23 * * 2,3", "State": "creating", "Tags": [ { "Key": "K1", "Value": "V1" } ] } }

For event window constraints, see Considerations in the Scheduled Events section of the Amazon EC2 User Guide.

The following code example shows how to use create-instance-export-task.

Amazon CLI

To export an instance

This example command creates a task to export the instance i-1234567890abcdef0 to the Amazon S3 bucket myexportbucket.

Command:

aws ec2 create-instance-export-task --description "RHEL5 instance" --instance-id i-1234567890abcdef0 --target-environment vmware --export-to-s3-task DiskImageFormat=vmdk,ContainerFormat=ova,S3Bucket=myexportbucket,S3Prefix=RHEL5

Output:

{ "ExportTask": { "State": "active", "InstanceExportDetails": { "InstanceId": "i-1234567890abcdef0", "TargetEnvironment": "vmware" }, "ExportToS3Task": { "S3Bucket": "myexportbucket", "S3Key": "RHEL5export-i-fh8sjjsq.ova", "DiskImageFormat": "vmdk", "ContainerFormat": "ova" }, "Description": "RHEL5 instance", "ExportTaskId": "export-i-fh8sjjsq" } }

The following code example shows how to use create-internet-gateway.

Amazon CLI

To create an internet gateway

The following create-internet-gateway example creates an internet gateway with the tag Name=my-igw.

aws ec2 create-internet-gateway \ --tag-specifications ResourceType=internet-gateway,Tags=[{Key=Name,Value=my-igw}]

Output:

{ "InternetGateway": { "Attachments": [], "InternetGatewayId": "igw-0d0fb496b3994d755", "OwnerId": "123456789012", "Tags": [ { "Key": "Name", "Value": "my-igw" } ] } }

For more information, see Internet gateways in the Amazon VPC User Guide.

The following code example shows how to use create-ipam-pool.

Amazon CLI

To create an IPAM pool

The following create-ipam-pool example creates an IPAM pool.

(Linux):

aws ec2 create-ipam-pool \ --ipam-scope-id ipam-scope-02fc38cd4c48e7d38 \ --address-family ipv4 \ --auto-import \ --allocation-min-netmask-length 16 \ --allocation-max-netmask-length 26 \ --allocation-default-netmask-length 24 \ --allocation-resource-tags "Key=Environment,Value=Preprod" \ --tag-specifications 'ResourceType=ipam-pool,Tags=[{Key=Name,Value="Preprod pool"}]'

(Windows):

aws ec2 create-ipam-pool ^ --ipam-scope-id ipam-scope-02fc38cd4c48e7d38 ^ --address-family ipv4 ^ --auto-import ^ --allocation-min-netmask-length 16 ^ --allocation-max-netmask-length 26 ^ --allocation-default-netmask-length 24 ^ --allocation-resource-tags "Key=Environment,Value=Preprod" ^ --tag-specifications ResourceType=ipam-pool,Tags=[{Key=Name,Value="Preprod pool"}]

Output:

{ "IpamPool": { "OwnerId": "123456789012", "IpamPoolId": "ipam-pool-0533048da7d823723", "IpamPoolArn": "arn:aws:ec2::123456789012:ipam-pool/ipam-pool-0533048da7d823723", "IpamScopeArn": "arn:aws:ec2::123456789012:ipam-scope/ipam-scope-02fc38cd4c48e7d38", "IpamScopeType": "private", "IpamArn": "arn:aws:ec2::123456789012:ipam/ipam-08440e7a3acde3908", "IpamRegion": "us-east-1", "Locale": "None", "PoolDepth": 1, "State": "create-in-progress", "AutoImport": true, "AddressFamily": "ipv4", "AllocationMinNetmaskLength": 16, "AllocationMaxNetmaskLength": 26, "AllocationDefaultNetmaskLength": 24, "AllocationResourceTags": [ { "Key": "Environment", "Value": "Preprod" } ], "Tags": [ { "Key": "Name", "Value": "Preprod pool" } ] } }

For more information, see Plan for IP address provisioning in the Amazon VPC IPAM User Guide.

  • For API details, see CreateIpamPool in Amazon CLI Command Reference.

The following code example shows how to use create-ipam-resource-discovery.

Amazon CLI

To create a resource discovery

In this example, you're a delegated IPAM admin who wants to create and share a resource discovery with the IPAM admin in another Amazon Organization so that the admin in the other organization can manage and monitor the IP addresses of resources in your organization.

Important

This example includes both the --region and --operating-regions options because, while they are optional, they must be configured in a particular way to successfully integrate a resource discovery with an IPAM. * --operating-regions must match the Regions where you have resources that you want IPAM to discover. If there are Regions where you do not want IPAM to manage the IP addresses (for example for compliance reasons), do not include them. * --region must match the home Region of the IPAM you want to associate it with. You must create the resource discovery in the same Region that the IPAM was created in. For example, if the IPAM you are associating with was created in us-east-1, include --region us-east-1 in the request.Both the --region and --operating-regions options default to the Region you're running the command in if you don't specify them.

In this example, the operating Regions of the IPAM we're integrating with include us-west-1, us-west-2, and ap-south-1. When we create the resource discovery, we want IPAM to discover the resource IP addresses in us-west-1 and us-west-2 but not ap-south-1. So we are including only --operating-regions RegionName='us-west-1' RegionName='us-west-2' in the request.

The following create-ipam-resource-discovery example creates an IPAM resource discovery.

aws ec2 create-ipam-resource-discovery \ --description 'Example-resource-discovery' \ --tag-specifications 'ResourceType=ipam-resource-discovery,Tags=[{Key=cost-center,Value=cc123}]' \ --operating-regions RegionName='us-west-1' RegionName='us-west-2' \ --region us-east-1

Output:

{ "IpamResourceDiscovery":{ "OwnerId": "149977607591", "IpamResourceDiscoveryId": "ipam-res-disco-0257046d8aa78b8bc", "IpamResourceDiscoveryArn": "arn:aws:ec2::149977607591:ipam-resource-discovery/ipam-res-disco-0257046d8aa78b8bc", "IpamResourceDiscoveryRegion": "us-east-1", "Description": "'Example-resource-discovery'", "OperatingRegions":[ {"RegionName": "us-west-1"}, {"RegionName": "us-west-2"}, {"RegionName": "us-east-1"} ], "IsDefault": false, "State": "create-in-progress", "Tags": [ { "Key": "cost-center", "Value": "cc123" } ] }

Once you create a resource discovery, you may want to share it with another IPAM delegated admin, which you can do with create-resource-share. For more information, see Integrate IPAM with accounts outside of your organization in the Amazon VPC IPAM User Guide.

The following code example shows how to use create-ipam-scope.

Amazon CLI

To create an IPAM scope

The following create-ipam-scope example creates an IPAM scope.

(Linux):

aws ec2 create-ipam-scope \ --ipam-id ipam-08440e7a3acde3908 \ --description "Example description" \ --tag-specifications 'ResourceType=ipam-scope,Tags=[{Key=Name,Value="Example name value"}]'

(Windows):

aws ec2 create-ipam-scope ^ --ipam-id ipam-08440e7a3acde3908 ^ --description "Example description" ^ --tag-specifications ResourceType=ipam-scope,Tags=[{Key=Name,Value="Example name value"}]

Output:

{ "IpamScope": { "OwnerId": "123456789012", "IpamScopeId": "ipam-scope-01c1ebab2b63bd7e4", "IpamScopeArn": "arn:aws:ec2::123456789012:ipam-scope/ipam-scope-01c1ebab2b63bd7e4", "IpamArn": "arn:aws:ec2::123456789012:ipam/ipam-08440e7a3acde3908", "IpamRegion": "us-east-1", "IpamScopeType": "private", "IsDefault": false, "Description": "Example description", "PoolCount": 0, "State": "create-in-progress", "Tags": [ { "Key": "Name", "Value": "Example name value" } ] } }

For more information, see Create additional scopes in the Amazon VPC IPAM User Guide.

The following code example shows how to use create-ipam.

Amazon CLI

To create an IPAM

The following create-ipam example creates an IPAM.

(Linux):

aws ec2 create-ipam \ --description "Example description" \ --operating-regions "RegionName=us-east-2" "RegionName=us-west-1" \ --tag-specifications 'ResourceType=ipam,Tags=[{Key=Name,Value=ExampleIPAM}]'

(Windows):

aws ec2 create-ipam ^ --description "Example description" ^ --operating-regions "RegionName=us-east-2" "RegionName=us-west-1" ^ --tag-specifications ResourceType=ipam,Tags=[{Key=Name,Value=ExampleIPAM}]

Output:

{ "Ipam": { "OwnerId": "123456789012", "IpamId": "ipam-036486dfa6af58ee0", "IpamArn": "arn:aws:ec2::123456789012:ipam/ipam-036486dfa6af58ee0", "IpamRegion": "us-east-1", "PublicDefaultScopeId": "ipam-scope-071b8042b0195c183", "PrivateDefaultScopeId": "ipam-scope-0807405dece705a30", "ScopeCount": 2, "OperatingRegions": [ { "RegionName": "us-east-2" }, { "RegionName": "us-west-1" }, { "RegionName": "us-east-1" } ], "State": "create-in-progress", "Tags": [ { "Key": "Name", "Value": "ExampleIPAM" } ] } }

For more information, see Create an IPAM in the Amazon VPC IPAM User Guide.

  • For API details, see CreateIpam in Amazon CLI Command Reference.

The following code example shows how to use create-key-pair.

Amazon CLI

To create a key pair

This example creates a key pair named MyKeyPair.

Command:

aws ec2 create-key-pair --key-name MyKeyPair

The output is an ASCII version of the private key and key fingerprint. You need to save the key to a file.

For more information, see Using Key Pairs in the Amazon Command Line Interface User Guide.

  • For API details, see CreateKeyPair in Amazon CLI Command Reference.

The following code example shows how to use create-launch-template-version.

Amazon CLI

To create a launch template version

This example creates a new launch template version based on version 1 of the launch template and specifies a different AMI ID.

Command:

aws ec2 create-launch-template-version --launch-template-id lt-0abcd290751193123 --version-description WebVersion2 --source-version 1 --launch-template-data '{"ImageId":"ami-c998b6b2"}'

Output:

{ "LaunchTemplateVersion": { "VersionDescription": "WebVersion2", "LaunchTemplateId": "lt-0abcd290751193123", "LaunchTemplateName": "WebServers", "VersionNumber": 2, "CreatedBy": "arn:aws:iam::123456789012:root", "LaunchTemplateData": { "ImageId": "ami-c998b6b2", "InstanceType": "t2.micro", "NetworkInterfaces": [ { "Ipv6Addresses": [ { "Ipv6Address": "2001:db8:1234:1a00::123" } ], "DeviceIndex": 0, "SubnetId": "subnet-7b16de0c", "AssociatePublicIpAddress": true } ] }, "DefaultVersion": false, "CreateTime": "2017-12-01T13:35:46.000Z" } }

The following code example shows how to use create-launch-template.

Amazon CLI

Example 1: To create a launch template

The following create-launch-template example creates a launch template that specifies the subnet in which to launch the instance , assigns a public IP address and an IPv6 address to the instance, and creates a tag for the instance.

aws ec2 create-launch-template \ --launch-template-name TemplateForWebServer \ --version-description WebVersion1 \ --launch-template-data '{"NetworkInterfaces":[{"AssociatePublicIpAddress":true,"DeviceIndex":0,"Ipv6AddressCount":1,"SubnetId":"subnet-7b16de0c"}],"ImageId":"ami-8c1be5f6","InstanceType":"t2.small","TagSpecifications":[{"ResourceType":"instance","Tags":[{"Key":"purpose","Value":"webserver"}]}]}'

Output:

{ "LaunchTemplate": { "LatestVersionNumber": 1, "LaunchTemplateId": "lt-01238c059e3466abc", "LaunchTemplateName": "TemplateForWebServer", "DefaultVersionNumber": 1, "CreatedBy": "arn:aws:iam::123456789012:user/Bob", "CreateTime": "2019-01-27T09:13:24.000Z" } }

For more information, see Launching an Instance from a Launch Template in the Amazon Elastic Compute Cloud User Guide. For information about quoting JSON-formatted parameters, see Quoting Strings in the Amazon Command Line Interface User Guide.

Example 2: To create a launch template for Amazon EC2 Auto Scaling

The following create-launch-template example creates a launch template with multiple tags and a block device mapping to specify an additional EBS volume when an instance launches. Specify a value for Groups that corresponds to security groups for the VPC that your Auto Scaling group will launch instances into. Specify the VPC and subnets as properties of the Auto Scaling group.

aws ec2 create-launch-template \ --launch-template-name TemplateForAutoScaling \ --version-description AutoScalingVersion1 \ --launch-template-data '{"NetworkInterfaces":[{"DeviceIndex":0,"AssociatePublicIpAddress":true,"Groups":["sg-7c227019,sg-903004f8"],"DeleteOnTermination":true}],"ImageId":"ami-b42209de","InstanceType":"m4.large","TagSpecifications":[{"ResourceType":"instance","Tags":[{"Key":"environment","Value":"production"},{"Key":"purpose","Value":"webserver"}]},{"ResourceType":"volume","Tags":[{"Key":"environment","Value":"production"},{"Key":"cost-center","Value":"cc123"}]}],"BlockDeviceMappings":[{"DeviceName":"/dev/sda1","Ebs":{"VolumeSize":100}}]}' --region us-east-1

Output:

{ "LaunchTemplate": { "LatestVersionNumber": 1, "LaunchTemplateId": "lt-0123c79c33a54e0abc", "LaunchTemplateName": "TemplateForAutoScaling", "DefaultVersionNumber": 1, "CreatedBy": "arn:aws:iam::123456789012:user/Bob", "CreateTime": "2019-04-30T18:16:06.000Z" } }

For more information, see Creating a Launch Template for an Auto Scaling Group in the Amazon EC2 Auto Scaling User Guide. For information about quoting JSON-formatted parameters, see Quoting Strings in the Amazon Command Line Interface User Guide.

Example 3: To create a launch template that specifies encryption of EBS volumes

The following create-launch-template example creates a launch template that includes encrypted EBS volumes created from an unencrypted snapshot. It also tags the volumes during creation. If encryption by default is disabled, you must specify the "Encrypted" option as shown in the following example. If you use the "KmsKeyId" option to specify a customer managed CMK, you also must specify the "Encrypted" option even if encryption by default is enabled.

aws ec2 create-launch-template \ --launch-template-name TemplateForEncryption \ --launch-template-data file://config.json

Contents of config.json:

{ "BlockDeviceMappings":[ { "DeviceName":"/dev/sda1", "Ebs":{ "VolumeType":"gp2", "DeleteOnTermination":true, "SnapshotId":"snap-066877671789bd71b", "Encrypted":true, "KmsKeyId":"arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef" } } ], "ImageId":"ami-00068cd7555f543d5", "InstanceType":"c5.large", "TagSpecifications":[ { "ResourceType":"volume", "Tags":[ { "Key":"encrypted", "Value":"yes" } ] } ] }

Output:

{ "LaunchTemplate": { "LatestVersionNumber": 1, "LaunchTemplateId": "lt-0d5bd51bcf8530abc", "LaunchTemplateName": "TemplateForEncryption", "DefaultVersionNumber": 1, "CreatedBy": "arn:aws:iam::123456789012:user/Bob", "CreateTime": "2020-01-07T19:08:36.000Z" } }

For more information, see Restoring an Amazon EBS Volume from a Snapshot and Encryption by Default in the Amazon Elastic Compute Cloud User Guide.

The following code example shows how to use create-local-gateway-route-table-virtual-interface-group-association.

Amazon CLI

To associate a local gateway route table with a virtual interfaces (VIFs) group

The following create-local-gateway-route-table-virtual-interface-group-association example creates an association between the specified local gateway route table and VIF group.

aws ec2 create-local-gateway-route-table-virtual-interface-group-association \ --local-gateway-route-table-id lgw-rtb-exampleidabcd1234 \ --local-gateway-virtual-interface-group-id lgw-vif-grp-exampleid0123abcd

Output:

{ "LocalGatewayRouteTableVirtualInterfaceGroupAssociation": { "LocalGatewayRouteTableVirtualInterfaceGroupAssociationId": "lgw-vif-grp-assoc-exampleid12345678", "LocalGatewayVirtualInterfaceGroupId": "lgw-vif-grp-exampleid0123abcd", "LocalGatewayId": "lgw-exampleid11223344", "LocalGatewayRouteTableId": "lgw-rtb-exampleidabcd1234", "LocalGatewayRouteTableArn": "arn:aws:ec2:us-west-2:111122223333:local-gateway-route-table/lgw-rtb-exampleidabcd1234", "OwnerId": "111122223333", "State": "pending", "Tags": [] } }

For more information, see VIF group associations in the Amazon Outposts User Guide.

The following code example shows how to use create-local-gateway-route-table-vpc-association.

Amazon CLI

To associate a VPC with a route table

The following create-local-gateway-route-table-vpc-association example associates the specified VPC with the specified local gateway route table.

aws ec2 create-local-gateway-route-table-vpc-association \ --local-gateway-route-table-id lgw-rtb-059615ef7dEXAMPLE \ --vpc-id vpc-07ef66ac71EXAMPLE

Output:

{ "LocalGatewayRouteTableVpcAssociation": { "LocalGatewayRouteTableVpcAssociationId": "lgw-vpc-assoc-0ee765bcc8EXAMPLE", "LocalGatewayRouteTableId": "lgw-rtb-059615ef7dEXAMPLE", "LocalGatewayId": "lgw-09b493aa7cEXAMPLE", "VpcId": "vpc-07ef66ac71EXAMPLE", "State": "associated" } }

The following code example shows how to use create-local-gateway-route-table.

Amazon CLI

To create a local gateway route table

The following create-local-gateway-route-table example creates a local gateway route table with the direct VPC routing mode.

aws ec2 create-local-gateway-route-table \ --local-gateway-id lgw-1a2b3c4d5e6f7g8h9 \ --mode direct-vpc-routing

Output:

{ "LocalGatewayRouteTable": { "LocalGatewayRouteTableId": "lgw-rtb-abcdefg1234567890", "LocalGatewayRouteTableArn": "arn:aws:ec2:us-west-2:111122223333:local-gateway-route-table/lgw-rtb-abcdefg1234567890", "LocalGatewayId": "lgw-1a2b3c4d5e6f7g8h9", "OutpostArn": "arn:aws:outposts:us-west-2:111122223333:outpost/op-021345abcdef67890", "OwnerId": "111122223333", "State": "pending", "Tags": [], "Mode": "direct-vpc-routing" } }

For more information, see Local gateway route tables in the Amazon Outposts User Guide.

The following code example shows how to use create-local-gateway-route.

Amazon CLI

To create a static route for a local gateway route table

The following create-local-gateway-route example creates the specified route in the specified local gateway route table.

aws ec2 create-local-gateway-route \ --destination-cidr-block 0.0.0.0/0 \ --local-gateway-route-table-id lgw-rtb-059615ef7dEXAMPLE

Output:

{ "Route": { "DestinationCidrBlock": "0.0.0.0/0", "LocalGatewayVirtualInterfaceGroupId": "lgw-vif-grp-07145b276bEXAMPLE", "Type": "static", "State": "deleted", "LocalGatewayRouteTableId": "lgw-rtb-059615ef7dEXAMPLE" } }

The following code example shows how to use create-managed-prefix-list.

Amazon CLI

To create a prefix list

The following create-managed-prefix-list example creates an IPv4 prefix list with a maximum of 10 entries, and creates 2 entries in the prefix list.

aws ec2 create-managed-prefix-list \ --address-family IPv4 \ --max-entries 10 \ --entries Cidr=10.0.0.0/16,Description=vpc-a Cidr=10.2.0.0/16,Description=vpc-b \ --prefix-list-name vpc-cidrs

Output:

{ "PrefixList": { "PrefixListId": "pl-0123456abcabcabc1", "AddressFamily": "IPv4", "State": "create-in-progress", "PrefixListArn": "arn:aws:ec2:us-west-2:123456789012:prefix-list/pl-0123456abcabcabc1", "PrefixListName": "vpc-cidrs", "MaxEntries": 10, "Version": 1, "Tags": [], "OwnerId": "123456789012" } }

For more information, see Managed prefix lists in the Amazon VPC User Guide.

The following code example shows how to use create-nat-gateway.

Amazon CLI

Example 1: To create a public NAT gateway

The following create-nat-gateway example creates a public NAT gateway in the specified subnet and associates the Elastic IP address with the specified allocation ID. When you create a public NAT gateway, you must associate an Elastic IP address.

aws ec2 create-nat-gateway \ --subnet-id subnet-0250c25a1fEXAMPLE \ --allocation-id eipalloc-09ad461b0dEXAMPLE

Output:

{ "NatGateway": { "CreateTime": "2021-12-01T22:22:38.000Z", "NatGatewayAddresses": [ { "AllocationId": "eipalloc-09ad461b0dEXAMPLE" } ], "NatGatewayId": "nat-0c61bf8a12EXAMPLE", "State": "pending", "SubnetId": "subnet-0250c25a1fEXAMPLE", "VpcId": "vpc-0a60eb65b4EXAMPLE", "ConnectivityType": "public" } }

For more information, see NAT gateways in the Amazon VPC User Guide.

Example 2: To create a private NAT gateway

The following create-nat-gateway example creates a private NAT gateway in the specified subnet. A private NAT gateway does not have an associated Elastic IP address.

aws ec2 create-nat-gateway \ --subnet-id subnet-0250c25a1fEXAMPLE \ --connectivity-type private

Output:

{ "NatGateway": { "CreateTime": "2021-12-01T22:26:00.000Z", "NatGatewayAddresses": [ {} ], "NatGatewayId": "nat-011b568379EXAMPLE", "State": "pending", "SubnetId": "subnet-0250c25a1fEXAMPLE", "VpcId": "vpc-0a60eb65b4EXAMPLE", "ConnectivityType": "private" } }

For more information, see NAT gateways in the Amazon VPC User Guide.

The following code example shows how to use create-network-acl-entry.

Amazon CLI

To create a network ACL entry

This example creates an entry for the specified network ACL. The rule allows ingress traffic from any IPv4 address (0.0.0.0/0) on UDP port 53 (DNS) into any associated subnet. If the command succeeds, no output is returned.

Command:

aws ec2 create-network-acl-entry --network-acl-id acl-5fb85d36 --ingress --rule-number 100 --protocol udp --port-range From=53,To=53 --cidr-block 0.0.0.0/0 --rule-action allow

This example creates a rule for the specified network ACL that allows ingress traffic from any IPv6 address (::/0) on TCP port 80 (HTTP).

Command:

aws ec2 create-network-acl-entry --network-acl-id acl-5fb85d36 --ingress --rule-number 120 --protocol tcp --port-range From=80,To=80 --ipv6-cidr-block ::/0 --rule-action allow

The following code example shows how to use create-network-acl.

Amazon CLI

To create a network ACL

This example creates a network ACL for the specified VPC.

Command:

aws ec2 create-network-acl --vpc-id vpc-a01106c2

Output:

{ "NetworkAcl": { "Associations": [], "NetworkAclId": "acl-5fb85d36", "VpcId": "vpc-a01106c2", "Tags": [], "Entries": [ { "CidrBlock": "0.0.0.0/0", "RuleNumber": 32767, "Protocol": "-1", "Egress": true, "RuleAction": "deny" }, { "CidrBlock": "0.0.0.0/0", "RuleNumber": 32767, "Protocol": "-1", "Egress": false, "RuleAction": "deny" } ], "IsDefault": false } }

The following code example shows how to use create-network-insights-access-scope.

Amazon CLI

To create a Network Access Scope

The following create-network-insights-access-scope example creates a Network Access Scope.

aws ec2 create-network-insights-access-scope \ --cli-input-json file://access-scope-file.json

Contents of access-scope-file.json:

{ "MatchPaths": [ { "Source": { "ResourceStatement": { "Resources": [ "vpc-abcd12e3" ] } } } ], "ExcludePaths": [ { "Source": { "ResourceStatement": { "ResourceTypes": [ "AWS::EC2::InternetGateway" ] } } } ] }

Output:

{ "NetworkInsightsAccessScope": { "NetworkInsightsAccessScopeId": "nis-123456789abc01234", "NetworkInsightsAccessScopeArn": "arn:aws:ec2:us-east-1:123456789012:network-insights-access-scope/nis-123456789abc01234", "CreatedDate": "2022-01-25T19:20:28.796000+00:00", "UpdatedDate": "2022-01-25T19:20:28.797000+00:00" }, "NetworkInsightsAccessScopeContent": { "NetworkInsightsAccessScopeId": "nis-123456789abc01234", "MatchPaths": [ { "Source": { "ResourceStatement": { "Resources": [ "vpc-abcd12e3" ] } } } ], "ExcludePaths": [ { "Source": { "ResourceStatement": { "ResourceTypes": [ "AWS::EC2::InternetGateway" ] } } } ] } }

For more information, see Getting started with Network Access Analyzer using the Amazon CLI in the Network Access Analyzer Guide.

The following code example shows how to use create-network-insights-path.

Amazon CLI

To create a path

The following create-network-insights-path example creates a path. The source is the specified internet gateway and the destination is the specified EC2 instance. To determine whether the destination is reachable using the specified protocol and port, analyze the path using the start-network-insights-analysis command.

aws ec2 create-network-insights-path \ --source igw-0797cccdc9d73b0e5 \ --destination i-0495d385ad28331c7 \ --destination-port 22 \ --protocol TCP

Output:

{ "NetworkInsightsPaths": { "NetworkInsightsPathId": "nip-0b26f224f1d131fa8", "NetworkInsightsPathArn": "arn:aws:ec2:us-east-1:123456789012:network-insights-path/nip-0b26f224f1d131fa8", "CreatedDate": "2021-01-20T22:43:46.933Z", "Source": "igw-0797cccdc9d73b0e5", "Destination": "i-0495d385ad28331c7", "Protocol": "tcp" } }

For more information, see Getting started using the Amazon CLI in the Reachability Analyzer Guide.

The following code example shows how to use create-network-interface-permission.

Amazon CLI

To create a network interface permission

This example grants permission to account 123456789012 to attach network interface eni-1a2b3c4d to an instance.

Command:

aws ec2 create-network-interface-permission --network-interface-id eni-1a2b3c4d --aws-account-id 123456789012 --permission INSTANCE-ATTACH

Output:

{ "InterfacePermission": { "PermissionState": { "State": "GRANTED" }, "NetworkInterfacePermissionId": "eni-perm-06fd19020ede149ea", "NetworkInterfaceId": "eni-1a2b3c4d", "Permission": "INSTANCE-ATTACH", "AwsAccountId": "123456789012" } }

The following code example shows how to use create-network-interface.

Amazon CLI

Example 1: To specify an IPv4 address for a network interface

The following create-network-interface example creates a network interface for the specified subnet with the specified primary IPv4 address.

aws ec2 create-network-interface \ --subnet-id subnet-00a24d0d67acf6333 \ --description "my network interface" \ --groups sg-09dfba7ed20cda78b \ --private-ip-address 10.0.8.17

Output:

{ "NetworkInterface": { "AvailabilityZone": "us-west-2a", "Description": "my network interface", "Groups": [ { "GroupName": "my-security-group", "GroupId": "sg-09dfba7ed20cda78b" } ], "InterfaceType": "interface", "Ipv6Addresses": [], "MacAddress": "06:6a:0f:9a:49:37", "NetworkInterfaceId": "eni-0492b355f0cf3b3f8", "OwnerId": "123456789012", "PrivateDnsName": "ip-10-0-8-18.us-west-2.compute.internal", "PrivateIpAddress": "10.0.8.17", "PrivateIpAddresses": [ { "Primary": true, "PrivateDnsName": "ip-10-0-8-17.us-west-2.compute.internal", "PrivateIpAddress": "10.0.8.17" } ], "RequesterId": "AIDA4Z3Y7GSXTMEXAMPLE", "RequesterManaged": false, "SourceDestCheck": true, "Status": "pending", "SubnetId": "subnet-00a24d0d67acf6333", "TagSet": [], "VpcId": "vpc-02723a0feeeb9d57b" } }

Example 2: To create a network interface with an IPv4 address and an IPv6 address

The following create-network-interface example creates a network interface for the specified subnet with an IPv4 address and an IPv6 address that are selected by Amazon EC2.

aws ec2 create-network-interface \ --subnet-id subnet-00a24d0d67acf6333 \ --description "my dual stack network interface" \ --ipv6-address-count 1 \ --groups sg-09dfba7ed20cda78b

Output:

{ "NetworkInterface": { "AvailabilityZone": "us-west-2a", "Description": "my dual stack network interface", "Groups": [ { "GroupName": "my-security-group", "GroupId": "sg-09dfba7ed20cda78b" } ], "InterfaceType": "interface", "Ipv6Addresses": [ { "Ipv6Address": "2600:1f13:cfe:3650:a1dc:237c:393a:4ba7", "IsPrimaryIpv6": false } ], "MacAddress": "06:b8:68:d2:b2:2d", "NetworkInterfaceId": "eni-05da417453f9a84bf", "OwnerId": "123456789012", "PrivateDnsName": "ip-10-0-8-18.us-west-2.compute.internal", "PrivateIpAddress": "10.0.8.18", "PrivateIpAddresses": [ { "Primary": true, "PrivateDnsName": "ip-10-0-8-18.us-west-2.compute.internal", "PrivateIpAddress": "10.0.8.18" } ], "RequesterId": "AIDA4Z3Y7GSXTMEXAMPLE", "RequesterManaged": false, "SourceDestCheck": true, "Status": "pending", "SubnetId": "subnet-00a24d0d67acf6333", "TagSet": [], "VpcId": "vpc-02723a0feeeb9d57b", "Ipv6Address": "2600:1f13:cfe:3650:a1dc:237c:393a:4ba7" } }

Example 3: To create a network interface with connection tracking configuration options

The following create-network-interface example creates a network interface and configures the idle connection tracking timeouts.

aws ec2 create-network-interface \ --subnet-id subnet-00a24d0d67acf6333 \ --groups sg-02e57dbcfe0331c1b \ --connection-tracking-specification TcpEstablishedTimeout=86400,UdpTimeout=60

Output:

{ "NetworkInterface": { "AvailabilityZone": "us-west-2a", "ConnectionTrackingConfiguration": { "TcpEstablishedTimeout": 86400, "UdpTimeout": 60 }, "Description": "", "Groups": [ { "GroupName": "my-security-group", "GroupId": "sg-02e57dbcfe0331c1b" } ], "InterfaceType": "interface", "Ipv6Addresses": [], "MacAddress": "06:4c:53:de:6d:91", "NetworkInterfaceId": "eni-0c133586e08903d0b", "OwnerId": "123456789012", "PrivateDnsName": "ip-10-0-8-94.us-west-2.compute.internal", "PrivateIpAddress": "10.0.8.94", "PrivateIpAddresses": [ { "Primary": true, "PrivateDnsName": "ip-10-0-8-94.us-west-2.compute.internal", "PrivateIpAddress": "10.0.8.94" } ], "RequesterId": "AIDA4Z3Y7GSXTMEXAMPLE", "RequesterManaged": false, "SourceDestCheck": true, "Status": "pending", "SubnetId": "subnet-00a24d0d67acf6333", "TagSet": [], "VpcId": "vpc-02723a0feeeb9d57b" } }

Example 4: To create an Elastic Fabric Adapter

The following create-network-interface example creates an EFA.

aws ec2 create-network-interface \ --interface-type efa \ --subnet-id subnet-00a24d0d67acf6333 \ --description "my efa" \ --groups sg-02e57dbcfe0331c1b

Output:

{ "NetworkInterface": { "AvailabilityZone": "us-west-2a", "Description": "my efa", "Groups": [ { "GroupName": "my-efa-sg", "GroupId": "sg-02e57dbcfe0331c1b" } ], "InterfaceType": "efa", "Ipv6Addresses": [], "MacAddress": "06:d7:a4:f7:4d:57", "NetworkInterfaceId": "eni-034acc2885e862b65", "OwnerId": "123456789012", "PrivateDnsName": "ip-10-0-8-180.us-west-2.compute.internal", "PrivateIpAddress": "10.0.8.180", "PrivateIpAddresses": [ { "Primary": true, "PrivateDnsName": "ip-10-0-8-180.us-west-2.compute.internal", "PrivateIpAddress": "10.0.8.180" } ], "RequesterId": "AIDA4Z3Y7GSXTMEXAMPLE", "RequesterManaged": false, "SourceDestCheck": true, "Status": "pending", "SubnetId": "subnet-00a24d0d67acf6333", "TagSet": [], "VpcId": "vpc-02723a0feeeb9d57b" } }

For more information, see Elastic network interfaces in the Amazon EC2 User Guide.

The following code example shows how to use create-placement-group.

Amazon CLI

To create a placement group

This example command creates a placement group with the specified name.

Command:

aws ec2 create-placement-group --group-name my-cluster --strategy cluster

To create a partition placement group

This example command creates a partition placement group named HDFS-Group-A with five partitions.

Command:

aws ec2 create-placement-group --group-name HDFS-Group-A --strategy partition --partition-count 5

The following code example shows how to use create-replace-root-volume-task.

Amazon CLI

Example 1: To restore a root volume to its initial launch state

The following create-replace-root-volume-task example restores the root volume of instance i-0123456789abcdefa to its initial launch state.

aws ec2 create-replace-root-volume-task \ --instance-id i-0123456789abcdefa

Output:

{ "ReplaceRootVolumeTask": { "InstanceId": "i-0123456789abcdefa", "ReplaceRootVolumeTaskId": "replacevol-0111122223333abcd", "TaskState": "pending", "StartTime": "2022-03-14T15:06:38Z", "Tags": [] } }

For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.

Example 2: To restore a root volume to a specific snapshot

The following create-replace-root-volume-task example restores the root volume of instance i-0123456789abcdefa to snapshot snap-0abcdef1234567890.

aws ec2 create-replace-root-volume-task \ --instance-id i-0123456789abcdefa \ --snapshot-id snap-0abcdef1234567890

Output:

{ "ReplaceRootVolumeTask": { "InstanceId": "i-0123456789abcdefa", "ReplaceRootVolumeTaskId": "replacevol-0555566667777abcd", "TaskState": "pending", "StartTime": "2022-03-14T15:16:28Z", "Tags": [] } }

For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.

The following code example shows how to use create-reserved-instances-listing.

Amazon CLI

To list a Reserved Instance in the Reserved Instance Marketplace

The following create-reserved-instances-listing example creates a listing for the specified Reserved Instance in the Reserved Instance Marketplace.

aws ec2 create-reserved-instances-listing \ --reserved-instances-id 5ec28771-05ff-4b9b-aa31-9e57dexample \ --instance-count 3 \ --price-schedules CurrencyCode=USD,Price=25.50 \ --client-token 550e8400-e29b-41d4-a716-446655440000

The following code example shows how to use create-restore-image-task.

Amazon CLI

To restore an AMI from an S3 bucket

The following create-restore-image-task example restores an AMI from an S3 bucket. Use the values for S3ObjectKey `` and ``Bucket from the describe-store-image-tasks output, specify the object key of the AMI and the name of the S3 bucket to which the AMI was copied, and specify the name for the restored AMI. The name must be unique for AMIs in the Region for this account. The restored AMI will receive a new AMI ID.

aws ec2 create-restore-image-task \ --object-key ami-1234567890abcdef0.bin \ --bucket my-ami-bucket \ --name "New AMI Name"

Output:

{ "ImageId": "ami-0eab20fe36f83e1a8" }

For more information about storing and restoring an AMI using S3, see Store and restore an AMI using S3 <https://docs.aws.amazon.com/AmazonEC2/latest/UserGuide/ami-store-restore.html> in the Amazon EC2 User Guide.

The following code example shows how to use create-route-table.

Amazon CLI

To create a route table

This example creates a route table for the specified VPC.

Command:

aws ec2 create-route-table --vpc-id vpc-a01106c2

Output:

{ "RouteTable": { "Associations": [], "RouteTableId": "rtb-22574640", "VpcId": "vpc-a01106c2", "PropagatingVgws": [], "Tags": [], "Routes": [ { "GatewayId": "local", "DestinationCidrBlock": "10.0.0.0/16", "State": "active" } ] } }

The following code example shows how to use create-route.

Amazon CLI

To create a route

This example creates a route for the specified route table. The route matches all IPv4 traffic (0.0.0.0/0) and routes it to the specified Internet gateway. If the command succeeds, no output is returned.

Command:

aws ec2 create-route --route-table-id rtb-22574640 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-c0a643a9

This example command creates a route in route table rtb-g8ff4ea2. The route matches traffic for the IPv4 CIDR block 10.0.0.0/16 and routes it to VPC peering connection, pcx-111aaa22. This route enables traffic to be directed to the peer VPC in the VPC peering connection. If the command succeeds, no output is returned.

Command:

aws ec2 create-route --route-table-id rtb-g8ff4ea2 --destination-cidr-block 10.0.0.0/16 --vpc-peering-connection-id pcx-1a2b3c4d

This example creates a route in the specified route table that matches all IPv6 traffic (::/0) and routes it to the specified egress-only Internet gateway.

Command:

aws ec2 create-route --route-table-id rtb-dce620b8 --destination-ipv6-cidr-block ::/0 --egress-only-internet-gateway-id eigw-01eadbd45ecd7943f
  • For API details, see CreateRoute in Amazon CLI Command Reference.

The following code example shows how to use create-security-group.

Amazon CLI

To create a security group for EC2-Classic

This example creates a security group named MySecurityGroup.

Command:

aws ec2 create-security-group --group-name MySecurityGroup --description "My security group"

Output:

{ "GroupId": "sg-903004f8" }

To create a security group for EC2-VPC

This example creates a security group named MySecurityGroup for the specified VPC.

Command:

aws ec2 create-security-group --group-name MySecurityGroup --description "My security group" --vpc-id vpc-1a2b3c4d

Output:

{ "GroupId": "sg-903004f8" }

For more information, see Using Security Groups in the Amazon Command Line Interface User Guide.

The following code example shows how to use create-snapshot.

Amazon CLI

To create a snapshot

This example command creates a snapshot of the volume with a volume ID of vol-1234567890abcdef0 and a short description to identify the snapshot.

Command:

aws ec2 create-snapshot --volume-id vol-1234567890abcdef0 --description "This is my root volume snapshot"

Output:

{ "Description": "This is my root volume snapshot", "Tags": [], "Encrypted": false, "VolumeId": "vol-1234567890abcdef0", "State": "pending", "VolumeSize": 8, "StartTime": "2018-02-28T21:06:01.000Z", "Progress": "", "OwnerId": "012345678910", "SnapshotId": "snap-066877671789bd71b" }

To create a snapshot with tags

This example command creates a snapshot and applies two tags: purpose=prod and costcenter=123.

Command:

aws ec2 create-snapshot --volume-id vol-1234567890abcdef0 --description 'Prod backup' --tag-specifications 'ResourceType=snapshot,Tags=[{Key=purpose,Value=prod},{Key=costcenter,Value=123}]'

Output:

{ "Description": "Prod backup", "Tags": [ { "Value": "prod", "Key": "purpose" }, { "Value": "123", "Key": "costcenter" } ], "Encrypted": false, "VolumeId": "vol-1234567890abcdef0", "State": "pending", "VolumeSize": 8, "StartTime": "2018-02-28T21:06:06.000Z", "Progress": "", "OwnerId": "012345678910", "SnapshotId": "snap-09ed24a70bc19bbe4" }
  • For API details, see CreateSnapshot in Amazon CLI Command Reference.

The following code example shows how to use create-snapshots.

Amazon CLI

Example 1: To create a multi-volume snapshot

The following create-snapshots example creates snapshots of all volumes attached to the specified instance.

aws ec2 create-snapshots \ --instance-specification InstanceId=i-1234567890abcdef0 \ --description "This is snapshot of a volume from my-instance"

Output:

{ "Snapshots": [ { "Description": "This is a snapshot of a volume from my-instance", "Tags": [], "Encrypted": false, "VolumeId": "vol-0a01d2d5a34697479", "State": "pending", "VolumeSize": 16, "StartTime": "2019-08-05T16:58:19.000Z", "Progress": "", "OwnerId": "123456789012", "SnapshotId": "snap-07f30e3909aa0045e" }, { "Description": "This is a snapshot of a volume from my-instance", "Tags": [], "Encrypted": false, "VolumeId": "vol-02d0d4947008cb1a2", "State": "pending", "VolumeSize": 20, "StartTime": "2019-08-05T16:58:19.000Z", "Progress": "", "OwnerId": "123456789012", "SnapshotId": "snap-0ec20b602264aad48" }, ... ] }

Example 2: To create a multi-volume snapshot with tags from the source volume

The following create-snapshots example creates snapshots of all volumes attached to the specified instance and copies the tags from each volume to its corresponding snapshot.

aws ec2 create-snapshots \ --instance-specification InstanceId=i-1234567890abcdef0 \ --copy-tags-from-source volume \ --description "This is snapshot of a volume from my-instance"

Output:

{ "Snapshots": [ { "Description": "This is a snapshot of a volume from my-instance", "Tags": [ { "Key": "Name", "Value": "my-volume" } ], "Encrypted": false, "VolumeId": "vol-02d0d4947008cb1a2", "State": "pending", "VolumeSize": 20, "StartTime": "2019-08-05T16:53:04.000Z", "Progress": "", "OwnerId": "123456789012", "SnapshotId": "snap-053bfaeb821a458dd" } ... ] }

Example 3: To create a multi-volume snapshot not including the root volume

The following create-snapshots example creates a snapshot of all volumes attached to the specified instance except for the root volume.

aws ec2 create-snapshots \ --instance-specification InstanceId=i-1234567890abcdef0,ExcludeBootVolume=true

See example 1 for sample output.

Example 4: To create a multi-volume snapshot and add tags

The following create-snapshots example creates snapshots of all volumes attached to the specified instance and adds two tags to each snapshot.

aws ec2 create-snapshots \ --instance-specification InstanceId=i-1234567890abcdef0 \ --tag-specifications 'ResourceType=snapshot,Tags=[{Key=Name,Value=backup},{Key=costcenter,Value=123}]'

See example 1 for sample output.

The following code example shows how to use create-spot-datafeed-subscription.

Amazon CLI

To create a Spot Instance data feed

The following create-spot-datafeed-subscription example creates a Spot Instance data feed.

aws ec2 create-spot-datafeed-subscription \ --bucket my-bucket \ --prefix spot-data-feed

Output:

{ "SpotDatafeedSubscription": { "Bucket": "my-bucket", "OwnerId": "123456789012", "Prefix": "spot-data-feed", "State": "Active" } }

The data feed is stored in the Amazon S3 bucket that you specified. The file names for this data feed have the following format.

my-bucket.s3.amazonaws.com/spot-data-feed/123456789012.YYYY-MM-DD-HH.n.abcd1234.gz

For more information, see Spot Instance data feed in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

The following code example shows how to use create-store-image-task.

Amazon CLI

To store an AMI in an S3 bucket

The following create-store-image-task example stores an AMI in an S3 bucket. Specify the ID of the AMI and the name of the S3 bucket in which to store the AMI.

aws ec2 create-store-image-task \ --image-id ami-1234567890abcdef0 \ --bucket my-ami-bucket

Output:

{ "ObjectKey": "ami-1234567890abcdef0.bin" }

For more information, see Store and restore an AMI using S3 in the Amazon EC2 User Guide.

The following code example shows how to use create-subnet-cidr-reservation.

Amazon CLI

To create a subnet CIDR reservation

The following create-subnet-cidr-reservation example creates a subnet CIDR reservation for the specified subnet and CIDR range.

aws ec2 create-subnet-cidr-reservation \ --subnet-id subnet-03c51e2eEXAMPLE \ --reservation-type prefix \ --cidr 10.1.0.20/26

Output:

{ "SubnetCidrReservation": { "SubnetCidrReservationId": "scr-044f977c4eEXAMPLE", "SubnetId": "subnet-03c51e2e6cEXAMPLE", "Cidr": "10.1.0.16/28", "ReservationType": "prefix", "OwnerId": "123456789012" } }

For more information, see Subnet CIDR reservations in the Amazon VPC User Guide.

The following code example shows how to use create-subnet.

Amazon CLI

Example 1: To create a subnet with an IPv4 CIDR block only

The following create-subnet example creates a subnet in the specified VPC with the specified IPv4 CIDR block.

aws ec2 create-subnet \ --vpc-id vpc-081ec835f3EXAMPLE \ --cidr-block 10.0.0.0/24 \ --tag-specifications ResourceType=subnet,Tags=[{Key=Name,Value=my-ipv4-only-subnet}]

Output:

{ "Subnet": { "AvailabilityZone": "us-west-2a", "AvailabilityZoneId": "usw2-az2", "AvailableIpAddressCount": 251, "CidrBlock": "10.0.0.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "State": "available", "SubnetId": "subnet-0e99b93155EXAMPLE", "VpcId": "vpc-081ec835f3EXAMPLE", "OwnerId": "123456789012", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [], "Tags": [ { "Key": "Name", "Value": "my-ipv4-only-subnet" } ], "SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-0e99b93155EXAMPLE" } }

Example 2: To create a subnet with both IPv4 and IPv6 CIDR blocks

The following create-subnet example creates a subnet in the specified VPC with the specified IPv4 and IPv6 CIDR blocks.

aws ec2 create-subnet \ --vpc-id vpc-081ec835f3EXAMPLE \ --cidr-block 10.0.0.0/24 \ --ipv6-cidr-block 2600:1f16:cfe:3660::/64 \ --tag-specifications ResourceType=subnet,Tags=[{Key=Name,Value=my-ipv4-ipv6-subnet}]

Output:

{ "Subnet": { "AvailabilityZone": "us-west-2a", "AvailabilityZoneId": "usw2-az2", "AvailableIpAddressCount": 251, "CidrBlock": "10.0.0.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "State": "available", "SubnetId": "subnet-0736441d38EXAMPLE", "VpcId": "vpc-081ec835f3EXAMPLE", "OwnerId": "123456789012", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "subnet-cidr-assoc-06c5f904499fcc623", "Ipv6CidrBlock": "2600:1f13:cfe:3660::/64", "Ipv6CidrBlockState": { "State": "associating" } } ], "Tags": [ { "Key": "Name", "Value": "my-ipv4-ipv6-subnet" } ], "SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-0736441d38EXAMPLE" } }

Example 3: To create a subnet with an IPv6 CIDR block only

The following create-subnet example creates a subnet in the specified VPC with the specified IPv6 CIDR block.

aws ec2 create-subnet \ --vpc-id vpc-081ec835f3EXAMPLE \ --ipv6-native \ --ipv6-cidr-block 2600:1f16:115:200::/64 \ --tag-specifications ResourceType=subnet,Tags=[{Key=Name,Value=my-ipv6-only-subnet}]

Output:

{ "Subnet": { "AvailabilityZone": "us-west-2a", "AvailabilityZoneId": "usw2-az2", "AvailableIpAddressCount": 0, "DefaultForAz": false, "MapPublicIpOnLaunch": false, "State": "available", "SubnetId": "subnet-03f720e7deEXAMPLE", "VpcId": "vpc-081ec835f3EXAMPLE", "OwnerId": "123456789012", "AssignIpv6AddressOnCreation": true, "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "subnet-cidr-assoc-01ef639edde556709", "Ipv6CidrBlock": "2600:1f13:cfe:3660::/64", "Ipv6CidrBlockState": { "State": "associating" } } ], "Tags": [ { "Key": "Name", "Value": "my-ipv6-only-subnet" } ], "SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-03f720e7deEXAMPLE" } }

For more information, see VPCs and subnets in the Amazon VPC User Guide.

  • For API details, see CreateSubnet in Amazon CLI Command Reference.

The following code example shows how to use create-tags.

Amazon CLI

Example 1: To add a tag to a resource

The following create-tags example adds the tag Stack=production to the specified image, or overwrites an existing tag for the AMI where the tag key is Stack.

aws ec2 create-tags \ --resources ami-1234567890abcdef0 \ --tags Key=Stack,Value=production

For more information, see This is the topic title in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

Example 2: To add tags to multiple resources

The following create-tags example adds (or overwrites) two tags for an AMI and an instance. One of the tags has a key (webserver) but no value (value is set to an empty string). The other tag has a key (stack) and a value (Production).

aws ec2 create-tags \ --resources ami-1a2b3c4d i-1234567890abcdef0 \ --tags Key=webserver,Value= Key=stack,Value=Production

For more information, see This is the topic title in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

Example 3: To add tags containing special characters

The following create-tags example adds the tag [Group]=test for an instance. The square brackets ([ and ]) are special characters, and must be escaped. The following examples also use the line continuation character appropriate for each environment.

If you are using Windows, surround the element that has special characters with double quotes ("), and then precede each double quote character with a backslash (\) as follows:

aws ec2 create-tags ^ --resources i-1234567890abcdef0 ^ --tags Key=\"[Group]\",Value=test

If you are using Windows PowerShell, surround the element the value that has special characters with double quotes ("), precede each double quote character with a backslash (\), and then surround the entire key and value structure with single quotes (') as follows:

aws ec2 create-tags ` --resources i-1234567890abcdef0 ` --tags 'Key=\"[Group]\",Value=test'

If you are using Linux or OS X, surround the element that has special characters with double quotes ("), and then surround the entire key and value structure with single quotes (') as follows:

aws ec2 create-tags \ --resources i-1234567890abcdef0 \ --tags 'Key="[Group]",Value=test'

For more information, see This is the topic title in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

  • For API details, see CreateTags in Amazon CLI Command Reference.

The following code example shows how to use create-traffic-mirror-filter-rule.

Amazon CLI

To create a filter rule for incoming TCP traffic

The following create-traffic-mirror-filter-rule example creates a rule that you can use to mirror all incoming TCP traffic. Before you run this command, use create-traffic-mirror-filter to create the the Traffic Mirror filter.

aws ec2 create-traffic-mirror-filter-rule \ --description "TCP Rule" \ --destination-cidr-block 0.0.0.0/0 \ --protocol 6 \ --rule-action accept \ --rule-number 1 \ --source-cidr-block 0.0.0.0/0 \ --traffic-direction ingress \ --traffic-mirror-filter-id tmf-04812ff784b25ae67

Output:

{ "TrafficMirrorFilterRule": { "DestinationCidrBlock": "0.0.0.0/0", "TrafficMirrorFilterId": "tmf-04812ff784b25ae67", "TrafficMirrorFilterRuleId": "tmfr-02d20d996673f3732", "SourceCidrBlock": "0.0.0.0/0", "TrafficDirection": "ingress", "Description": "TCP Rule", "RuleNumber": 1, "RuleAction": "accept", "Protocol": 6 }, "ClientToken": "4752b573-40a6-4eac-a8a4-a72058761219" }

For more information, see Create a Traffic Mirror Filter in the Amazon Traffic Mirroring Guide.

The following code example shows how to use create-traffic-mirror-filter.

Amazon CLI

To create a Traffic Mirror Filter

The following create-traffic-mirror-filter example creates a Traffic Mirror filter. After you create the filter, use create-traffic-mirror-filter-rule to add rules to the filter.

aws ec2 create-traffic-mirror-filter \ --description "TCP Filter"

Output:

{ "ClientToken": "28908518-100b-4987-8233-8c744EXAMPLE", "TrafficMirrorFilter": { "TrafficMirrorFilterId": "tmf-04812ff784EXAMPLE", "Description": "TCP Filter", "EgressFilterRules": [], "IngressFilterRules": [], "Tags": [], "NetworkServices": [] } }

For more information, see Create a Traffic Mirror Filter in the Amazon Traffic Mirroring Guide.

The following code example shows how to use create-traffic-mirror-session.

Amazon CLI

To create a Traffic Mirror Session

The following create-traffic-mirror-session command creates a traffic mirror sessions for the specified source and target for 25 bytes of the packet.

aws ec2 create-traffic-mirror-session \ --description "example session" \ --traffic-mirror-target-id tmt-07f75d8feeEXAMPLE \ --network-interface-id eni-070203f901EXAMPLE \ --session-number 1 \ --packet-length 25 \ --traffic-mirror-filter-id tmf-04812ff784EXAMPLE

Output:

{ "TrafficMirrorSession": { "TrafficMirrorSessionId": "tms-08a33b1214EXAMPLE", "TrafficMirrorTargetId": "tmt-07f75d8feeEXAMPLE", "TrafficMirrorFilterId": "tmf-04812ff784EXAMPLE", "NetworkInterfaceId": "eni-070203f901EXAMPLE", "OwnerId": "111122223333", "PacketLength": 25, "SessionNumber": 1, "VirtualNetworkId": 7159709, "Description": "example session", "Tags": [] }, "ClientToken": "5236cffc-ee13-4a32-bb5b-388d9da09d96" }

For more information, see Create a Traffic Mirror Session in the Amazon Traffic Mirroring Guide.

The following code example shows how to use create-traffic-mirror-target.

Amazon CLI

To create a a Network Load Balancer Traffic Mirror target

The following create-traffic-mirror-target example creates a Network Load Balancer Traffic Mirror target.

aws ec2 create-traffic-mirror-target \ --description "Example Network Load Balancer Target" \ --network-load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:111122223333:loadbalancer/net/NLB/7cdec873EXAMPLE

Output:

{ "TrafficMirrorTarget": { "Type": "network-load-balancer", "Tags": [], "Description": "Example Network Load Balancer Target", "OwnerId": "111122223333", "NetworkLoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:724145273726:loadbalancer/net/NLB/7cdec873EXAMPLE", "TrafficMirrorTargetId": "tmt-0dabe9b0a6EXAMPLE" }, "ClientToken": "d5c090f5-8a0f-49c7-8281-72c796a21f72" }

To create a network Traffic Mirror target

The following create-traffic-mirror-target example creates a network interface Traffic Mirror target.

aws ec2 create-traffic-mirror-target --description "Network interface target" --network-interface-id eni-eni-01f6f631eEXAMPLE

Output:

{ "ClientToken": "5289a345-0358-4e62-93d5-47ef3061d65e", "TrafficMirrorTarget": { "Description": "Network interface target", "NetworkInterfaceId": "eni-01f6f631eEXAMPLE", "TrafficMirrorTargetId": "tmt-02dcdbe2abEXAMPLE", "OwnerId": "111122223333", "Type": "network-interface", "Tags": [] } }

For more information, see Create a Traffic Mirror Target in the Amazon Traffic Mirroring Guide.

The following code example shows how to use create-transit-gateway-connect-peer.

Amazon CLI

To create a Transit Gateway Connect peer

The following create-transit-gateway-connect-peer example creates a Connect peer.

aws ec2 create-transit-gateway-connect-peer \ --transit-gateway-attachment-id tgw-attach-0f0927767cEXAMPLE \ --peer-address 172.31.1.11 \ --inside-cidr-blocks 169.254.6.0/29

Output:

{ "TransitGatewayConnectPeer": { "TransitGatewayAttachmentId": "tgw-attach-0f0927767cEXAMPLE", "TransitGatewayConnectPeerId": "tgw-connect-peer-0666adbac4EXAMPLE", "State": "pending", "CreationTime": "2021-10-13T03:35:17.000Z", "ConnectPeerConfiguration": { "TransitGatewayAddress": "10.0.0.234", "PeerAddress": "172.31.1.11", "InsideCidrBlocks": [ "169.254.6.0/29" ], "Protocol": "gre", "BgpConfigurations": [ { "TransitGatewayAsn": 64512, "PeerAsn": 64512, "TransitGatewayAddress": "169.254.6.2", "PeerAddress": "169.254.6.1", "BgpStatus": "down" }, { "TransitGatewayAsn": 64512, "PeerAsn": 64512, "TransitGatewayAddress": "169.254.6.3", "PeerAddress": "169.254.6.1", "BgpStatus": "down" } ] } } }

For more information, see Transit gateway Connect attachments and Transit Gateway Connect peers in the Transit Gateways Guide.

The following code example shows how to use create-transit-gateway-connect.

Amazon CLI

To create a transit gateway Connect attachment

The following create-transit-gateway-connect example creates a Connect attachment, with the "gre" protocol, for the specified attachment.

aws ec2 create-transit-gateway-connect \ --transport-transit-gateway-attachment-id tgw-attach-0a89069f57EXAMPLE \ --options "Protocol=gre"

Output:

{ "TransitGatewayConnect": { "TransitGatewayAttachmentId": "tgw-attach-037012e5dcEXAMPLE", "TransportTransitGatewayAttachmentId": "tgw-attach-0a89069f57EXAMPLE", "TransitGatewayId": "tgw-02f776b1a7EXAMPLE", "State": "pending", "CreationTime": "2021-03-09T19:59:17+00:00", "Options": { "Protocol": "gre" } } }

For more information, see Transit gateway Connect attachments and Transit Gateway Connect peers in the Transit Gateways Guide.

The following code example shows how to use create-transit-gateway-multicast-domain.

Amazon CLI

Example 1: To create an IGMP multicast domain

The following create-transit-gateway-multicast-domain example creates a multicast domain for the specified transit gateway. With static sources disabled, any instances in subnets associated with the multicast domain can send multicast traffic. If at least one member uses the IGMP protocol, you must enable IGMPv2 support.

aws ec2 create-transit-gateway-multicast-domain \ --transit-gateway-id tgw-0bf0bffefaEXAMPLE \ --options StaticSourcesSupport=disable,Igmpv2Support=enable

Output:

{ "TransitGatewayMulticastDomain": { "TransitGatewayMulticastDomainId": "tgw-mcast-domain-0c9e29e2a7EXAMPLE", "TransitGatewayId": "tgw-0bf0bffefaEXAMPLE", "TransitGatewayMulticastDomainArn": "arn:aws:ec2:us-west-2:123456789012:transit-gateway-multicast-domain/tgw-mcast-domain-0c9e29e2a7EXAMPLE", "OwnerId": "123456789012", "Options": { "Igmpv2Support": "enable", "StaticSourcesSupport": "disable", "AutoAcceptSharedAssociations": "disable" }, "State": "pending", "CreationTime": "2021-09-29T22:17:13.000Z" } }

Example 2: To create a static multicast domain

The following create-transit-gateway-multicast-domain example creates a multicast domain for the specified transit gateway. With static sources enabled, you must statically add sources.

aws ec2 create-transit-gateway-multicast-domain \ --transit-gateway-id tgw-0bf0bffefaEXAMPLE \ --options StaticSourcesSupport=enable,Igmpv2Support=disable

Output:

{ "TransitGatewayMulticastDomain": { "TransitGatewayMulticastDomainId": "tgw-mcast-domain-000fb24d04EXAMPLE", "TransitGatewayId": "tgw-0bf0bffefaEXAMPLE", "TransitGatewayMulticastDomainArn": "arn:aws:ec2:us-west-2:123456789012:transit-gateway-multicast-domain/tgw-mcast-domain-000fb24d04EXAMPLE", "OwnerId": "123456789012", "Options": { "Igmpv2Support": "disable", "StaticSourcesSupport": "enable", "AutoAcceptSharedAssociations": "disable" }, "State": "pending", "CreationTime": "2021-09-29T22:20:19.000Z" } }

For more information, see Managing multicast domains in the Transit Gateways Guide.

The following code example shows how to use create-transit-gateway-peering-attachment.

Amazon CLI

To create a transit gateway peering attachment

The following create-transit-gateway-peering-attachment example creates a peering attachment request between the two specified transit gateways.

aws ec2 create-transit-gateway-peering-attachment \ --transit-gateway-id tgw-123abc05e04123abc \ --peer-transit-gateway-id tgw-11223344aabbcc112 \ --peer-account-id 123456789012 \ --peer-region us-east-2

Output:

{ "TransitGatewayPeeringAttachment": { "TransitGatewayAttachmentId": "tgw-attach-4455667788aabbccd", "RequesterTgwInfo": { "TransitGatewayId": "tgw-123abc05e04123abc", "OwnerId": "123456789012", "Region": "us-west-2" }, "AccepterTgwInfo": { "TransitGatewayId": "tgw-11223344aabbcc112", "OwnerId": "123456789012", "Region": "us-east-2" }, "State": "initiatingRequest", "CreationTime": "2019-12-09T11:38:05.000Z" } }

For more information, see Transit Gateway Peering Attachments in the Transit Gateways Guide.

The following code example shows how to use create-transit-gateway-policy-table.

Amazon CLI

To create a transit gateway policy table

The following create-transit-gateway-policy-table example creates a transit gateway policy table for the specified transit gateway.

aws ec2 create-transit-gateway-policy-table \ --transit-gateway-id tgw-067f8505c18f0bd6e

Output:

{ "TransitGatewayPolicyTable": { "TransitGatewayPolicyTableId": "tgw-ptb-0a16f134b78668a81", "TransitGatewayId": "tgw-067f8505c18f0bd6e", "State": "pending", "CreationTime": "2023-11-28T16:36:43+00:00" } }

For more information, see Transit gateway policy tables in the Transit Gateway User Guide.

The following code example shows how to use create-transit-gateway-prefix-list-reference.

Amazon CLI

To create a reference to a prefix list

The following create-transit-gateway-prefix-list-reference example creates a reference to the specified prefix list in the specified transit gateway route table.

aws ec2 create-transit-gateway-prefix-list-reference \ --transit-gateway-route-table-id tgw-rtb-0123456789abcd123 \ --prefix-list-id pl-11111122222222333 \ --transit-gateway-attachment-id tgw-attach-aaaaaabbbbbb11111

Output:

{ "TransitGatewayPrefixListReference": { "TransitGatewayRouteTableId": "tgw-rtb-0123456789abcd123", "PrefixListId": "pl-11111122222222333", "PrefixListOwnerId": "123456789012", "State": "pending", "Blackhole": false, "TransitGatewayAttachment": { "TransitGatewayAttachmentId": "tgw-attach-aaaaaabbbbbb11111", "ResourceType": "vpc", "ResourceId": "vpc-112233445566aabbc" } } }

For more information, see Prefix list references in the Transit Gateways Guide.

The following code example shows how to use create-transit-gateway-route-table.

Amazon CLI

To create a Transit Gateway Route Table

The following create-transit-gateway-route-table example creates a route table for the specified transit gateway.

aws ec2 create-transit-gateway-route-table \ --transit-gateway-id tgw-0262a0e521EXAMPLE

Output:

{ "TransitGatewayRouteTable": { "TransitGatewayRouteTableId": "tgw-rtb-0960981be7EXAMPLE", "TransitGatewayId": "tgw-0262a0e521EXAMPLE", "State": "pending", "DefaultAssociationRouteTable": false, "DefaultPropagationRouteTable": false, "CreationTime": "2019-07-10T19:01:46.000Z" } }

For more information, see Create a transit gateway route table in the Transit Gateways Guide.

The following code example shows how to use create-transit-gateway-route.

Amazon CLI

To create a transit gateway route

The following create-transit-gateway-route example creates a route, with the specified destination, for the specified route table.

aws ec2 create-transit-gateway-route \ --destination-cidr-block 10.0.2.0/24 \ --transit-gateway-route-table-id tgw-rtb-0b6f6aaa01EXAMPLE \ --transit-gateway-attachment-id tgw-attach-0b5968d3b6EXAMPLE

Output:

{ "Route": { "DestinationCidrBlock": "10.0.2.0/24", "TransitGatewayAttachments": [ { "ResourceId": "vpc-0065acced4EXAMPLE", "TransitGatewayAttachmentId": "tgw-attach-0b5968d3b6EXAMPLE", "ResourceType": "vpc" } ], "Type": "static", "State": "active" } }

For more information, see Transit gateway route tables in the Transit Gateways Guide.

The following code example shows how to use create-transit-gateway-vpc-attachment.

Amazon CLI

Example 1: To associate a transit gateway with a VPC

The following create-transit-gateway-vpc-attachment example creates a transit gateway attachment to the specified VPC.

aws ec2 create-transit-gateway-vpc-attachment \ --transit-gateway-id tgw-0262a0e521EXAMPLE \ --vpc-id vpc-07e8ffd50f49335df \ --subnet-id subnet-0752213d59EXAMPLE

Output:

{ "TransitGatewayVpcAttachment": { "TransitGatewayAttachmentId": "tgw-attach-0a34fe6b4fEXAMPLE", "TransitGatewayId": "tgw-0262a0e521EXAMPLE", "VpcId": "vpc-07e8ffd50fEXAMPLE", "VpcOwnerId": "111122223333", "State": "pending", "SubnetIds": [ "subnet-0752213d59EXAMPLE" ], "CreationTime": "2019-07-10T17:33:46.000Z", "Options": { "DnsSupport": "enable", "Ipv6Support": "disable" } } }

For more information, see Create a transit gateway attachment to a VPC in the Transit Gateways Guide.

Example 2: To associate a transit gateway with multiple subnets in a VPC

The following create-transit-gateway-vpc-attachment example creates a transit gateway attachment to the specified VPC and subnets.

aws ec2 create-transit-gateway-vpc-attachment \ --transit-gateway-id tgw-02f776b1a7EXAMPLE \ --vpc-id vpc-3EXAMPLE \ --subnet-ids "subnet-dEXAMPLE" "subnet-6EXAMPLE"

Output:

{ "TransitGatewayVpcAttachment": { "TransitGatewayAttachmentId": "tgw-attach-0e141e0bebEXAMPLE", "TransitGatewayId": "tgw-02f776b1a7EXAMPLE", "VpcId": "vpc-3EXAMPLE", "VpcOwnerId": "111122223333", "State": "pending", "SubnetIds": [ "subnet-6EXAMPLE", "subnet-dEXAMPLE" ], "CreationTime": "2019-12-17T20:07:52.000Z", "Options": { "DnsSupport": "enable", "Ipv6Support": "disable" } } }

For more information, see Create a transit gateway attachment to a VPC in the Transit Gateways Guide.

The following code example shows how to use create-transit-gateway.

Amazon CLI

To create a transit gateway

The following create-transit-gateway example creates a transit gateway.

aws ec2 create-transit-gateway \ --description MyTGW \ --options AmazonSideAsn=64516,AutoAcceptSharedAttachments=enable,DefaultRouteTableAssociation=enable,DefaultRouteTablePropagation=enable,VpnEcmpSupport=enable,DnsSupport=enable

Output:

{ "TransitGateway": { "TransitGatewayId": "tgw-0262a0e521EXAMPLE", "TransitGatewayArn": "arn:aws:ec2:us-east-2:111122223333:transit-gateway/tgw-0262a0e521EXAMPLE", "State": "pending", "OwnerId": "111122223333", "Description": "MyTGW", "CreationTime": "2019-07-10T14:02:12.000Z", "Options": { "AmazonSideAsn": 64516, "AutoAcceptSharedAttachments": "enable", "DefaultRouteTableAssociation": "enable", "AssociationDefaultRouteTableId": "tgw-rtb-018774adf3EXAMPLE", "DefaultRouteTablePropagation": "enable", "PropagationDefaultRouteTableId": "tgw-rtb-018774adf3EXAMPLE", "VpnEcmpSupport": "enable", "DnsSupport": "enable" } } }

For more information, see Create a transit gateway in the Transit Gateways Guide.

The following code example shows how to use create-verified-access-endpoint.

Amazon CLI

To create a Verified Access endpoint

The following create-verified-access-endpoint example creates a Verified Access endpoint for the speciied Verified Access group. The specified network interface and security group must belong to the same VPC.

aws ec2 create-verified-access-endpoint \ --verified-access-group-id vagr-0dbe967baf14b7235 \ --endpoint-type network-interface \ --attachment-type vpc \ --domain-certificate-arn arn:aws:acm:us-east-2:123456789012:certificate/eb065ea0-26f9-4e75-a6ce-0a1a7EXAMPLE \ --application-domain example.com \ --endpoint-domain-prefix my-ava-app \ --security-group-ids sg-004915970c4c8f13a \ --network-interface-options NetworkInterfaceId=eni-0aec70418c8d87a0f,Protocol=https,Port=443 \ --tag-specifications ResourceType=verified-access-endpoint,Tags=[{Key=Name,Value=my-va-endpoint}]

Output:

{ "VerifiedAccessEndpoint": { "VerifiedAccessInstanceId": "vai-0ce000c0b7643abea", "VerifiedAccessGroupId": "vagr-0dbe967baf14b7235", "VerifiedAccessEndpointId": "vae-066fac616d4d546f2", "ApplicationDomain": "example.com", "EndpointType": "network-interface", "AttachmentType": "vpc", "DomainCertificateArn": "arn:aws:acm:us-east-2:123456789012:certificate/eb065ea0-26f9-4e75-a6ce-0a1a7EXAMPLE", "EndpointDomain": "my-ava-app.edge-00c3372d53b1540bb.vai-0ce000c0b7643abea.prod.verified-access.us-east-2.amazonaws.com", "SecurityGroupIds": [ "sg-004915970c4c8f13a" ], "NetworkInterfaceOptions": { "NetworkInterfaceId": "eni-0aec70418c8d87a0f", "Protocol": "https", "Port": 443 }, "Status": { "Code": "pending" }, "Description": "", "CreationTime": "2023-08-25T20:54:43", "LastUpdatedTime": "2023-08-25T20:54:43", "Tags": [ { "Key": "Name", "Value": "my-va-endpoint" } ] } }

For more information, see Verified Access endpoints in the Amazon Verified Access User Guide.

The following code example shows how to use create-verified-access-group.

Amazon CLI

To create a Verified Access group

The following create-verified-access-group example creates a Verified Access group for the specified Verified Access instance.

aws ec2 create-verified-access-group \ --verified-access-instance-id vai-0ce000c0b7643abea \ --tag-specifications ResourceType=verified-access-group,Tags=[{Key=Name,Value=my-va-group}]

Output:

{ "VerifiedAccessGroup": { "VerifiedAccessGroupId": "vagr-0dbe967baf14b7235", "VerifiedAccessInstanceId": "vai-0ce000c0b7643abea", "Description": "", "Owner": "123456789012", "VerifiedAccessGroupArn": "arn:aws:ec2:us-east-2:123456789012:verified-access-group/vagr-0dbe967baf14b7235", "CreationTime": "2023-08-25T19:55:19", "LastUpdatedTime": "2023-08-25T19:55:19", "Tags": [ { "Key": "Name", "Value": "my-va-group" } ] } }

For more information, see Verified Access groups in the Amazon Verified Access User Guide.

The following code example shows how to use create-verified-access-instance.

Amazon CLI

To create a Verified Access instance

The following create-verified-access-instance example creates a Verified Access instance with a Name tag.

aws ec2 create-verified-access-instance \ --tag-specifications ResourceType=verified-access-instance,Tags=[{Key=Name,Value=my-va-instance}]

Output:

{ "VerifiedAccessInstance": { "VerifiedAccessInstanceId": "vai-0ce000c0b7643abea", "Description": "", "VerifiedAccessTrustProviders": [], "CreationTime": "2023-08-25T18:27:56", "LastUpdatedTime": "2023-08-25T18:27:56", "Tags": [ { "Key": "Name", "Value": "my-va-instance" } ] } }

For more information, see Verified Access instances in the Amazon Verified Access User Guide.

The following code example shows how to use create-verified-access-trust-provider.

Amazon CLI

To create a Verified Access trust provider

The following create-verified-access-trust-provider example sets up a Verified Access trust provider using Amazon Identity Center.

aws ec2 create-verified-access-trust-provider \ --trust-provider-type user \ --user-trust-provider-type iam-identity-center \ --policy-reference-name idc \ --tag-specifications ResourceType=verified-access-trust-provider,Tags=[{Key=Name,Value=my-va-trust-provider}]

Output:

{ "VerifiedAccessTrustProvider": { "VerifiedAccessTrustProviderId": "vatp-0bb32de759a3e19e7", "Description": "", "TrustProviderType": "user", "UserTrustProviderType": "iam-identity-center", "PolicyReferenceName": "idc", "CreationTime": "2023-08-25T18:40:36", "LastUpdatedTime": "2023-08-25T18:40:36", "Tags": [ { "Key": "Name", "Value": "my-va-trust-provider" } ] } }

For more information, see Trust providers for Verified Access in the Amazon Verified Access User Guide.

The following code example shows how to use create-volume.

Amazon CLI

To create an empty General Purpose SSD (gp2) volume

The following create-volume example creates an 80 GiB General Purpose SSD (gp2) volume in the specified Availability Zone. Note that the current Region must be us-east-1, or you can add the --region parameter to specify the Region for the command.

aws ec2 create-volume \ --volume-type gp2 \ --size 80 \ --availability-zone us-east-1a

Output:

{ "AvailabilityZone": "us-east-1a", "Tags": [], "Encrypted": false, "VolumeType": "gp2", "VolumeId": "vol-1234567890abcdef0", "State": "creating", "Iops": 240, "SnapshotId": "", "CreateTime": "YYYY-MM-DDTHH:MM:SS.000Z", "Size": 80 }

If you do not specify a volume type, the default volume type is gp2.

aws ec2 create-volume \ --size 80 \ --availability-zone us-east-1a

Example 2: To create a Provisioned IOPS SSD (io1) volume from a snapshot

The following create-volume example creates a Provisioned IOPS SSD (io1) volume with 1000 provisioned IOPS in the specified Availability Zone using the specified snapshot.

aws ec2 create-volume \ --volume-type io1 \ --iops 1000 \ --snapshot-id snap-066877671789bd71b \ --availability-zone us-east-1a

Output:

{ "AvailabilityZone": "us-east-1a", "Tags": [], "Encrypted": false, "VolumeType": "io1", "VolumeId": "vol-1234567890abcdef0", "State": "creating", "Iops": 1000, "SnapshotId": "snap-066877671789bd71b", "CreateTime": "YYYY-MM-DDTHH:MM:SS.000Z", "Size": 500 }

Example 3: To create an encrypted volume

The following create-volume example creates an encrypted volume using the default CMK for EBS encryption. If encryption by default is disabled, you must specify the --encrypted parameter as follows.

aws ec2 create-volume \ --size 80 \ --encrypted \ --availability-zone us-east-1a

Output:

{ "AvailabilityZone": "us-east-1a", "Tags": [], "Encrypted": true, "VolumeType": "gp2", "VolumeId": "vol-1234567890abcdef0", "State": "creating", "Iops": 240, "SnapshotId": "", "CreateTime": "YYYY-MM-DDTHH:MM:SS.000Z", "Size": 80 }

If encryption by default is enabled, the following example command creates an encrypted volume, even without the --encrypted parameter.

aws ec2 create-volume \ --size 80 \ --availability-zone us-east-1a

If you use the --kms-key-id parameter to specify a customer managed CMK, you must specify the --encrypted parameter even if encryption by default is enabled.

aws ec2 create-volume \ --volume-type gp2 \ --size 80 \ --encrypted \ --kms-key-id 0ea3fef3-80a7-4778-9d8c-1c0c6EXAMPLE \ --availability-zone us-east-1a

Example 4: To create a volume with tags

The following create-volume example creates a volume and adds two tags.

aws ec2 create-volume \ --availability-zone us-east-1a \ --volume-type gp2 \ --size 80 \ --tag-specifications 'ResourceType=volume,Tags=[{Key=purpose,Value=production},{Key=cost-center,Value=cc123}]'
  • For API details, see CreateVolume in Amazon CLI Command Reference.

The following code example shows how to use create-vpc-endpoint-connection-notification.

Amazon CLI

To create an endpoint connection notification

This example creates a notification for a specific endpoint service that alerts you when interface endpoints have connected to your service and when endpoints have been accepted for your service.

Command:

aws ec2 create-vpc-endpoint-connection-notification --connection-notification-arn arn:aws:sns:us-east-2:123456789012:VpceNotification --connection-events Connect Accept --service-id vpce-svc-1237881c0d25a3abc

Output:

{ "ConnectionNotification": { "ConnectionNotificationState": "Enabled", "ConnectionNotificationType": "Topic", "ServiceId": "vpce-svc-1237881c0d25a3abc", "ConnectionEvents": [ "Accept", "Connect" ], "ConnectionNotificationId": "vpce-nfn-008776de7e03f5abc", "ConnectionNotificationArn": "arn:aws:sns:us-east-2:123456789012:VpceNotification" } }

The following code example shows how to use create-vpc-endpoint-service-configuration.

Amazon CLI

Example 1: To create an endpoint service configuration for an interface endpoint

The following create-vpc-endpoint-service-configuration example creates a VPC endpoint service configuration using the Network Load Balancer nlb-vpce. This example also specifies that requests to connect to the service through an interface endpoint must be accepted.

aws ec2 create-vpc-endpoint-service-configuration \ --network-load-balancer-arns arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/nlb-vpce/e94221227f1ba532 \ --acceptance-required

Output:

{ "ServiceConfiguration": { "ServiceType": [ { "ServiceType": "Interface" } ], "NetworkLoadBalancerArns": [ "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/nlb-vpce/e94221227f1ba532" ], "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-03d5ebb7d9579a2b3", "ServiceState": "Available", "ServiceId": "vpce-svc-03d5ebb7d9579a2b3", "AcceptanceRequired": true, "AvailabilityZones": [ "us-east-1d" ], "BaseEndpointDnsNames": [ "vpce-svc-03d5ebb7d9579a2b3.us-east-1.vpce.amazonaws.com" ] } }

Example 2: To create an endpoint service configuration for a Gateway Load Balancer endpoint

The following create-vpc-endpoint-service-configuration example creates a VPC endpoint service configuration using the Gateway Load Balancer GWLBService. Requests to connect to the service through a Gateway Load Balancer endpoint are automatically accepted.

aws ec2 create-vpc-endpoint-service-configuration \ --gateway-load-balancer-arns arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/gwy/GWLBService/123123123123abcc \ --no-acceptance-required

Output:

{ "ServiceConfiguration": { "ServiceType": [ { "ServiceType": "GatewayLoadBalancer" } ], "ServiceId": "vpce-svc-123123a1c43abc123", "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-123123a1c43abc123", "ServiceState": "Available", "AvailabilityZones": [ "us-east-1d" ], "AcceptanceRequired": false, "ManagesVpcEndpoints": false, "GatewayLoadBalancerArns": [ "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/gwy/GWLBService/123123123123abcc" ] } }

For more information, see VPC endpoint services in the Amazon VPC User Guide.

The following code example shows how to use create-vpc-endpoint.

Amazon CLI

Example 1: To create a gateway endpoint

The following create-vpc-endpoint example creates a gateway VPC endpoint between VPC vpc-1a2b3c4d and Amazon S3 in the us-east-1 region, and associates route table rtb-11aa22bb with the endpoint.

aws ec2 create-vpc-endpoint \ --vpc-id vpc-1a2b3c4d \ --service-name com.amazonaws.us-east-1.s3 \ --route-table-ids rtb-11aa22bb

Output:

{ "VpcEndpoint": { "PolicyDocument": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":\"\*\",\"Action\":\"\*\",\"Resource\":\"\*\"}]}", "VpcId": "vpc-1a2b3c4d", "State": "available", "ServiceName": "com.amazonaws.us-east-1.s3", "RouteTableIds": [ "rtb-11aa22bb" ], "VpcEndpointId": "vpc-1a2b3c4d", "CreationTimestamp": "2015-05-15T09:40:50Z" } }

For more information, see Creating a gateway endpoint in the AmazonPrivateLink Guide.

Example 2: To create an interface endpoint

The following create-vpc-endpoint example creates an interface VPC endpoint between VPC vpc-1a2b3c4d and Amazon S3 in the us-east-1 region. The command creates the endpoint in subnet subnet-1a2b3c4d, associates it with security group sg-1a2b3c4d, and adds a tag with a key of "Service" and a Value of "S3".

aws ec2 create-vpc-endpoint \ --vpc-id vpc-1a2b3c4d \ --vpc-endpoint-type Interface \ --service-name com.amazonaws.us-east-1.s3 \ --subnet-ids subnet-7b16de0c \ --security-group-id sg-1a2b3c4d \ --tag-specifications ResourceType=vpc-endpoint,Tags=[{Key=service,Value=S3}]

Output:

{ "VpcEndpoint": { "VpcEndpointId": "vpce-1a2b3c4d5e6f1a2b3", "VpcEndpointType": "Interface", "VpcId": "vpc-1a2b3c4d", "ServiceName": "com.amazonaws.us-east-1.s3", "State": "pending", "RouteTableIds": [], "SubnetIds": [ "subnet-1a2b3c4d" ], "Groups": [ { "GroupId": "sg-1a2b3c4d", "GroupName": "default" } ], "PrivateDnsEnabled": false, "RequesterManaged": false, "NetworkInterfaceIds": [ "eni-0b16f0581c8ac6877" ], "DnsEntries": [ { "DnsName": "*.vpce-1a2b3c4d5e6f1a2b3-9hnenorg.s3.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" }, { "DnsName": "*.vpce-1a2b3c4d5e6f1a2b3-9hnenorg-us-east-1c.s3.us-east-1.vpce.amazonaws.com", "HostedZoneId": "Z7HUB22UULQXV" } ], "CreationTimestamp": "2021-03-05T14:46:16.030000+00:00", "Tags": [ { "Key": "service", "Value": "S3" } ], "OwnerId": "123456789012" } }

For more information, see Creating an interface endpoint in the User Guide for AmazonPrivateLink.

Example 3: To create a Gateway Load Balancer endpoint

The following create-vpc-endpoint example creates a Gateway Load Balancer endpoint between VPC vpc-111122223333aabbc and and a service that is configured using a Gateway Load Balancer.

aws ec2 create-vpc-endpoint \ --service-name com.amazonaws.vpce.us-east-1.vpce-svc-123123a1c43abc123 \ --vpc-endpoint-type GatewayLoadBalancer \ --vpc-id vpc-111122223333aabbc \ --subnet-ids subnet-0011aabbcc2233445

Output:

{ "VpcEndpoint": { "VpcEndpointId": "vpce-aabbaabbaabbaabba", "VpcEndpointType": "GatewayLoadBalancer", "VpcId": "vpc-111122223333aabbc", "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-123123a1c43abc123", "State": "pending", "SubnetIds": [ "subnet-0011aabbcc2233445" ], "RequesterManaged": false, "NetworkInterfaceIds": [ "eni-01010120203030405" ], "CreationTimestamp": "2020-11-11T08:06:03.522Z", "OwnerId": "123456789012" } }

For more information, see Gateway Load Balancer endpoints in the User Guide for AmazonPrivateLink.

The following code example shows how to use create-vpc-peering-connection.

Amazon CLI

To create a VPC peering connection between your VPCs

This example requests a peering connection between your VPCs vpc-1a2b3c4d and vpc-11122233.

Command:

aws ec2 create-vpc-peering-connection --vpc-id vpc-1a2b3c4d --peer-vpc-id vpc-11122233

Output:

{ "VpcPeeringConnection": { "Status": { "Message": "Initiating Request to 444455556666", "Code": "initiating-request" }, "Tags": [], "RequesterVpcInfo": { "OwnerId": "444455556666", "VpcId": "vpc-1a2b3c4d", "CidrBlock": "10.0.0.0/28" }, "VpcPeeringConnectionId": "pcx-111aaa111", "ExpirationTime": "2014-04-02T16:13:36.000Z", "AccepterVpcInfo": { "OwnerId": "444455556666", "VpcId": "vpc-11122233" } } }

To create a VPC peering connection with a VPC in another account

This example requests a peering connection between your VPC (vpc-1a2b3c4d), and a VPC (vpc-11122233) that belongs Amazon account 123456789012.

Command:

aws ec2 create-vpc-peering-connection --vpc-id vpc-1a2b3c4d --peer-vpc-id vpc-11122233 --peer-owner-id 123456789012

To create a VPC peering connection with a VPC in a different region

This example requests a peering connection between your VPC in the current region (vpc-1a2b3c4d), and a VPC (vpc-11122233) in your account in the us-west-2 region.

Command:

aws ec2 create-vpc-peering-connection --vpc-id vpc-1a2b3c4d --peer-vpc-id vpc-11122233 --peer-region us-west-2

This example requests a peering connection between your VPC in the current region (vpc-1a2b3c4d), and a VPC (vpc-11122233) that belongs Amazon account 123456789012 that's in the us-west-2 region.

Command:

aws ec2 create-vpc-peering-connection --vpc-id vpc-1a2b3c4d --peer-vpc-id vpc-11122233 --peer-owner-id 123456789012 --peer-region us-west-2

The following code example shows how to use create-vpc.

Amazon CLI

Example 1: To create a VPC

The following create-vpc example creates a VPC with the specified IPv4 CIDR block and a Name tag.

aws ec2 create-vpc \ --cidr-block 10.0.0.0/16 \ --tag-specifications ResourceType=vpc,Tags=[{Key=Name,Value=MyVpc}]

Output:

{ "Vpc": { "CidrBlock": "10.0.0.0/16", "DhcpOptionsId": "dopt-5EXAMPLE", "State": "pending", "VpcId": "vpc-0a60eb65b4EXAMPLE", "OwnerId": "123456789012", "InstanceTenancy": "default", "Ipv6CidrBlockAssociationSet": [], "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-07501b79ecEXAMPLE", "CidrBlock": "10.0.0.0/16", "CidrBlockState": { "State": "associated" } } ], "IsDefault": false, "Tags": [ { "Key": "Name", "Value": MyVpc" } ] } }

Example 2: To create a VPC with dedicated tenancy

The following create-vpc example creates a VPC with the specified IPv4 CIDR block and dedicated tenancy.

aws ec2 create-vpc \ --cidr-block 10.0.0.0/16 \ --instance-tenancy dedicated

Output:

{ "Vpc": { "CidrBlock": "10.0.0.0/16", "DhcpOptionsId": "dopt-19edf471", "State": "pending", "VpcId": "vpc-0a53287fa4EXAMPLE", "OwnerId": "111122223333", "InstanceTenancy": "dedicated", "Ipv6CidrBlockAssociationSet": [], "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-00b24cc1c2EXAMPLE", "CidrBlock": "10.0.0.0/16", "CidrBlockState": { "State": "associated" } } ], "IsDefault": false } }

Example 3: To create a VPC with an IPv6 CIDR block

The following create-vpc example creates a VPC with an Amazon-provided IPv6 CIDR block.

aws ec2 create-vpc \ --cidr-block 10.0.0.0/16 \ --amazon-provided-ipv6-cidr-block

Output:

{ "Vpc": { "CidrBlock": "10.0.0.0/16", "DhcpOptionsId": "dopt-dEXAMPLE", "State": "pending", "VpcId": "vpc-0fc5e3406bEXAMPLE", "OwnerId": "123456789012", "InstanceTenancy": "default", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-068432c60bEXAMPLE", "Ipv6CidrBlock": "", "Ipv6CidrBlockState": { "State": "associating" }, "Ipv6Pool": "Amazon", "NetworkBorderGroup": "us-west-2" } ], "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0669f8f9f5EXAMPLE", "CidrBlock": "10.0.0.0/16", "CidrBlockState": { "State": "associated" } } ], "IsDefault": false } }

Example 4: To create a VPC with a CIDR from an IPAM pool

The following create-vpc example creates a VPC with a CIDR from an Amazon VPC IP Address Manager (IPAM) pool.

Linux and macOS:

aws ec2 create-vpc \ --ipv4-ipam-pool-id ipam-pool-0533048da7d823723 \ --tag-specifications ResourceType=vpc,Tags='[{Key=Environment,Value="Preprod"},{Key=Owner,Value="Build Team"}]'

Windows:

aws ec2 create-vpc ^ --ipv4-ipam-pool-id ipam-pool-0533048da7d823723 ^ --tag-specifications ResourceType=vpc,Tags=[{Key=Environment,Value="Preprod"},{Key=Owner,Value="Build Team"}]

Output:

{ "Vpc": { "CidrBlock": "10.0.1.0/24", "DhcpOptionsId": "dopt-2afccf50", "State": "pending", "VpcId": "vpc-010e1791024eb0af9", "OwnerId": "123456789012", "InstanceTenancy": "default", "Ipv6CidrBlockAssociationSet": [], "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0a77de1d803226d4b", "CidrBlock": "10.0.1.0/24", "CidrBlockState": { "State": "associated" } } ], "IsDefault": false, "Tags": [ { "Key": "Environment", "Value": "Preprod" }, { "Key": "Owner", "Value": "Build Team" } ] } }

For more information, see Create a VPC that uses an IPAM pool CIDR in the Amazon VPC IPAM User Guide.

  • For API details, see CreateVpc in Amazon CLI Command Reference.

The following code example shows how to use create-vpn-connection-route.

Amazon CLI

To create a static route for a VPN connection

This example creates a static route for the specified VPN connection. If the command succeeds, no output is returned.

Command:

aws ec2 create-vpn-connection-route --vpn-connection-id vpn-40f41529 --destination-cidr-block 11.12.0.0/16

The following code example shows how to use create-vpn-connection.

Amazon CLI

Example 1: To create a VPN connection with dynamic routing

The following create-vpn-connection example creates a VPN connection between the specified virtual private gateway and the specified customer gateway, and applies tags to the VPN connection. The output includes the configuration information for your customer gateway device, in XML format.

aws ec2 create-vpn-connection \ --type ipsec.1 \ --customer-gateway-id cgw-001122334455aabbc \ --vpn-gateway-id vgw-1a1a1a1a1a1a2b2b2 \ --tag-specification 'ResourceType=vpn-connection,Tags=[{Key=Name,Value=BGP-VPN}]'

Output:

{ "VpnConnection": { "CustomerGatewayConfiguration": "...configuration information...", "CustomerGatewayId": "cgw-001122334455aabbc", "Category": "VPN", "State": "pending", "VpnConnectionId": "vpn-123123123123abcab", "VpnGatewayId": "vgw-1a1a1a1a1a1a2b2b2", "Options": { "EnableAcceleration": false, "StaticRoutesOnly": false, "LocalIpv4NetworkCidr": "0.0.0.0/0", "RemoteIpv4NetworkCidr": "0.0.0.0/0", "TunnelInsideIpVersion": "ipv4", "TunnelOptions": [ {}, {} ] }, "Routes": [], "Tags": [ { "Key": "Name", "Value": "BGP-VPN" } ] } }

For more information, see How Amazon Site-to-Site VPN works in the Amazon Site-to-Site VPN User Guide.

Example 2: To create a VPN connection with static routing

The following create-vpn-connection example creates a VPN connection between the specified virtual private gateway and the specified customer gateway. The options specify static routing. The output includes the configuration information for your customer gateway device, in XML format.

aws ec2 create-vpn-connection \ --type ipsec.1 \ --customer-gateway-id cgw-001122334455aabbc \ --vpn-gateway-id vgw-1a1a1a1a1a1a2b2b2 \ --options "{\"StaticRoutesOnly\":true}"

Output:

{ "VpnConnection": { "CustomerGatewayConfiguration": "..configuration information...", "CustomerGatewayId": "cgw-001122334455aabbc", "Category": "VPN", "State": "pending", "VpnConnectionId": "vpn-123123123123abcab", "VpnGatewayId": "vgw-1a1a1a1a1a1a2b2b2", "Options": { "EnableAcceleration": false, "StaticRoutesOnly": true, "LocalIpv4NetworkCidr": "0.0.0.0/0", "RemoteIpv4NetworkCidr": "0.0.0.0/0", "TunnelInsideIpVersion": "ipv4", "TunnelOptions": [ {}, {} ] }, "Routes": [], "Tags": [] } }

For more information, see How Amazon Site-to-Site VPN works in the Amazon Site-to-Site VPN User Guide.

Example 3: To create a VPN connection and specify your own inside CIDR and pre-shared key

The following create-vpn-connection example creates a VPN connection and specifies the inside IP address CIDR block and a custom pre-shared key for each tunnel. The specified values are returned in the CustomerGatewayConfiguration information.

aws ec2 create-vpn-connection \ --type ipsec.1 \ --customer-gateway-id cgw-001122334455aabbc \ --vpn-gateway-id vgw-1a1a1a1a1a1a2b2b2 \ --options TunnelOptions='[{TunnelInsideCidr=169.254.12.0/30,PreSharedKey=ExamplePreSharedKey1},{TunnelInsideCidr=169.254.13.0/30,PreSharedKey=ExamplePreSharedKey2}]'

Output:

{ "VpnConnection": { "CustomerGatewayConfiguration": "..configuration information...", "CustomerGatewayId": "cgw-001122334455aabbc", "Category": "VPN", "State": "pending", "VpnConnectionId": "vpn-123123123123abcab", "VpnGatewayId": "vgw-1a1a1a1a1a1a2b2b2", "Options": { "EnableAcceleration": false, "StaticRoutesOnly": false, "LocalIpv4NetworkCidr": "0.0.0.0/0", "RemoteIpv4NetworkCidr": "0.0.0.0/0", "TunnelInsideIpVersion": "ipv4", "TunnelOptions": [ { "OutsideIpAddress": "203.0.113.3", "TunnelInsideCidr": "169.254.12.0/30", "PreSharedKey": "ExamplePreSharedKey1" }, { "OutsideIpAddress": "203.0.113.5", "TunnelInsideCidr": "169.254.13.0/30", "PreSharedKey": "ExamplePreSharedKey2" } ] }, "Routes": [], "Tags": [] } }

For more information, see How Amazon Site-to-Site VPN works in the Amazon Site-to-Site VPN User Guide.

Example 4: To create a VPN connection that supports IPv6 traffic

The following create-vpn-connection example creates a VPN connection that supports IPv6 traffic between the specified transit gateway and specified customer gateway. The tunnel options for both tunnels specify that Amazon must initiate the IKE negotiation.

aws ec2 create-vpn-connection \ --type ipsec.1 \ --transit-gateway-id tgw-12312312312312312 \ --customer-gateway-id cgw-001122334455aabbc \ --options TunnelInsideIpVersion=ipv6,TunnelOptions=[{StartupAction=start},{StartupAction=start}]

Output:

{ "VpnConnection": { "CustomerGatewayConfiguration": "..configuration information...", "CustomerGatewayId": "cgw-001122334455aabbc", "Category": "VPN", "State": "pending", "VpnConnectionId": "vpn-11111111122222222", "TransitGatewayId": "tgw-12312312312312312", "Options": { "EnableAcceleration": false, "StaticRoutesOnly": false, "LocalIpv6NetworkCidr": "::/0", "RemoteIpv6NetworkCidr": "::/0", "TunnelInsideIpVersion": "ipv6", "TunnelOptions": [ { "OutsideIpAddress": "203.0.113.3", "StartupAction": "start" }, { "OutsideIpAddress": "203.0.113.5", "StartupAction": "start" } ] }, "Routes": [], "Tags": [] } }

For more information, see How Amazon Site-to-Site VPN works in the Amazon Site-to-Site VPN User Guide.

The following code example shows how to use create-vpn-gateway.

Amazon CLI

To create a virtual private gateway

This example creates a virtual private gateway.

Command:

aws ec2 create-vpn-gateway --type ipsec.1

Output:

{ "VpnGateway": { "AmazonSideAsn": 64512, "State": "available", "Type": "ipsec.1", "VpnGatewayId": "vgw-9a4cacf3", "VpcAttachments": [] } }

To create a virtual private gateway with a specific Amazon-side ASN

This example creates a virtual private gateway and specifies the Autonomous System Number (ASN) for the Amazon side of the BGP session.

Command:

aws ec2 create-vpn-gateway --type ipsec.1 --amazon-side-asn 65001

Output:

{ "VpnGateway": { "AmazonSideAsn": 65001, "State": "available", "Type": "ipsec.1", "VpnGatewayId": "vgw-9a4cacf3", "VpcAttachments": [] } }

The following code example shows how to use delete-carrier-gateway.

Amazon CLI

To delete your carrier gateway

The following delete-carrier-gateway example deletes the specified carrier gateway.

aws ec2 delete-carrier-gateway \ --carrier-gateway-id cagw-0465cdEXAMPLE1111

Output:

{ "CarrierGateway": { "CarrierGatewayId": "cagw-0465cdEXAMPLE1111", "VpcId": "vpc-0c529aEXAMPLE1111", "State": "deleting", "OwnerId": "123456789012" } }

For more information, see Carrier gateways in the Amazon Virtual Private Cloud User Guide.

The following code example shows how to use delete-client-vpn-endpoint.

Amazon CLI

To delete a Client VPN endpoint

The following delete-client-vpn-endpoint example deletes the specified Client VPN endpoint.

aws ec2 delete-client-vpn-endpoint \ --client-vpn-endpoint-id cvpn-endpoint-123456789123abcde

Output:

{ "Status": { "Code": "deleting" } }

For more information, see Client VPN Endpoints in the Amazon Client VPN Administrator Guide.

The following code example shows how to use delete-client-vpn-route.

Amazon CLI

To delete a route for a Client VPN endpoint

The following delete-client-vpn-route example deletes the 0.0.0.0/0 route for the specified subnet of a Client VPN endpoint.

aws ec2 delete-client-vpn-route \ --client-vpn-endpoint-id cvpn-endpoint-123456789123abcde \ --destination-cidr-block 0.0.0.0/0 \ --target-vpc-subnet-id subnet-0123456789abcabca

Output:

{ "Status": { "Code": "deleting" } }

For more information, see Routes in the Amazon Client VPN Administrator Guide.

The following code example shows how to use delete-coip-cidr.

Amazon CLI

To delete a range of customer-owned IP (CoIP) addresses

The following delete-coip-cidr example deletes the specified range of CoIP addresses in the specified CoIP pool.

aws ec2 delete-coip-cidr \ --cidr 14.0.0.0/24 \ --coip-pool-id ipv4pool-coip-1234567890abcdefg

Output:

{ "CoipCidr": { "Cidr": "14.0.0.0/24", "CoipPoolId": "ipv4pool-coip-1234567890abcdefg", "LocalGatewayRouteTableId": "lgw-rtb-abcdefg1234567890" } }

For more information, see Customer-owned IP addresses in the Amazon Outposts User Guide.

  • For API details, see DeleteCoipCidr in Amazon CLI Command Reference.

The following code example shows how to use delete-coip-pool.

Amazon CLI

To delete a pool of customer-owned IP (CoIP) addresses

The following delete-coip-pool example deletes a CoIP pool of CoIP addresses.

aws ec2 delete-coip-pool \ --coip-pool-id ipv4pool-coip-1234567890abcdefg

Output:

{ "CoipPool": { "PoolId": "ipv4pool-coip-1234567890abcdefg", "LocalGatewayRouteTableId": "lgw-rtb-abcdefg1234567890", "PoolArn": "arn:aws:ec2:us-west-2:123456789012:coip-pool/ipv4pool-coip-1234567890abcdefg" } }

For more information, see Customer-owned IP addresses in the Amazon Outposts User Guide.

  • For API details, see DeleteCoipPool in Amazon CLI Command Reference.

The following code example shows how to use delete-customer-gateway.

Amazon CLI

To delete a customer gateway

This example deletes the specified customer gateway. If the command succeeds, no output is returned.

Command:

aws ec2 delete-customer-gateway --customer-gateway-id cgw-0e11f167

The following code example shows how to use delete-dhcp-options.

Amazon CLI

To delete a DHCP options set

This example deletes the specified DHCP options set. If the command succeeds, no output is returned.

Command:

aws ec2 delete-dhcp-options --dhcp-options-id dopt-d9070ebb

The following code example shows how to use delete-egress-only-internet-gateway.

Amazon CLI

To delete an egress-only Internet gateway

This example deletes the specified egress-only Internet gateway.

Command:

aws ec2 delete-egress-only-internet-gateway --egress-only-internet-gateway-id eigw-01eadbd45ecd7943f

Output:

{ "ReturnCode": true }

The following code example shows how to use delete-fleets.

Amazon CLI

Example 1: To delete an EC2 Fleet and terminate the associated instances

The following delete-fleets example deletes the specified EC2 Fleet and terminates the associated On-Demand Instances and Spot Instances.

aws ec2 delete-fleets \ --fleet-ids fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE \ --terminate-instances

Output:

{ "SuccessfulFleetDeletions": [ { "CurrentFleetState": "deleted_terminating", "PreviousFleetState": "active", "FleetId": "fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE" } ], "UnsuccessfulFleetDeletions": [] }

For more information, see Delete an EC2 Fleet in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

Example 2: To delete an EC2 Fleet without terminating the associated instances

The following delete-fleets example deletes the specified EC2 Fleet without terminating the associated On-Demand Instances and Spot Instances.

aws ec2 delete-fleets \ --fleet-ids fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE \ --no-terminate-instances

Output:

{ "SuccessfulFleetDeletions": [ { "CurrentFleetState": "deleted_running", "PreviousFleetState": "active", "FleetId": "fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE" } ], "UnsuccessfulFleetDeletions": [] }

For more information, see Delete an EC2 Fleet in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

  • For API details, see DeleteFleets in Amazon CLI Command Reference.

The following code example shows how to use delete-flow-logs.

Amazon CLI

To delete a flow log

The following delete-flow-logs example deletes the specified flow log.

aws ec2 delete-flow-logs --flow-log-id fl-11223344556677889

Output:

{ "Unsuccessful": [] }
  • For API details, see DeleteFlowLogs in Amazon CLI Command Reference.

The following code example shows how to use delete-fpga-image.

Amazon CLI

To delete an Amazon FPGA image

This example deletes the specified AFI.

Command:

aws ec2 delete-fpga-image --fpga-image-id afi-06b12350a123fbabc

Output:

{ "Return": true }

The following code example shows how to use delete-instance-connect-endpoint.

Amazon CLI

To delete an EC2 Instance Connect Endpoint

The following delete-instance-connect-endpoint example deletes the specified EC2 Instance Connect Endpoint.

aws ec2 delete-instance-connect-endpoint \ --instance-connect-endpoint-id eice-03f5e49b83924bbc7

Output:

{ "InstanceConnectEndpoint": { "OwnerId": "111111111111", "InstanceConnectEndpointId": "eice-0123456789example", "InstanceConnectEndpointArn": "arn:aws:ec2:us-east-1:111111111111:instance-connect-endpoint/eice-0123456789example", "State": "delete-in-progress", "StateMessage": "", "NetworkInterfaceIds": [], "VpcId": "vpc-0123abcd", "AvailabilityZone": "us-east-1d", "CreatedAt": "2023-02-07T12:05:37+00:00", "SubnetId": "subnet-0123abcd" } }

For more information, see Remove EC2 Instance Connect Endpoint in the Amazon EC2 User Guide.

The following code example shows how to use delete-instance-event-window.

Amazon CLI

Example 1: To delete an event window

The following delete-instance-event-window example deletes an event window.

aws ec2 delete-instance-event-window \ --region us-east-1 \ --instance-event-window-id iew-0abcdef1234567890

Output:

{ "InstanceEventWindowState": { "InstanceEventWindowId": "iew-0abcdef1234567890", "State": "deleting" } }

For event window constraints, see Considerations in the Scheduled Events section of the Amazon EC2 User Guide.

Example 2: To force delete an event window

The following delete-instance-event-window example force deletes an event window if the event window is currently associated with targets.

aws ec2 delete-instance-event-window \ --region us-east-1 \ --instance-event-window-id iew-0abcdef1234567890 \ --force-delete

Output:

{ "InstanceEventWindowState": { "InstanceEventWindowId": "iew-0abcdef1234567890", "State": "deleting" } }

For event window constraints, see Considerations in the Scheduled Events section of the Amazon EC2 User Guide.

The following code example shows how to use delete-internet-gateway.

Amazon CLI

To delete an internet gateway

The following delete-internet-gateway example deletes the specified internet gateway.

aws ec2 delete-internet-gateway \ --internet-gateway-id igw-0d0fb496b3EXAMPLE

This command produces no output.

For more information, see Internet gateways in the Amazon VPC User Guide.

The following code example shows how to use delete-ipam-pool.

Amazon CLI

To delete an IPAM pool

In this example, you're a IPAM delegated admin who wants to delete an IPAM pool that you no longer need, but the pool has a CIDR provisioned to it. You cannot delete a pool if it has CIDRs provisioned to it unless you use the --cascade option, so you'll use --cascade.

To complete this request:

You'll need the IPAM pool ID which you can get with describe-ipam-pools.The --region must be the IPAM home Region.

The following delete-ipam-pool example deletes an IPAM pool in your Amazon account.

aws ec2 delete-ipam-pool \ --ipam-pool-id ipam-pool-050c886a3ca41cd5b \ --cascade \ --region us-east-1

Output:

{ "IpamPool": { "OwnerId": "320805250157", "IpamPoolId": "ipam-pool-050c886a3ca41cd5b", "IpamPoolArn": "arn:aws:ec2::320805250157:ipam-pool/ipam-pool-050c886a3ca41cd5b", "IpamScopeArn": "arn:aws:ec2::320805250157:ipam-scope/ipam-scope-0a158dde35c51107b", "IpamScopeType": "private", "IpamArn": "arn:aws:ec2::320805250157:ipam/ipam-005f921c17ebd5107", "IpamRegion": "us-east-1", "Locale": "None", "PoolDepth": 1, "State": "delete-in-progress", "Description": "example", "AutoImport": false, "AddressFamily": "ipv4", "AllocationMinNetmaskLength": 0, "AllocationMaxNetmaskLength": 32 } }

For more information, see Delete a pool in the Amazon VPC IPAM User Guide.

  • For API details, see DeleteIpamPool in Amazon CLI Command Reference.

The following code example shows how to use delete-ipam-resource-discovery.

Amazon CLI

To delete a resource discovery

In this example, you're a IPAM delegated admin who wants to delete a non-default resource discovery that you created to share with another IPAM admin during the process of integrating IPAM with accounts outside of your organization.

To complete this request:

The --region must be the Region where you created the resource discovery.You cannot delete a default resource discovery if "IsDefault": true. A default resource discovery is one that is created automatically in the account that creates an IPAM. To delete a default resource discovery, you have to delete the IPAM.

The following delete-ipam-resource-discovery example deletes a resource discovery.

aws ec2 delete-ipam-resource-discovery \ --ipam-resource-discovery-id ipam-res-disco-0e39761475298ee0f \ --region us-east-1

Output:

{ "IpamResourceDiscovery": { "OwnerId": "149977607591", "IpamResourceDiscoveryId": "ipam-res-disco-0e39761475298ee0f", "IpamResourceDiscoveryArn": "arn:aws:ec2::149977607591:ipam-resource-discovery/ipam-res-disco-0e39761475298ee0f", "IpamResourceDiscoveryRegion": "us-east-1", "OperatingRegions": [ { "RegionName": "us-east-1" } ], "IsDefault": false, "State": "delete-in-progress" } }

For more information about resource discoveries, see Work with resource discoveries in the Amazon VPC IPAM User Guide.

The following code example shows how to use delete-ipam-scope.

Amazon CLI

To delete an IPAM scope

The following delete-ipam-scope example deletes an IPAM.

aws ec2 delete-ipam-scope \ --ipam-scope-id ipam-scope-01c1ebab2b63bd7e4

Output:

{ "IpamScope": { "OwnerId": "123456789012", "IpamScopeId": "ipam-scope-01c1ebab2b63bd7e4", "IpamScopeArn": "arn:aws:ec2::123456789012:ipam-scope/ipam-scope-01c1ebab2b63bd7e4", "IpamArn": "arn:aws:ec2::123456789012:ipam/ipam-08440e7a3acde3908", "IpamRegion": "us-east-1", "IpamScopeType": "private", "IsDefault": false, "Description": "Example description", "PoolCount": 0, "State": "delete-in-progress" } }

For more information, see Delete a scope in the Amazon VPC IPAM User Guide.

The following code example shows how to use delete-ipam.

Amazon CLI

To delete an IPAM

The following delete-ipam example deletes an IPAM.

aws ec2 delete-ipam \ --ipam-id ipam-036486dfa6af58ee0

Output:

{ "Ipam": { "OwnerId": "123456789012", "IpamId": "ipam-036486dfa6af58ee0", "IpamArn": "arn:aws:ec2::123456789012:ipam/ipam-036486dfa6af58ee0", "IpamRegion": "us-east-1", "PublicDefaultScopeId": "ipam-scope-071b8042b0195c183", "PrivateDefaultScopeId": "ipam-scope-0807405dece705a30", "ScopeCount": 2, "OperatingRegions": [ { "RegionName": "us-east-1" }, { "RegionName": "us-east-2" }, { "RegionName": "us-west-1" } ], "State": "delete-in-progress" } }

For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide.

  • For API details, see DeleteIpam in Amazon CLI Command Reference.

The following code example shows how to use delete-key-pair.

Amazon CLI

To delete a key pair

The following delete-key-pair example deletes the specified key pair.

aws ec2 delete-key-pair \ --key-name my-key-pair

Output:

{ "Return": true, "KeyPairId": "key-03c8d3aceb53b507" }

For more information, see Create and delete key pairs in the Amazon Command Line Interface User Guide.

  • For API details, see DeleteKeyPair in Amazon CLI Command Reference.

The following code example shows how to use delete-launch-template-versions.

Amazon CLI

To delete a launch template version

This example deletes the specified launch template version.

Command:

aws ec2 delete-launch-template-versions --launch-template-id lt-0abcd290751193123 --versions 1

Output:

{ "UnsuccessfullyDeletedLaunchTemplateVersions": [], "SuccessfullyDeletedLaunchTemplateVersions": [ { "LaunchTemplateName": "TestVersion", "VersionNumber": 1, "LaunchTemplateId": "lt-0abcd290751193123" } ] }

The following code example shows how to use delete-launch-template.

Amazon CLI

To delete a launch template

This example deletes the specified launch template.

Command:

aws ec2 delete-launch-template --launch-template-id lt-0abcd290751193123

Output:

{ "LaunchTemplate": { "LatestVersionNumber": 2, "LaunchTemplateId": "lt-0abcd290751193123", "LaunchTemplateName": "TestTemplate", "DefaultVersionNumber": 2, "CreatedBy": "arn:aws:iam::123456789012:root", "CreateTime": "2017-11-23T16:46:25.000Z" } }

The following code example shows how to use delete-local-gateway-route-table-virtual-interface-group-association.

Amazon CLI

To disassociate a local gateway route table from a virtual interfaces (VIFs) group

The following delete-local-gateway-route-table-virtual-interface-group-association example deletes the association between the specified local gateway route table and VIF group.

aws ec2 delete-local-gateway-route-table-virtual-interface-group-association \ --local-gateway-route-table-virtual-interface-group-association-id lgw-vif-grp-assoc-exampleid12345678

Output:

{ "LocalGatewayRouteTableVirtualInterfaceGroupAssociation": { "LocalGatewayRouteTableVirtualInterfaceGroupAssociationId": "lgw-vif-grp-assoc-exampleid12345678", "LocalGatewayVirtualInterfaceGroupId": "lgw-vif-grp-exampleid0123abcd", "LocalGatewayId": "lgw-exampleid11223344", "LocalGatewayRouteTableId": "lgw-rtb-exampleidabcd1234", "LocalGatewayRouteTableArn": "arn:aws:ec2:us-west-2:111122223333:local-gateway-route-table/lgw-rtb-exampleidabcd1234", "OwnerId": "111122223333", "State": "disassociating", "Tags": [] } }

For more information, see VIF group associations in the Amazon Outposts User Guide.

The following code example shows how to use delete-local-gateway-route-table-vpc-association.

Amazon CLI

To disassociate a local gateway route table from a VPC

The following delete-local-gateway-route-table-vpc-association example deletes the association between the specified local gateway route table and VPC.

aws ec2 delete-local-gateway-route-table-vpc-association \ --local-gateway-route-table-vpc-association-id vpc-example0123456789

Output:

{ "LocalGatewayRouteTableVpcAssociation": { "LocalGatewayRouteTableVpcAssociationId": "lgw-vpc-assoc-abcd1234wxyz56789", "LocalGatewayRouteTableId": "lgw-rtb-abcdefg1234567890", "LocalGatewayRouteTableArn": "arn:aws:ec2:us-west-2:555555555555:local-gateway-route-table/lgw-rtb-abcdefg1234567890", "LocalGatewayId": "lgw-exampleid01234567", "VpcId": "vpc-example0123456789", "OwnerId": "555555555555", "State": "disassociating" } }

For more information, see VPC associations in the Amazon Outposts User Guide.

The following code example shows how to use delete-local-gateway-route-table.

Amazon CLI

To delete a local gateway route table

The following delete-local-gateway-route-table example creates a local gateway route table with the direct VPC routing mode.

aws ec2 delete-local-gateway-route-table \ --local-gateway-route-table-id lgw-rtb-abcdefg1234567890

Output:

{ "LocalGatewayRouteTable": { "LocalGatewayRouteTableId": "lgw-rtb-abcdefg1234567890", "LocalGatewayRouteTableArn": "arn:aws:ec2:us-west-2:111122223333:local-gateway-route-table/lgw-rtb-abcdefg1234567890", "LocalGatewayId": "lgw-1a2b3c4d5e6f7g8h9", "OutpostArn": "arn:aws:outposts:us-west-2:111122223333:outpost/op-021345abcdef67890", "OwnerId": "111122223333", "State": "deleting", "Tags": [], "Mode": "direct-vpc-routing" } }

For more information, see Local gateway route tables in the Amazon Outposts User Guide.

The following code example shows how to use delete-local-gateway-route.

Amazon CLI

To delete a route from a local gateway route table

The following delete-local-gateway-route example deletes the specified route from the specified local gateway route table.

aws ec2 delete-local-gateway-route \ --destination-cidr-block 0.0.0.0/0 \ --local-gateway-route-table-id lgw-rtb-059615ef7dEXAMPLE

Output:

{ "Route": { "DestinationCidrBlock": "0.0.0.0/0", "LocalGatewayVirtualInterfaceGroupId": "lgw-vif-grp-07145b276bEXAMPLE", "Type": "static", "State": "deleted", "LocalGatewayRouteTableId": "lgw-rtb-059615ef7EXAMPLE" } }

The following code example shows how to use delete-managed-prefix-list.

Amazon CLI

To delete a prefix list

The following delete-managed-prefix-list example deletes the specified prefix list.

aws ec2 delete-managed-prefix-list \ --prefix-list-id pl-0123456abcabcabc1

Output:

{ "PrefixList": { "PrefixListId": "pl-0123456abcabcabc1", "AddressFamily": "IPv4", "State": "delete-in-progress", "PrefixListArn": "arn:aws:ec2:us-west-2:123456789012:prefix-list/pl-0123456abcabcabc1", "PrefixListName": "test", "MaxEntries": 10, "Version": 1, "OwnerId": "123456789012" } }

For more information, see Managed prefix lists in the Amazon VPC User Guide.

The following code example shows how to use delete-nat-gateway.

Amazon CLI

To delete a NAT gateway

This example deletes NAT gateway nat-04ae55e711cec5680.

Command:

aws ec2 delete-nat-gateway --nat-gateway-id nat-04ae55e711cec5680

Output:

{ "NatGatewayId": "nat-04ae55e711cec5680" }

The following code example shows how to use delete-network-acl-entry.

Amazon CLI

To delete a network ACL entry

This example deletes ingress rule number 100 from the specified network ACL. If the command succeeds, no output is returned.

Command:

aws ec2 delete-network-acl-entry --network-acl-id acl-5fb85d36 --ingress --rule-number 100

The following code example shows how to use delete-network-acl.

Amazon CLI

To delete a network ACL

This example deletes the specified network ACL. If the command succeeds, no output is returned.

Command:

aws ec2 delete-network-acl --network-acl-id acl-5fb85d36

The following code example shows how to use delete-network-insights-access-scope-analysis.

Amazon CLI

To delete a Network Access Scope analysis

The following delete-network-insights-access-scope-analysis example deletes the specified Network Access Scope analysis.

aws ec2 delete-network-insights-access-scope-analysis \ --network-insights-access-scope-analysis-id nisa-01234567891abcdef

Output:

{ "NetworkInsightsAccessScopeAnalysisId": "nisa-01234567891abcdef }

For more information, see Getting started with Network Access Analyzer using the Amazon CLI in the Network Access Analyzer Guide.

The following code example shows how to use delete-network-insights-access-scope.

Amazon CLI

To delete a Network Access Scope

The following delete-network-insights-access-scope example deletes the specified Network Access Scope.

aws ec2 delete-network-insights-access-scope \ --network-insights-access-scope-id nis-123456789abc01234

Output:

{ "NetworkInsightsAccessScopeId": "nis-123456789abc01234" }

For more information, see Getting started with Network Access Analyzer using the Amazon CLI in the Network Access Analyzer Guide.

The following code example shows how to use delete-network-insights-analysis.

Amazon CLI

To delete a path analysis

The following delete-network-insights-analysis example deletes the specified analysis.

aws ec2 delete-network-insights-analysis \ --network-insights-analysis-id nia-02207aa13eb480c7a

Output:

{ "NetworkInsightsAnalysisId": "nia-02207aa13eb480c7a" }

For more information, see Getting started using the Amazon CLI in the Reachability Analyzer Guide.

The following code example shows how to use delete-network-insights-path.

Amazon CLI

To delete a path

The following delete-network-insights-path example deletes the specified path. Before you can delete a path, you must delete all its analyses using the delete-network-insights-analysis command.

aws ec2 delete-network-insights-path \ --network-insights-path-id nip-0b26f224f1d131fa8

Output:

{ "NetworkInsightsPathId": "nip-0b26f224f1d131fa8" }

For more information, see Getting started using the Amazon CLI in the Reachability Analyzer Guide.

The following code example shows how to use delete-network-interface-permission.

Amazon CLI

To delete a network interface permission

This example deletes the specified network interface permission.

Command:

aws ec2 delete-network-interface-permission --network-interface-permission-id eni-perm-06fd19020ede149ea

Output:

{ "Return": true }

The following code example shows how to use delete-network-interface.

Amazon CLI

To delete a network interface

This example deletes the specified network interface. If the command succeeds, no output is returned.

Command:

aws ec2 delete-network-interface --network-interface-id eni-e5aa89a3

The following code example shows how to use delete-placement-group.

Amazon CLI

To delete a placement group

This example command deletes the specified placement group.

Command:

aws ec2 delete-placement-group --group-name my-cluster

The following code example shows how to use delete-queued-reserved-instances.

Amazon CLI

To delete a queued purchase

The following delete-queued-reserved-instances example deletes the specified Reserved Instance, which was queued for purchase.

aws ec2 delete-queued-reserved-instances \ --reserved-instances-ids af9f760e-6f91-4559-85f7-4980eexample

Output:

{ "SuccessfulQueuedPurchaseDeletions": [ { "ReservedInstancesId": "af9f760e-6f91-4559-85f7-4980eexample" } ], "FailedQueuedPurchaseDeletions": [] }

The following code example shows how to use delete-route-table.

Amazon CLI

To delete a route table

This example deletes the specified route table. If the command succeeds, no output is returned.

Command:

aws ec2 delete-route-table --route-table-id rtb-22574640

The following code example shows how to use delete-route.

Amazon CLI

To delete a route

This example deletes the specified route from the specified route table. If the command succeeds, no output is returned.

Command:

aws ec2 delete-route --route-table-id rtb-22574640 --destination-cidr-block 0.0.0.0/0
  • For API details, see DeleteRoute in Amazon CLI Command Reference.

The following code example shows how to use delete-security-group.

Amazon CLI

[EC2-Classic] To delete a security group

This example deletes the security group named MySecurityGroup. If the command succeeds, no output is returned.

Command:

aws ec2 delete-security-group --group-name MySecurityGroup

[EC2-VPC] To delete a security group

This example deletes the security group with the ID sg-903004f8. Note that you can't reference a security group for EC2-VPC by name. If the command succeeds, no output is returned.

Command:

aws ec2 delete-security-group --group-id sg-903004f8

For more information, see Using Security Groups in the Amazon Command Line Interface User Guide.

The following code example shows how to use delete-snapshot.

Amazon CLI

To delete a snapshot

This example command deletes a snapshot with the snapshot ID of snap-1234567890abcdef0. If the command succeeds, no output is returned.

Command:

aws ec2 delete-snapshot --snapshot-id snap-1234567890abcdef0
  • For API details, see DeleteSnapshot in Amazon CLI Command Reference.

The following code example shows how to use delete-spot-datafeed-subscription.

Amazon CLI

To cancel a Spot Instance data feed subscription

This example command deletes a Spot data feed subscription for the account. If the command succeeds, no output is returned.

Command:

aws ec2 delete-spot-datafeed-subscription

The following code example shows how to use delete-subnet-cidr-reservation.

Amazon CLI

To delete a subnet CIDR reservation

The following delete-subnet-cidr-reservation example deletes the specified subnet CIDR reservation.

aws ec2 delete-subnet-cidr-reservation \ --subnet-cidr-reservation-id scr-044f977c4eEXAMPLE

Output:

{ "DeletedSubnetCidrReservation": { "SubnetCidrReservationId": "scr-044f977c4eEXAMPLE", "SubnetId": "subnet-03c51e2e6cEXAMPLE", "Cidr": "10.1.0.16/28", "ReservationType": "prefix", "OwnerId": "123456789012" } }

For more information, see Subnet CIDR reservations in the Amazon VPC User Guide.

The following code example shows how to use delete-subnet.

Amazon CLI

To delete a subnet

This example deletes the specified subnet. If the command succeeds, no output is returned.

Command:

aws ec2 delete-subnet --subnet-id subnet-9d4a7b6c
  • For API details, see DeleteSubnet in Amazon CLI Command Reference.

The following code example shows how to use delete-tags.

Amazon CLI

Example 1: To delete a tag from a resource

The following delete-tags example deletes the tag Stack=Test from the specified image. When you specify both a value and a key name, the tag is deleted only if the tag's value matches the specified value.

aws ec2 delete-tags \ --resources ami-1234567890abcdef0 \ --tags Key=Stack,Value=Test

It's optional to specify the value for a tag. The following delete-tags example deletes the tag with the key name purpose from the specified instance, regardless of the tag value for the tag.

aws ec2 delete-tags \ --resources i-1234567890abcdef0 \ --tags Key=purpose

If you specify the empty string as the tag value, the tag is deleted only if the tag's value is the empty string. The following delete-tags example specifies the empty string as the tag value for the tag to delete.

aws ec2 delete-tags \ --resources i-1234567890abcdef0 \ --tags Key=Name,Value=

Example 2: To delete a tag from multiple resources

The following delete-tags example deletes the tag``Purpose=Test`` from both an instance and an AMI. As shown in the previous example, you can omit the tag value from the command.

aws ec2 delete-tags \ --resources i-1234567890abcdef0 ami-1234567890abcdef0 \ --tags Key=Purpose
  • For API details, see DeleteTags in Amazon CLI Command Reference.

The following code example shows how to use delete-traffic-mirror-filter-rule.

Amazon CLI

To delete a traffic mirror filter rule

The following delete-traffic-mirror-filter-rule example deletes the specified traffic mirror filter rule.

aws ec2 delete-traffic-mirror-filter-rule \ --traffic-mirror-filter-rule-id tmfr-081f71283bEXAMPLE

Output:

{ "TrafficMirrorFilterRuleId": "tmfr-081f71283bEXAMPLE" }

For more information, see Modify Your Traffic Mirror Filter Rules in the Amazon Traffic Mirroring Guide.

The following code example shows how to use delete-traffic-mirror-filter.

Amazon CLI

To delete a traffic mirror filter

The following delete-traffic-mirror-filter example deletes the specified traffic mirror filter.

aws ec2 delete-traffic-mirror-filter \ --traffic-mirror-filter-id tmf-0be0b25fcdEXAMPLE

Output:

{ "TrafficMirrorFilterId": "tmf-0be0b25fcdEXAMPLE" }

For more information, see Delete a Traffic Mirror Filter in the Amazon Traffic Mirroring Guide.

The following code example shows how to use delete-traffic-mirror-session.

Amazon CLI

To delete a traffic mirror session

The following delete-traffic-mirror-session example deletes the specified traffic mirror-session.

aws ec2 delete-traffic-mirror-session \ --traffic-mirror-session-id tms-0af3141ce5EXAMPLE

Output:

{ "TrafficMirrorSessionId": "tms-0af3141ce5EXAMPLE" }

For more information, see Delete a Traffic Mirror Session in the Amazon Traffic Mirroring Guide.

The following code example shows how to use delete-traffic-mirror-target.

Amazon CLI

To delete a traffic mirror target

The following delete-traffic-mirror-target example deletes the specified traffic mirror target.

aws ec2 delete-traffic-mirror-target \ --traffic-mirror-target-id tmt-060f48ce9EXAMPLE

Output:

{ "TrafficMirrorTargetId": "tmt-060f48ce9EXAMPLE" }

For more information, see Delete a Traffic Mirror Target in the Amazon Traffic Mirroring Guide.

The following code example shows how to use delete-transit-gateway-connect-peer.

Amazon CLI

To delete a Transit Gateway Connect peer

The following delete-transit-gateway-connect-peer example deletes the specified Connect peer.

aws ec2 delete-transit-gateway-connect-peer \ --transit-gateway-connect-peer-id tgw-connect-peer-0666adbac4EXAMPLE

Output:

{ "TransitGatewayConnectPeer": { "TransitGatewayAttachmentId": "tgw-attach-0f0927767cEXAMPLE", "TransitGatewayConnectPeerId": "tgw-connect-peer-0666adbac4EXAMPLE", "State": "deleting", "CreationTime": "2021-10-13T03:35:17.000Z", "ConnectPeerConfiguration": { "TransitGatewayAddress": "10.0.0.234", "PeerAddress": "172.31.1.11", "InsideCidrBlocks": [ "169.254.6.0/29" ], "Protocol": "gre", "BgpConfigurations": [ { "TransitGatewayAsn": 64512, "PeerAsn": 64512, "TransitGatewayAddress": "169.254.6.2", "PeerAddress": "169.254.6.1", "BgpStatus": "down" }, { "TransitGatewayAsn": 64512, "PeerAsn": 64512, "TransitGatewayAddress": "169.254.6.3", "PeerAddress": "169.254.6.1", "BgpStatus": "down" } ] } } }

For more information, see Transit gateway Connect attachments and Transit Gateway Connect peers in the Transit Gateways Guide.

The following code example shows how to use delete-transit-gateway-connect.

Amazon CLI

To delete a transit gateway Connect attachment

The following delete-transit-gateway-connect example deletes the specified Connect attachment.

aws ec2 delete-transit-gateway-connect \ --transit-gateway-attachment-id tgw-attach-037012e5dcEXAMPLE

Output:

{ "TransitGatewayConnect": { "TransitGatewayAttachmentId": "tgw-attach-037012e5dcEXAMPLE", "TransportTransitGatewayAttachmentId": "tgw-attach-0a89069f57EXAMPLE", "TransitGatewayId": "tgw-02f776b1a7EXAMPLE", "State": "deleting", "CreationTime": "2021-03-09T19:59:17+00:00", "Options": { "Protocol": "gre" } } }

For more information, see Transit gateway Connect attachments and Transit Gateway Connect peers in the Transit Gateways Guide.

The following code example shows how to use delete-transit-gateway-multicast-domain.

Amazon CLI

To delete a transit gateway multicast domain

The following delete-transit-gateway-multicast-domain example deletes the specified multicast domain.

aws ec2 delete-transit-gateway-multicast-domain \ --transit-gateway-multicast-domain-id tgw-mcast-domain-0c4905cef7EXAMPLE

Output:

{ "TransitGatewayMulticastDomain": { "TransitGatewayMulticastDomainId": "tgw-mcast-domain-02bb79002bEXAMPLE", "TransitGatewayId": "tgw-0d88d2d0d5EXAMPLE", "State": "deleting", "CreationTime": "2019-11-20T22:02:03.000Z" } }

For more information, see Managing multicast domains in the Transit Gateways Guide.

The following code example shows how to use delete-transit-gateway-peering-attachment.

Amazon CLI

To delete a transit gateway peering attachment

The following delete-transit-gateway-peering-attachment example deletes the specified transit gateway peering attachment.

aws ec2 delete-transit-gateway-peering-attachment \ --transit-gateway-attachment-id tgw-attach-4455667788aabbccd

Output:

{ "TransitGatewayPeeringAttachment": { "TransitGatewayAttachmentId": "tgw-attach-4455667788aabbccd", "RequesterTgwInfo": { "TransitGatewayId": "tgw-123abc05e04123abc", "OwnerId": "123456789012", "Region": "us-west-2" }, "AccepterTgwInfo": { "TransitGatewayId": "tgw-11223344aabbcc112", "OwnerId": "123456789012", "Region": "us-east-2" }, "State": "deleting", "CreationTime": "2019-12-09T11:38:31.000Z" } }

For more information, see Transit Gateway Peering Attachments in the Transit Gateways Guide.

The following code example shows how to use delete-transit-gateway-policy-table.

Amazon CLI

To delete a transit gateway policy table

The following delete-transit-gateway-policy-table example deletes the specified transit gateway policy table.

aws ec2 delete-transit-gateway-policy-table \ --transit-gateway-policy-table-id tgw-ptb-0a16f134b78668a81

Output:

{ "TransitGatewayPolicyTables": [ { "TransitGatewayPolicyTableId": "tgw-ptb-0a16f134b78668a81", "TransitGatewayId": "tgw-067f8505c18f0bd6e", "State": "deleting", "CreationTime": "2023-11-28T16:36:43+00:00", "Tags": [] } ] }

For more information, see Transit gateway policy tables in the Transit Gateway User Guide.

The following code example shows how to use delete-transit-gateway-prefix-list-reference.

Amazon CLI

To delete a prefix list reference

The following delete-transit-gateway-prefix-list-reference example deletes the specified prefix list reference.

aws ec2 delete-transit-gateway-prefix-list-reference \ --transit-gateway-route-table-id tgw-rtb-0123456789abcd123 \ --prefix-list-id pl-11111122222222333

Output:

{ "TransitGatewayPrefixListReference": { "TransitGatewayRouteTableId": "tgw-rtb-0123456789abcd123", "PrefixListId": "pl-11111122222222333", "PrefixListOwnerId": "123456789012", "State": "deleting", "Blackhole": false, "TransitGatewayAttachment": { "TransitGatewayAttachmentId": "tgw-attach-aabbccddaabbccaab", "ResourceType": "vpc", "ResourceId": "vpc-112233445566aabbc" } } }

For more information, see Prefix list references in the Transit Gateways Guide.

The following code example shows how to use delete-transit-gateway-route-table.

Amazon CLI

To delete a transit gateway route table

The following delete-transit-gateway-route-table example deletes the specified transit gateway route table.

aws ec2 delete-transit-gateway-route-table \ --transit-gateway-route-table-id tgw-rtb-0b6f6aaa01EXAMPLE

Output:

{ "TransitGatewayRouteTable": { "TransitGatewayRouteTableId": "tgw-rtb-0b6f6aaa01EXAMPLE", "TransitGatewayId": "tgw-02f776b1a7EXAMPLE", "State": "deleting", "DefaultAssociationRouteTable": false, "DefaultPropagationRouteTable": false, "CreationTime": "2019-07-17T20:27:26.000Z" } }

For more information, see Delete a transit gateway route table in the Transit Gateways Guide.

The following code example shows how to use delete-transit-gateway-route.

Amazon CLI

To delete a CIDR block from a route table

The following delete-transit-gateway-route example deletes the CIDR block from the specified transit gateway route table.

aws ec2 delete-transit-gateway-route \ --transit-gateway-route-table-id tgw-rtb-0b6f6aaa01EXAMPLE \ --destination-cidr-block 10.0.2.0/24

Output:

{ "Route": { "DestinationCidrBlock": "10.0.2.0/24", "TransitGatewayAttachments": [ { "ResourceId": "vpc-0065acced4EXAMPLE", "TransitGatewayAttachmentId": "tgw-attach-0b5968d3b6EXAMPLE", "ResourceType": "vpc" } ], "Type": "static", "State": "deleted" } }

For more information, see Delete a static route in the Transit Gateways Guide.

The following code example shows how to use delete-transit-gateway-vpc-attachment.

Amazon CLI

To delete a transit gateway VPC attachment

The following delete-transit-gateway-vpc-attachment example deletes the specified VPC attachment.

aws ec2 delete-transit-gateway-vpc-attachment \ --transit-gateway-attachment-id tgw-attach-0d2c54bdbEXAMPLE

Output:

{ "TransitGatewayVpcAttachment": { "TransitGatewayAttachmentId": "tgw-attach-0d2c54bdb3EXAMPLE", "TransitGatewayId": "tgw-02f776b1a7EXAMPLE", "VpcId": "vpc-0065acced4f61c651", "VpcOwnerId": "111122223333", "State": "deleting", "CreationTime": "2019-07-17T16:04:27.000Z" } }

For more information, see Delete a VPC attachment in the Transit Gateways Guide.

The following code example shows how to use delete-transit-gateway.

Amazon CLI

To delete a transit gateway

The following delete-transit-gateway example deletes the specified transit gateway.

aws ec2 delete-transit-gateway \ --transit-gateway-id tgw-01f04542b2EXAMPLE

Output:

{ "TransitGateway": { "TransitGatewayId": "tgw-01f04542b2EXAMPLE", "State": "deleting", "OwnerId": "123456789012", "Description": "Example Transit Gateway", "CreationTime": "2019-08-27T15:04:35.000Z", "Options": { "AmazonSideAsn": 64515, "AutoAcceptSharedAttachments": "disable", "DefaultRouteTableAssociation": "enable", "AssociationDefaultRouteTableId": "tgw-rtb-0ce7a6948fEXAMPLE", "DefaultRouteTablePropagation": "enable", "PropagationDefaultRouteTableId": "tgw-rtb-0ce7a6948fEXAMPLE", "VpnEcmpSupport": "enable", "DnsSupport": "enable" } } }

For more information, see Delete a transit gateway in the Transit Gateways Guide.

The following code example shows how to use delete-verified-access-endpoint.

Amazon CLI

To delete a Verified Access endpoint

The following delete-verified-access-endpoint example deletes the specified Verified Access endpoint.

aws ec2 delete-verified-access-endpoint \ --verified-access-endpoint-id vae-066fac616d4d546f2

Output:

{ "VerifiedAccessEndpoint": { "VerifiedAccessInstanceId": "vai-0ce000c0b7643abea", "VerifiedAccessGroupId": "vagr-0dbe967baf14b7235", "VerifiedAccessEndpointId": "vae-066fac616d4d546f2", "ApplicationDomain": "example.com", "EndpointType": "network-interface", "AttachmentType": "vpc", "DomainCertificateArn": "arn:aws:acm:us-east-2:123456789012:certificate/eb065ea0-26f9-4e75-a6ce-0a1a7EXAMPLE", "EndpointDomain": "my-ava-app.edge-00c3372d53b1540bb.vai-0ce000c0b7643abea.prod.verified-access.us-east-2.amazonaws.com", "SecurityGroupIds": [ "sg-004915970c4c8f13a" ], "NetworkInterfaceOptions": { "NetworkInterfaceId": "eni-0aec70418c8d87a0f", "Protocol": "https", "Port": 443 }, "Status": { "Code": "deleting" }, "Description": "Testing Verified Access", "CreationTime": "2023-08-25T20:54:43", "LastUpdatedTime": "2023-08-25T22:46:32" } }

For more information, see Verified Access endpoints in the Amazon Verified Access User Guide.

The following code example shows how to use delete-verified-access-group.

Amazon CLI

To delete a Verified Access group

The following delete-verified-access-group example deletes the specified Verified Access group.

aws ec2 delete-verified-access-group \ --verified-access-group-id vagr-0dbe967baf14b7235

Output:

{ "VerifiedAccessGroup": { "VerifiedAccessGroupId": "vagr-0dbe967baf14b7235", "VerifiedAccessInstanceId": "vai-0ce000c0b7643abea", "Description": "Testing Verified Access", "Owner": "123456789012", "VerifiedAccessGroupArn": "arn:aws:ec2:us-east-2:123456789012:verified-access-group/vagr-0dbe967baf14b7235", "CreationTime": "2023-08-25T19:55:19", "LastUpdatedTime": "2023-08-25T22:49:03", "DeletionTime": "2023-08-26T00:58:31" } }

For more information, see Verified Access groups in the Amazon Verified Access User Guide.

The following code example shows how to use delete-verified-access-instance.

Amazon CLI

To delete a Verified Access instance

The following delete-verified-access-instance example deletes the specified Verified Access instance.

aws ec2 delete-verified-access-instance \ --verified-access-instance-id vai-0ce000c0b7643abea

Output:

{ "VerifiedAccessInstance": { "VerifiedAccessInstanceId": "vai-0ce000c0b7643abea", "Description": "Testing Verified Access", "VerifiedAccessTrustProviders": [], "CreationTime": "2023-08-25T18:27:56", "LastUpdatedTime": "2023-08-26T01:00:18" } }

For more information, see Verified Access instances in the Amazon Verified Access User Guide.

The following code example shows how to use delete-verified-access-trust-provider.

Amazon CLI

To delete a Verified Access trust provider

The following delete-verified-access-trust-provider example deletes the specified Verified Access trust provider.

aws ec2 delete-verified-access-trust-provider \ --verified-access-trust-provider-id vatp-0bb32de759a3e19e7

Output:

{ "VerifiedAccessTrustProvider": { "VerifiedAccessTrustProviderId": "vatp-0bb32de759a3e19e7", "Description": "Testing Verified Access", "TrustProviderType": "user", "UserTrustProviderType": "iam-identity-center", "PolicyReferenceName": "idc", "CreationTime": "2023-08-25T18:40:36", "LastUpdatedTime": "2023-08-25T18:40:36" } }

For more information, see Trust providers for Verified Access in the Amazon Verified Access User Guide.

The following code example shows how to use delete-volume.

Amazon CLI

To delete a volume

This example command deletes an available volume with the volume ID of vol-049df61146c4d7901. If the command succeeds, no output is returned.

Command:

aws ec2 delete-volume --volume-id vol-049df61146c4d7901
  • For API details, see DeleteVolume in Amazon CLI Command Reference.

The following code example shows how to use delete-vpc-endpoint-connection-notifications.

Amazon CLI

To delete an endpoint connection notification

This example deletes the specified endpoint connection notification.

Command:

aws ec2 delete-vpc-endpoint-connection-notifications --connection-notification-ids vpce-nfn-008776de7e03f5abc

Output:

{ "Unsuccessful": [] }

The following code example shows how to use delete-vpc-endpoint-service-configurations.

Amazon CLI

To delete an endpoint service configuration

This example deletes the specified endpoint service configuration.

Command:

aws ec2 delete-vpc-endpoint-service-configurations --service-ids vpce-svc-03d5ebb7d9579a2b3

Output:

{ "Unsuccessful": [] }

The following code example shows how to use delete-vpc-endpoints.

Amazon CLI

To delete an endpoint

This example deletes endpoints vpce-aa22bb33 and vpce-1a2b3c4d. If the command is partially successful or unsuccessful, a list of unsuccessful items is returned. If the command succeeds, the returned list is empty.

Command:

aws ec2 delete-vpc-endpoints --vpc-endpoint-ids vpce-aa22bb33 vpce-1a2b3c4d

Output:

{ "Unsuccessful": [] }

The following code example shows how to use delete-vpc-peering-connection.

Amazon CLI

To delete a VPC peering connection

This example deletes the specified VPC peering connection.

Command:

aws ec2 delete-vpc-peering-connection --vpc-peering-connection-id pcx-1a2b3c4d

Output:

{ "Return": true }

The following code example shows how to use delete-vpc.

Amazon CLI

To delete a VPC

This example deletes the specified VPC. If the command succeeds, no output is returned.

Command:

aws ec2 delete-vpc --vpc-id vpc-a01106c2
  • For API details, see DeleteVpc in Amazon CLI Command Reference.

The following code example shows how to use delete-vpn-connection-route.

Amazon CLI

To delete a static route from a VPN connection

This example deletes the specified static route from the specified VPN connection. If the command succeeds, no output is returned.

Command:

aws ec2 delete-vpn-connection-route --vpn-connection-id vpn-40f41529 --destination-cidr-block 11.12.0.0/16

The following code example shows how to use delete-vpn-connection.

Amazon CLI

To delete a VPN connection

This example deletes the specified VPN connection. If the command succeeds, no output is returned.

Command:

aws ec2 delete-vpn-connection --vpn-connection-id vpn-40f41529

The following code example shows how to use delete-vpn-gateway.

Amazon CLI

To delete a virtual private gateway

This example deletes the specified virtual private gateway. If the command succeeds, no output is returned.

Command:

aws ec2 delete-vpn-gateway --vpn-gateway-id vgw-9a4cacf3

The following code example shows how to use deprovision-byoip-cidr.

Amazon CLI

To remove an IP address range from use

The following example removes the specified address range from use with Amazon.

aws ec2 deprovision-byoip-cidr \ --cidr 203.0.113.25/24

Output:

{ "ByoipCidr": { "Cidr": "203.0.113.25/24", "State": "pending-deprovision" } }

The following code example shows how to use deprovision-ipam-pool-cidr.

Amazon CLI

To deprovision an IPAM pool CIDR

The following deprovision-ipam-pool-cidr example deprovisions a CIDR provisioned to an IPAM pool.

(Linux):

aws ec2 deprovision-ipam-pool-cidr \ --ipam-pool-id ipam-pool-02ec043a19bbe5d08 \ --cidr 11.0.0.0/16

(Windows):

aws ec2 deprovision-ipam-pool-cidr ^ --ipam-pool-id ipam-pool-02ec043a19bbe5d08 ^ --cidr 11.0.0.0/16

Output:

{ "IpamPoolCidr": { "Cidr": "11.0.0.0/16", "State": "pending-deprovision" } }

For more information, see Deprovision pool CIDRs in the Amazon VPC IPAM User Guide.

The following code example shows how to use deregister-image.

Amazon CLI

To deregister an AMI

This example deregisters the specified AMI. If the command succeeds, no output is returned.

Command:

aws ec2 deregister-image --image-id ami-4fa54026

The following code example shows how to use deregister-instance-event-notification-attributes.

Amazon CLI

Example 1: To remove all tags from event notifications

The following deregister-instance-event-notification-attributes example removes IncludeAllTagsOfInstance=true, which has the effect of setting IncludeAllTagsOfInstance to false.

aws ec2 deregister-instance-event-notification-attributes \ --instance-tag-attribute IncludeAllTagsOfInstance=true

Output:

{ "InstanceTagAttribute": { "InstanceTagKeys": [], "IncludeAllTagsOfInstance": true } }

For more information, see Scheduled events for your instances in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

Example 2: To remove specific tags from event notifications

The following deregister-instance-event-notification-attributes example removes the specified tag from the tags included in event notifications. To describe the remaining tags included in event notifications, use describe-instance-event-notification-attributes.

aws ec2 deregister-instance-event-notification-attributes \ --instance-tag-attribute InstanceTagKeys="tag-key2"

Output:

{ "InstanceTagAttribute": { "InstanceTagKeys": [ "tag-key2" ], "IncludeAllTagsOfInstance": false } }

For more information, see Scheduled events for your instances in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

The following code example shows how to use deregister-transit-gateway-multicast-group-members.

Amazon CLI

To deregister group members from a multicast group

This example deregisters the specified network interface group member from the transit gateway multicast group.

aws ec2 deregister-transit-gateway-multicast-group-members \ --transit-gateway-multicast-domain-id tgw-mcast-domain-0c4905cef7EXAMPLE \ --group-ip-address 224.0.1.0 \ --network-interface-ids eni-0e246d3269EXAMPLE

Output:

{ "DeregisteredMulticastGroupMembers": { "TransitGatewayMulticastDomainId": "tgw-mcast-domain-0c4905cef7EXAMPLE", "RegisteredNetworkInterfaceIds": [ "eni-0e246d3269EXAMPLE" ], "GroupIpAddress": "224.0.1.0" } }

For more information, see Deregister Members from a Multicast Group in the Amazon Transit Gateways Users Guide.

The following code example shows how to use deregister-transit-gateway-multicast-group-source.

Amazon CLI

To deregister a source from the transit gateway multicast group

This example deregisters the specified network interface group source from the multicast group.

aws ec2 register-transit-gateway-multicast-group-sources \ --transit-gateway-multicast-domain-id tgw-mcast-domain-0c4905cef79d6e597 \ --group-ip-address 224.0.1.0 \ --network-interface-ids eni-07f290fc3c090cbae

Output:

{ "DeregisteredMulticastGroupSources": { "TransitGatewayMulticastDomainId": "tgw-mcast-domain-0c4905cef79d6e597", "DeregisteredNetworkInterfaceIds": [ "eni-07f290fc3c090cbae" ], "GroupIpAddress": "224.0.1.0" } }

For more information, see Deregister Sources from a Multicast Group in the Amazon Transit Gateways User Guide.

The following code example shows how to use describe-account-attributes.

Amazon CLI

To describe all the attributes for your Amazon account

This example describes the attributes for your Amazon account.

Command:

aws ec2 describe-account-attributes

Output:

{ "AccountAttributes": [ { "AttributeName": "vpc-max-security-groups-per-interface", "AttributeValues": [ { "AttributeValue": "5" } ] }, { "AttributeName": "max-instances", "AttributeValues": [ { "AttributeValue": "20" } ] }, { "AttributeName": "supported-platforms", "AttributeValues": [ { "AttributeValue": "EC2" }, { "AttributeValue": "VPC" } ] }, { "AttributeName": "default-vpc", "AttributeValues": [ { "AttributeValue": "none" } ] }, { "AttributeName": "max-elastic-ips", "AttributeValues": [ { "AttributeValue": "5" } ] }, { "AttributeName": "vpc-max-elastic-ips", "AttributeValues": [ { "AttributeValue": "5" } ] } ] }

To describe a single attribute for your Amazon account

This example describes the supported-platforms attribute for your Amazon account.

Command:

aws ec2 describe-account-attributes --attribute-names supported-platforms

Output:

{ "AccountAttributes": [ { "AttributeName": "supported-platforms", "AttributeValues": [ { "AttributeValue": "EC2" }, { "AttributeValue": "VPC" } ] } ] }

The following code example shows how to use describe-address-transfers.

Amazon CLI

To describe an Elastic IP address transfer

The following describe-address-transfers example describes the Elastic IP address transfer for the specified Elastic IP address.

aws ec2 describe-address-transfers \ --allocation-ids eipalloc-09ad461b0d03f6aaf

Output:

{ "AddressTransfers": [ { "PublicIp": "100.21.184.216", "AllocationId": "eipalloc-09ad461b0d03f6aaf", "TransferAccountId": "123456789012", "TransferOfferExpirationTimestamp": "2023-02-22T22:51:01.000Z", "AddressTransferStatus": "pending" } ] }

For more information, see Transfer Elastic IP addresses in the Amazon VPC User Guide.

The following code example shows how to use describe-addresses-attribute.

Amazon CLI

To view the attributes of the domain name associated with an elastic IP address

The following describe-addresses-attribute examples return the attributes of the domain name associated with the elastic IP address.

Linux:

aws ec2 describe-addresses-attribute \ --allocation-ids eipalloc-abcdef01234567890 \ --attribute domain-name

Windows:

aws ec2 describe-addresses-attribute ^ --allocation-ids eipalloc-abcdef01234567890 ^ --attribute domain-name

Output:

{ "Addresses": [ { "PublicIp": "192.0.2.0", "AllocationId": "eipalloc-abcdef01234567890", "PtrRecord": "example.com." } ] }

To view the attributes of an elastic IP address, you must have first associated a domain name with the elastic IP address. For more information, see Use reverse DNS for email applications in the Amazon EC2 User Guide or modify-address-attribute in the Amazon CLI Command Reference.

The following code example shows how to use describe-addresses.

Amazon CLI

Example 1: To retrieve details about all of your Elastic IP addresses

The following describe addresses example displays details about your Elastic IP addresses.

aws ec2 describe-addresses

Output:

{ "Addresses": [ { "InstanceId": "i-1234567890abcdef0", "PublicIp": "198.51.100.0", "PublicIpv4Pool": "amazon", "Domain": "standard" }, { "Domain": "vpc", "PublicIpv4Pool": "amazon", "InstanceId": "i-1234567890abcdef0", "NetworkInterfaceId": "eni-12345678", "AssociationId": "eipassoc-12345678", "NetworkInterfaceOwnerId": "123456789012", "PublicIp": "203.0.113.0", "AllocationId": "eipalloc-12345678", "PrivateIpAddress": "10.0.1.241" } ] }

Example 2: To retrieve details your Elastic IP addresses for EC2-VPC

The following describe-addresses example displays details about your Elastic IP addresses for use with instances in a VPC.

aws ec2 describe-addresses \ --filters "Name=domain,Values=vpc"

Output:

{ "Addresses": [ { "Domain": "vpc", "PublicIpv4Pool": "amazon", "InstanceId": "i-1234567890abcdef0", "NetworkInterfaceId": "eni-12345678", "AssociationId": "eipassoc-12345678", "NetworkInterfaceOwnerId": "123456789012", "PublicIp": "203.0.113.0", "AllocationId": "eipalloc-12345678", "PrivateIpAddress": "10.0.1.241" } ] }

Example 3: To retrieve details about an Elastic IP address specified by allocation ID

The following describe-addresses example displays details about the Elastic IP address with the specified allocation ID, which is associated with an instance in EC2-VPC.

aws ec2 describe-addresses \ --allocation-ids eipalloc-282d9641

Output:

{ "Addresses": [ { "Domain": "vpc", "PublicIpv4Pool": "amazon", "InstanceId": "i-1234567890abcdef0", "NetworkInterfaceId": "eni-1a2b3c4d", "AssociationId": "eipassoc-123abc12", "NetworkInterfaceOwnerId": "1234567891012", "PublicIp": "203.0.113.25", "AllocationId": "eipalloc-282d9641", "PrivateIpAddress": "10.251.50.12" } ] }

Example 4: To retrieve details about an Elastic IP address specified by its VPC private IP address

The following describe-addresses example displays details about the Elastic IP address associated with a particular private IP address in EC2-VPC.

aws ec2 describe-addresses \ --filters "Name=private-ip-address,Values=10.251.50.12"

Example 5: To retrieve details about Elastic IP addresses in EC2-Classic

TThe following describe-addresses example displays details about your Elastic IP addresses for use in EC2-Classic.

aws ec2 describe-addresses \ --filters "Name=domain,Values=standard"

Output:

{ "Addresses": [ { "InstanceId": "i-1234567890abcdef0", "PublicIp": "203.0.110.25", "PublicIpv4Pool": "amazon", "Domain": "standard" } ] }

Example 6: To retrieve details about an Elastic IP addresses specified by its public IP address

The following describe-addresses example displays details about the Elastic IP address with the value 203.0.110.25, which is associated with an instance in EC2-Classic.

aws ec2 describe-addresses \ --public-ips 203.0.110.25

Output:

{ "Addresses": [ { "InstanceId": "i-1234567890abcdef0", "PublicIp": "203.0.110.25", "PublicIpv4Pool": "amazon", "Domain": "standard" } ] }

The following code example shows how to use describe-aggregate-id-format.

Amazon CLI

To describe the longer ID format settings for all resource types in a Region

The following describe-aggregate-id-format example describes the overall long ID format status for the current Region. The Deadline value indicates that the deadlines for these resources to permanently switch from the short ID format to the long ID format expired. The UseLongIdsAggregated value indicates that all IAM users and IAM roles are configured to use long ID format for all resource types.

aws ec2 describe-aggregate-id-format

Output:

{ "UseLongIdsAggregated": true, "Statuses": [ { "Deadline": "2018-08-13T02:00:00.000Z", "Resource": "network-interface-attachment", "UseLongIds": true }, { "Deadline": "2016-12-13T02:00:00.000Z", "Resource": "instance", "UseLongIds": true }, { "Deadline": "2018-08-13T02:00:00.000Z", "Resource": "elastic-ip-association", "UseLongIds": true }, ... ] }

The following code example shows how to use describe-availability-zones.

Amazon CLI

To describe your Availability Zones

The following example describe-availability-zones displays details for the Availability Zones that are available to you. The response includes Availability Zones only for the current Region. In this example, it uses the profiles default us-west-2 (Oregon) Region.

aws ec2 describe-availability-zones

Output:

{ "AvailabilityZones": [ { "State": "available", "OptInStatus": "opt-in-not-required", "Messages": [], "RegionName": "us-west-2", "ZoneName": "us-west-2a", "ZoneId": "usw2-az1", "GroupName": "us-west-2", "NetworkBorderGroup": "us-west-2" }, { "State": "available", "OptInStatus": "opt-in-not-required", "Messages": [], "RegionName": "us-west-2", "ZoneName": "us-west-2b", "ZoneId": "usw2-az2", "GroupName": "us-west-2", "NetworkBorderGroup": "us-west-2" }, { "State": "available", "OptInStatus": "opt-in-not-required", "Messages": [], "RegionName": "us-west-2", "ZoneName": "us-west-2c", "ZoneId": "usw2-az3", "GroupName": "us-west-2", "NetworkBorderGroup": "us-west-2" }, { "State": "available", "OptInStatus": "opt-in-not-required", "Messages": [], "RegionName": "us-west-2", "ZoneName": "us-west-2d", "ZoneId": "usw2-az4", "GroupName": "us-west-2", "NetworkBorderGroup": "us-west-2" }, { "State": "available", "OptInStatus": "opted-in", "Messages": [], "RegionName": "us-west-2", "ZoneName": "us-west-2-lax-1a", "ZoneId": "usw2-lax1-az1", "GroupName": "us-west-2-lax-1", "NetworkBorderGroup": "us-west-2-lax-1" } ] }

The following code example shows how to use describe-aws-network-performance-metric-subscription.

Amazon CLI

To describe your metric subscriptions

The following describe-aws-network-performance-metric-subscriptions example describes your metric subscriptions.

aws ec2 describe-aws-network-performance-metric-subscriptions

Output:

{ "Subscriptions": [ { "Source": "us-east-1", "Destination": "eu-west-1", "Metric": "aggregate-latency", "Statistic": "p50", "Period": "five-minutes" } ] }

For more information, see Manage subscriptions in the Infrastructure Performance User Guide.

The following code example shows how to use describe-aws-network-performance-metric-subscriptions.

Amazon CLI

To describe your metric subscriptions

The following describe-aws-network-performance-metric-subscriptions example describes your metric subscriptions.

aws ec2 describe-aws-network-performance-metric-subscriptions

Output:

{ "Subscriptions": [ { "Source": "us-east-1", "Destination": "eu-west-1", "Metric": "aggregate-latency", "Statistic": "p50", "Period": "five-minutes" } ] }

For more information, see Manage subscriptions in the Infrastructure Performance User Guide.

The following code example shows how to use describe-bundle-tasks.

Amazon CLI

To describe your bundle tasks

This example describes all of your bundle tasks.

Command:

aws ec2 describe-bundle-tasks

Output:

{ "BundleTasks": [ { "UpdateTime": "2015-09-15T13:26:54.000Z", "InstanceId": "i-1234567890abcdef0", "Storage": { "S3": { "Prefix": "winami", "Bucket": "bundletasks" } }, "State": "bundling", "StartTime": "2015-09-15T13:24:35.000Z", "Progress": "3%", "BundleId": "bun-2a4e041c" } ] }

The following code example shows how to use describe-byoip-cidrs.

Amazon CLI

To describe your provisioned address ranges

The following describe-byoip-cidrs example displays details about the public IPv4 address ranges that you provisioned for use by Amazon.

aws ec2 describe-byoip-cidrs

Output:

{ "ByoipCidrs": [ { "Cidr": "203.0.113.25/24", "StatusMessage": "ipv4pool-ec2-1234567890abcdef0", "State": "provisioned" } ] }

The following code example shows how to use describe-capacity-reservation-fleets.

Amazon CLI

To view a Capacity Reservation Fleet

The following describe-capacity-reservation-fleets example lists configuration and capacity information for the specified Capacity Reservation Fleet. It also lists details about the individual Capacity Reservations that are inside the Fleet.:

aws ec2 describe-capacity-reservation-fleets \ --capacity-reservation-fleet-ids crf-abcdef01234567890

Output:

{ "CapacityReservationFleets": [ { "Status": "active", "EndDate": "2022-12-31T23:59:59.000Z", "InstanceMatchCriteria": "open", "Tags": [], "CapacityReservationFleetId": "crf-abcdef01234567890", "Tenancy": "default", "InstanceTypeSpecifications": [ { "CapacityReservationId": "cr-1234567890abcdef0", "AvailabilityZone": "us-east-1a", "FulfilledCapacity": 5.0, "Weight": 1.0, "CreateDate": "2022-07-02T08:34:33.398Z", "InstancePlatform": "Linux/UNIX", "TotalInstanceCount": 5, "Priority": 1, "EbsOptimized": true, "InstanceType": "m5.xlarge" } ], "TotalTargetCapacity": 5, "TotalFulfilledCapacity": 5.0, "CreateTime": "2022-07-02T08:34:33.397Z", "AllocationStrategy": "prioritized" } ] }

For more information about Capacity Reservation Fleets, see Capacity Reservation Fleets in the Amazon EC2 User Guide.

The following code example shows how to use describe-capacity-reservations.

Amazon CLI

Example 1: To describe one or more of your capacity reservations

The following describe-capacity-reservations example displays details about all of your capacity reservations in the current Amazon Region.

aws ec2 describe-capacity-reservations

Output:

{ "CapacityReservations": [ { "CapacityReservationId": "cr-1234abcd56EXAMPLE ", "EndDateType": "unlimited", "AvailabilityZone": "eu-west-1a", "InstanceMatchCriteria": "open", "Tags": [], "EphemeralStorage": false, "CreateDate": "2019-08-16T09:03:18.000Z", "AvailableInstanceCount": 1, "InstancePlatform": "Linux/UNIX", "TotalInstanceCount": 1, "State": "active", "Tenancy": "default", "EbsOptimized": true, "InstanceType": "a1.medium" }, { "CapacityReservationId": "cr-abcdEXAMPLE9876ef ", "EndDateType": "unlimited", "AvailabilityZone": "eu-west-1a", "InstanceMatchCriteria": "open", "Tags": [], "EphemeralStorage": false, "CreateDate": "2019-08-07T11:34:19.000Z", "AvailableInstanceCount": 3, "InstancePlatform": "Linux/UNIX", "TotalInstanceCount": 3, "State": "cancelled", "Tenancy": "default", "EbsOptimized": true, "InstanceType": "m5.large" } ] }

Example 2: To describe one or more of your capacity reservations

The following describe-capacity-reservations example displays details about the specified capacity reservation.

aws ec2 describe-capacity-reservations \ --capacity-reservation-ids cr-1234abcd56EXAMPLE

Output:

{ "CapacityReservations": [ { "CapacityReservationId": "cr-1234abcd56EXAMPLE", "EndDateType": "unlimited", "AvailabilityZone": "eu-west-1a", "InstanceMatchCriteria": "open", "Tags": [], "EphemeralStorage": false, "CreateDate": "2019-08-16T09:03:18.000Z", "AvailableInstanceCount": 1, "InstancePlatform": "Linux/UNIX", "TotalInstanceCount": 1, "State": "active", "Tenancy": "default", "EbsOptimized": true, "InstanceType": "a1.medium" } ] }

For more information, see Viewing a Capacity Reservation in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

The following code example shows how to use describe-carrier-gateways.

Amazon CLI

To describe all carrier gateways

The following describe-carrier-gateways example lists all your carrier gateways.

aws ec2 describe-carrier-gateways

Output:

{ "CarrierGateways": [ { "CarrierGatewayId": "cagw-0465cdEXAMPLE1111", "VpcId": "vpc-0c529aEXAMPLE", "State": "available", "OwnerId": "123456789012", "Tags": [ { "Key": "example", "Value": "tag" } ] } ] }

For more information, see Carrier gateways<https://docs.aws.amazon.com/vpc/latest/userguide/Carrier_Gateway.html> in the Amazon Virtual Private Cloud User Guide.

The following code example shows how to use describe-classic-link-instances.

Amazon CLI

To describe linked EC2-Classic instances

This example lists all of your linked EC2-Classic instances.

Command:

aws ec2 describe-classic-link-instances

Output:

{ "Instances": [ { "InstanceId": "i-1234567890abcdef0", "VpcId": "vpc-88888888", "Groups": [ { "GroupId": "sg-11122233" } ], "Tags": [ { "Value": "ClassicInstance", "Key": "Name" } ] }, { "InstanceId": "i-0598c7d356eba48d7", "VpcId": "vpc-12312312", "Groups": [ { "GroupId": "sg-aabbccdd" } ], "Tags": [ { "Value": "ClassicInstance2", "Key": "Name" } ] } ] }

This example lists all of your linked EC2-Classic instances, and filters the response to include only instances that are linked to VPC vpc-88888888.

Command:

aws ec2 describe-classic-link-instances --filter "Name=vpc-id,Values=vpc-88888888"

Output:

{ "Instances": [ { "InstanceId": "i-1234567890abcdef0", "VpcId": "vpc-88888888", "Groups": [ { "GroupId": "sg-11122233" } ], "Tags": [ { "Value": "ClassicInstance", "Key": "Name" } ] } ] }

The following code example shows how to use describe-client-vpn-authorization-rules.

Amazon CLI

To describe the authorization rules for a Client VPN endpoint

The following describe-client-vpn-authorization-rules example displays details about the authorization rules for the specified Client VPN endpoint.

aws ec2 describe-client-vpn-authorization-rules \ --client-vpn-endpoint-id cvpn-endpoint-123456789123abcde

Output:

{ "AuthorizationRules": [ { "ClientVpnEndpointId": "cvpn-endpoint-123456789123abcde", "GroupId": "", "AccessAll": true, "DestinationCidr": "0.0.0.0/0", "Status": { "Code": "active" } } ] }

For more information, see Authorization Rules in the Amazon Client VPN Administrator Guide.

The following code example shows how to use describe-client-vpn-connections.

Amazon CLI

To describe the connections to a Client VPN endpoint

The following describe-client-vpn-connections example displays details about the client connections to the specified Client VPN endpoint.

aws ec2 describe-client-vpn-connections \ --client-vpn-endpoint-id cvpn-endpoint-123456789123abcde

Output:

{ "Connections": [ { "ClientVpnEndpointId": "cvpn-endpoint-123456789123abcde", "Timestamp": "2019-08-12 07:58:34", "ConnectionId": "cvpn-connection-0e03eb24267165acd", "ConnectionEstablishedTime": "2019-08-12 07:57:14", "IngressBytes": "32302", "EgressBytes": "5696", "IngressPackets": "332", "EgressPackets": "67", "ClientIp": "172.31.0.225", "CommonName": "client1.domain.tld", "Status": { "Code": "terminated" }, "ConnectionEndTime": "2019-08-12 07:58:34" }, { "ClientVpnEndpointId": "cvpn-endpoint-123456789123abcde", "Timestamp": "2019-08-12 08:02:54", "ConnectionId": "cvpn-connection-00668867a40f18253", "ConnectionEstablishedTime": "2019-08-12 08:02:53", "IngressBytes": "2951", "EgressBytes": "2611", "IngressPackets": "9", "EgressPackets": "6", "ClientIp": "172.31.0.226", "CommonName": "client1.domain.tld", "Status": { "Code": "active" }, "ConnectionEndTime": "-" } ] }

For more information, see Client Connections in the Amazon Client VPN Administrator Guide.

The following code example shows how to use describe-client-vpn-endpoints.

Amazon CLI

To describe your Client VPN endpoints

The following describe-client-vpn-endpoints example displays details about all of your Client VPN endpoints.

aws ec2 describe-client-vpn-endpoints

Output:

{ "ClientVpnEndpoints": [ { "ClientVpnEndpointId": "cvpn-endpoint-123456789123abcde", "Description": "Endpoint for Admin access", "Status": { "Code": "available" }, "CreationTime": "2020-11-13T11:37:27", "DnsName": "*.cvpn-endpoint-123456789123abcde.prod.clientvpn.ap-south-1.amazonaws.com", "ClientCidrBlock": "172.31.0.0/16", "DnsServers": [ "8.8.8.8" ], "SplitTunnel": false, "VpnProtocol": "openvpn", "TransportProtocol": "udp", "VpnPort": 443, "ServerCertificateArn": "arn:aws:acm:ap-south-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-11111EXAMPLE", "AuthenticationOptions": [ { "Type": "certificate-authentication", "MutualAuthentication": { "ClientRootCertificateChain": "arn:aws:acm:ap-south-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-22222EXAMPLE" } } ], "ConnectionLogOptions": { "Enabled": true, "CloudwatchLogGroup": "Client-vpn-connection-logs", "CloudwatchLogStream": "cvpn-endpoint-123456789123abcde-ap-south-1-2020/11/13-FCD8HEMVaCcw" }, "Tags": [ { "Key": "Name", "Value": "Client VPN" } ], "SecurityGroupIds": [ "sg-aabbcc11223344567" ], "VpcId": "vpc-a87f92c1", "SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-123456789123abcde", "ClientConnectOptions": { "Enabled": false } } ] }

For more information, see Client VPN Endpoints in the Amazon Client VPN Administrator Guide.

The following code example shows how to use describe-client-vpn-routes.

Amazon CLI

To describe the routes for a Client VPN endpoint

The following describe-client-vpn-routes example displays details about the routes for the specified Client VPN endpoint.

aws ec2 describe-client-vpn-routes \ --client-vpn-endpoint-id cvpn-endpoint-123456789123abcde

Output:

{ "Routes": [ { "ClientVpnEndpointId": "cvpn-endpoint-123456789123abcde", "DestinationCidr": "10.0.0.0/16", "TargetSubnet": "subnet-0123456789abcabca", "Type": "Nat", "Origin": "associate", "Status": { "Code": "active" }, "Description": "Default Route" }, { "ClientVpnEndpointId": "cvpn-endpoint-123456789123abcde", "DestinationCidr": "0.0.0.0/0", "TargetSubnet": "subnet-0123456789abcabca", "Type": "Nat", "Origin": "add-route", "Status": { "Code": "active" } } ] }

For more information, see Routes in the Amazon Client VPN Administrator Guide.

The following code example shows how to use describe-client-vpn-target-networks.

Amazon CLI

To describe the target networks for a Client VPN endpoint

The following describe-client-vpn-target-networks example displays details about the target networks for the specified Client VPN endpoint.

aws ec2 describe-client-vpn-target-networks \ --client-vpn-endpoint-id cvpn-endpoint-123456789123abcde

Output:

{ "ClientVpnTargetNetworks": [ { "AssociationId": "cvpn-assoc-012e837060753dc3d", "VpcId": "vpc-11111222222333333", "TargetNetworkId": "subnet-0123456789abcabca", "ClientVpnEndpointId": "cvpn-endpoint-123456789123abcde", "Status": { "Code": "associating" }, "SecurityGroups": [ "sg-012345678910abcab" ] } ] }

For more information, see Target Networks in the Amazon Client VPN Administrator Guide.

The following code example shows how to use describe-coip-pools.

Amazon CLI

To describe customer-owned IP address pools

The following describe-coip-pools example describes the customer-owned IP address pools in your Amazon account.

aws ec2 describe-coip-pools

Output:

{ "CoipPools": [ { "PoolId": "ipv4pool-coip-123a45678bEXAMPLE", "PoolCidrs": [ "0.0.0.0/0" ], "LocalGatewayRouteTableId": "lgw-rtb-059615ef7dEXAMPLE", "PoolArn": "arn:aws:ec2:us-west-2:123456789012:coip-pool/ipv4pool-coip-123a45678bEXAMPLE" } ] }

For more information, see Customer-owned IP addresses in the Amazon Outposts User Guide.

The following code example shows how to use describe-conversion-tasks.

Amazon CLI

To view the status of a conversion task

This example returns the status of a conversion task with the ID import-i-ffvko9js.

Command:

aws ec2 describe-conversion-tasks --conversion-task-ids import-i-ffvko9js

Output:

{ "ConversionTasks": [ { "ConversionTaskId": "import-i-ffvko9js", "ImportInstance": { "InstanceId": "i-1234567890abcdef0", "Volumes": [ { "Volume": { "Id": "vol-049df61146c4d7901", "Size": 16 }, "Status": "completed", "Image": { "Size": 1300687360, "ImportManifestUrl": "https://s3.amazonaws.com/myimportbucket/411443cd-d620-4f1c-9d66-13144EXAMPLE/RHEL5.vmdkmanifest.xml?AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Expires=140EXAMPLE&Signature=XYNhznHNgCqsjDxL9wRL%2FJvEXAMPLE", "Format": "VMDK" }, "BytesConverted": 1300682960, "AvailabilityZone": "us-east-1d" } ] }, "ExpirationTime": "2014-05-14T22:06:23Z", "State": "completed" } ] }

The following code example shows how to use describe-customer-gateways.

Amazon CLI

To describe your customer gateways

This example describes your customer gateways.

Command:

aws ec2 describe-customer-gateways

Output:

{ "CustomerGateways": [ { "CustomerGatewayId": "cgw-b4dc3961", "IpAddress": "203.0.113.12", "State": "available", "Type": "ipsec.1", "BgpAsn": "65000" }, { "CustomerGatewayId": "cgw-0e11f167", "IpAddress": "12.1.2.3", "State": "available", "Type": "ipsec.1", "BgpAsn": "65534" } ] }

To describe a specific customer gateway

This example describes the specified customer gateway.

Command:

aws ec2 describe-customer-gateways --customer-gateway-ids cgw-0e11f167

Output:

{ "CustomerGateways": [ { "CustomerGatewayId": "cgw-0e11f167", "IpAddress": "12.1.2.3", "State": "available", "Type": "ipsec.1", "BgpAsn": "65534" } ] }

The following code example shows how to use describe-dhcp-options.

Amazon CLI

Example 1: To describe your DHCP options

The following describe-dhcp-options example retrieves details about your DHCP options.

aws ec2 describe-dhcp-options

Output:

{ "DhcpOptions": [ { "DhcpConfigurations": [ { "Key": "domain-name", "Values": [ { "Value": "us-east-2.compute.internal" } ] }, { "Key": "domain-name-servers", "Values": [ { "Value": "AmazonProvidedDNS" } ] } ], "DhcpOptionsId": "dopt-19edf471", "OwnerId": "111122223333" }, { "DhcpConfigurations": [ { "Key": "domain-name", "Values": [ { "Value": "us-east-2.compute.internal" } ] }, { "Key": "domain-name-servers", "Values": [ { "Value": "AmazonProvidedDNS" } ] } ], "DhcpOptionsId": "dopt-fEXAMPLE", "OwnerId": "111122223333" } ] }

For more information, see Working with DHCP Option Sets in the Amazon VPC User Guide.

Example 2: To describe your DHCP options and filter the output

The following describe-dhcp-options example describes your DHCP options and uses a filter to return only DHCP options that have example.com for the domain name server. The example uses the --query parameter to display only the configuration information and ID in the output.

aws ec2 describe-dhcp-options \ --filters Name=key,Values=domain-name-servers Name=value,Values=example.com \ --query "DhcpOptions[*].[DhcpConfigurations,DhcpOptionsId]"

Output:

[ [ [ { "Key": "domain-name", "Values": [ { "Value": "example.com" } ] }, { "Key": "domain-name-servers", "Values": [ { "Value": "172.16.16.16" } ] } ], "dopt-001122334455667ab" ] ]

For more information, see Working with DHCP Option Sets in the Amazon VPC User Guide.

The following code example shows how to use describe-egress-only-internet-gateways.

Amazon CLI

To describe your egress-only Internet gateways

This example describes your egress-only Internet gateways.

Command:

aws ec2 describe-egress-only-internet-gateways

Output:

{ "EgressOnlyInternetGateways": [ { "EgressOnlyInternetGatewayId": "eigw-015e0e244e24dfe8a", "Attachments": [ { "State": "attached", "VpcId": "vpc-0c62a468" } ] } ] }

The following code example shows how to use describe-elastic-gpus.

Amazon CLI

To describe an Elastic GPU

Command:

aws ec2 describe-elastic-gpus --elastic-gpu-ids egpu-12345678901234567890abcdefghijkl

The following code example shows how to use describe-export-image-tasks.

Amazon CLI

To monitor an export image task

The following describe-export-image-tasks example checks the status of the specified export image task. The resulting image file in Amazon S3 is my-export-bucket/exports/export-ami-1234567890abcdef0.vmdk.

aws ec2 describe-export-image-tasks \ --export-image-task-ids export-ami-1234567890abcdef0

Output for an export image task that is in progress.

{ "ExportImageTasks": [ { "ExportImageTaskId": "export-ami-1234567890abcdef0" "Progress": "21", "S3ExportLocation": { "S3Bucket": "my-export-bucket", "S3Prefix": "exports/" }, "Status": "active", "StatusMessage": "updating" } ] }

Output for an export image task that is completed.

{ "ExportImageTasks": [ { "ExportImageTaskId": "export-ami-1234567890abcdef0" "S3ExportLocation": { "S3Bucket": "my-export-bucket", "S3Prefix": "exports/" }, "Status": "completed" } ] }

For more information, see Export a VM from an AMI in the VM Import/Export User Guide.

The following code example shows how to use describe-export-tasks.

Amazon CLI

To list details about an instance export task

This example describes the export task with ID export-i-fh8sjjsq.

Command:

aws ec2 describe-export-tasks --export-task-ids export-i-fh8sjjsq

Output:

{ "ExportTasks": [ { "State": "active", "InstanceExportDetails": { "InstanceId": "i-1234567890abcdef0", "TargetEnvironment": "vmware" }, "ExportToS3Task": { "S3Bucket": "myexportbucket", "S3Key": "RHEL5export-i-fh8sjjsq.ova", "DiskImageFormat": "vmdk", "ContainerFormat": "ova" }, "Description": "RHEL5 instance", "ExportTaskId": "export-i-fh8sjjsq" } ] }

The following code example shows how to use describe-fast-launch-images.

Amazon CLI

To describe the details for Windows AMIs that are configured for faster launching

The following describe-fast-launch-images example describes the details for each of the AMIs in your account that are configured for faster launching, including the resource type, the snapshot configuration, the launch template details, the maximum number of parallel launches, the AMI owner ID, the state of the fast launch configuration, the reason the state was changed, and the time that the state change occurred.

aws ec2 describe-fast-launch-images

Output:

{ "FastLaunchImages": [ { "ImageId": "ami-01234567890abcedf", "ResourceType": "snapshot", "SnapshotConfiguration": {}, "LaunchTemplate": { "LaunchTemplateId": "lt-01234567890abcedf", "LaunchTemplateName": "EC2FastLaunchDefaultResourceCreation-a8c6215d-94e6-441b-9272-dbd1f87b07e2", "Version": "1" }, "MaxParallelLaunches": 6, "OwnerId": "0123456789123", "State": "enabled", "StateTransitionReason": "Client.UserInitiated", "StateTransitionTime": "2022-01-27T22:20:06.552000+00:00" } ] }

For more information about configuring a Windows AMI for faster launching, see Configure your AMI for faster launching in the Amazon EC2 User Guide.

The following code example shows how to use describe-fast-snapshot-restores.

Amazon CLI

To describe fast snapshot restores

The following describe-fast-snapshot-restores example displays details for all fast snapshot restores with a state of disabled.

aws ec2 describe-fast-snapshot-restores \ --filters Name=state,Values=disabled

Output:

{ "FastSnapshotRestores": [ { "SnapshotId": "snap-1234567890abcdef0", "AvailabilityZone": "us-west-2c", "State": "disabled", "StateTransitionReason": "Client.UserInitiated - Lifecycle state transition", "OwnerId": "123456789012", "EnablingTime": "2020-01-25T23:57:49.596Z", "OptimizingTime": "2020-01-25T23:58:25.573Z", "EnabledTime": "2020-01-25T23:59:29.852Z", "DisablingTime": "2020-01-26T00:40:56.069Z", "DisabledTime": "2020-01-26T00:41:27.390Z" } ] }

The following describe-fast-snapshot-restores example describes all fast snapshot restores.

aws ec2 describe-fast-snapshot-restores

The following code example shows how to use describe-fleet-history.

Amazon CLI

To describe EC2 Fleet history

The following describe-fleet-history example returns the history for the specified EC2 Fleet starting at the specified time. The output is for an EC2 Fleet with two running instances.

aws ec2 describe-fleet-history \ --fleet-id fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE \ --start-time 2020-09-01T00:00:00Z

Output:

{ "HistoryRecords": [ { "EventInformation": { "EventSubType": "submitted" }, "EventType": "fleetRequestChange", "Timestamp": "2020-09-01T18:26:05.000Z" }, { "EventInformation": { "EventSubType": "active" }, "EventType": "fleetRequestChange", "Timestamp": "2020-09-01T18:26:15.000Z" }, { "EventInformation": { "EventDescription": "t2.small, ami-07c8bc5c1ce9598c3, ...", "EventSubType": "progress" }, "EventType": "fleetRequestChange", "Timestamp": "2020-09-01T18:26:17.000Z" }, { "EventInformation": { "EventDescription": "{\"instanceType\":\"t2.small\", ...}", "EventSubType": "launched", "InstanceId": "i-083a1c446e66085d2" }, "EventType": "instanceChange", "Timestamp": "2020-09-01T18:26:17.000Z" }, { "EventInformation": { "EventDescription": "{\"instanceType\":\"t2.small\", ...}", "EventSubType": "launched", "InstanceId": "i-090db02406cc3c2d6" }, "EventType": "instanceChange", "Timestamp": "2020-09-01T18:26:17.000Z" } ], "LastEvaluatedTime": "2020-09-01T19:10:19.000Z", "FleetId": "fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE", "StartTime": "2020-08-31T23:53:20.000Z" }

For more information, see Managing an EC2 Fleet in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

The following code example shows how to use describe-fleet-instances.

Amazon CLI

To describe the running instances for an EC2 Fleet

The following describe-fleet-instances example describes the running instances for the specified EC2 Fleet.

aws ec2 describe-fleet-instances \ --fleet-id 12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE

Output:

{ "ActiveInstances": [ { "InstanceId": "i-090db02406cc3c2d6", "InstanceType": "t2.small", "SpotInstanceRequestId": "sir-a43gtpfk", "InstanceHealth": "healthy" }, { "InstanceId": "i-083a1c446e66085d2", "InstanceType": "t2.small", "SpotInstanceRequestId": "sir-iwcit2nj", "InstanceHealth": "healthy" } ], "FleetId": "fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE" }

For more information, see Managing an EC2 Fleet in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

The following code example shows how to use describe-fleets.

Amazon CLI

To describe an EC2 Fleet

The following describe-fleets example describes the specified EC2 Fleet.

aws ec2 describe-fleets \ --fleet-ids fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE

Output:

{ "Fleets": [ { "ActivityStatus": "pending_fulfillment", "CreateTime": "2020-09-01T18:26:05.000Z", "FleetId": "fleet-12a34b55-67cd-8ef9-ba9b-9208dEXAMPLE", "FleetState": "active", "ExcessCapacityTerminationPolicy": "termination", "FulfilledCapacity": 0.0, "FulfilledOnDemandCapacity": 0.0, "LaunchTemplateConfigs": [ { "LaunchTemplateSpecification": { "LaunchTemplateId": "lt-0e632f2855a979cd5", "Version": "1" } } ], "TargetCapacitySpecification": { "TotalTargetCapacity": 2, "OnDemandTargetCapacity": 0, "SpotTargetCapacity": 2, "DefaultTargetCapacityType": "spot" }, "TerminateInstancesWithExpiration": false, "Type": "maintain", "ReplaceUnhealthyInstances": false, "SpotOptions": { "AllocationStrategy": "lowestPrice", "InstanceInterruptionBehavior": "terminate", "InstancePoolsToUseCount": 1 }, "OnDemandOptions": { "AllocationStrategy": "lowestPrice" } } ] }

For more information, see Managing an EC2 Fleet in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

  • For API details, see DescribeFleets in Amazon CLI Command Reference.

The following code example shows how to use describe-flow-logs.

Amazon CLI

Example 1: To describe all of your flow logs

The following describe-flow-logs example displays details for all of your flow logs.

aws ec2 describe-flow-logs

Output:

{ "FlowLogs": [ { "CreationTime": "2018-02-21T13:22:12.644Z", "DeliverLogsPermissionArn": "arn:aws:iam::123456789012:role/flow-logs-role", "DeliverLogsStatus": "SUCCESS", "FlowLogId": "fl-aabbccdd112233445", "MaxAggregationInterval": 600, "FlowLogStatus": "ACTIVE", "LogGroupName": "FlowLogGroup", "ResourceId": "subnet-12345678901234567", "TrafficType": "ALL", "LogDestinationType": "cloud-watch-logs", "LogFormat": "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}" }, { "CreationTime": "2020-02-04T15:22:29.986Z", "DeliverLogsStatus": "SUCCESS", "FlowLogId": "fl-01234567890123456", "MaxAggregationInterval": 60, "FlowLogStatus": "ACTIVE", "ResourceId": "vpc-00112233445566778", "TrafficType": "ACCEPT", "LogDestinationType": "s3", "LogDestination": "arn:aws:s3:::my-flow-log-bucket/custom", "LogFormat": "${version} ${vpc-id} ${subnet-id} ${instance-id} ${interface-id} ${account-id} ${type} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${pkt-srcaddr} ${pkt-dstaddr} ${protocol} ${bytes} ${packets} ${start} ${end} ${action} ${tcp-flags} ${log-status}" } ] }

Example 2: To describe a subset of your flow logs

The following describe-flow-logs example uses a filter to display details for only those flow logs that are in the specified log group in Amazon CloudWatch Logs.

aws ec2 describe-flow-logs \ --filter "Name=log-group-name,Values=MyFlowLogs"

The following code example shows how to use describe-fpga-image-attribute.

Amazon CLI

To describe the attributes of an Amazon FPGA image

This example describes the load permissions for the specified AFI.

Command:

aws ec2 describe-fpga-image-attribute --fpga-image-id afi-0d123e123bfc85abc --attribute loadPermission

Output:

{ "FpgaImageAttribute": { "FpgaImageId": "afi-0d123e123bfc85abc", "LoadPermissions": [ { "UserId": "123456789012" } ] } }

The following code example shows how to use describe-fpga-images.

Amazon CLI

To describe Amazon FPGA images

This example describes AFIs that are owned by account 123456789012.

Command:

aws ec2 describe-fpga-images --filters Name=owner-id,Values=123456789012

Output:

{ "FpgaImages": [ { "UpdateTime": "2017-12-22T12:09:14.000Z", "Name": "my-afi", "PciId": { "SubsystemVendorId": "0xfedd", "VendorId": "0x1d0f", "DeviceId": "0xf000", "SubsystemId": "0x1d51" }, "FpgaImageGlobalId": "agfi-123cb27b5e84a0abc", "Public": false, "State": { "Code": "available" }, "ShellVersion": "0x071417d3", "OwnerId": "123456789012", "FpgaImageId": "afi-0d123e123bfc85abc", "CreateTime": "2017-12-22T11:43:33.000Z", "Description": "my-afi" } ] }

The following code example shows how to use describe-host-reservation-offerings.

Amazon CLI

To describe Dedicated Host Reservation offerings

This example describes the Dedicated Host Reservations for the M4 instance family that are available to purchase.

Command:

aws ec2 describe-host-reservation-offerings --filter Name=instance-family,Values=m4

Output:

{ "OfferingSet": [ { "HourlyPrice": "1.499", "OfferingId": "hro-03f707bf363b6b324", "InstanceFamily": "m4", "PaymentOption": "NoUpfront", "UpfrontPrice": "0.000", "Duration": 31536000 }, { "HourlyPrice": "1.045", "OfferingId": "hro-0ef9181cabdef7a02", "InstanceFamily": "m4", "PaymentOption": "NoUpfront", "UpfrontPrice": "0.000", "Duration": 94608000 }, { "HourlyPrice": "0.714", "OfferingId": "hro-04567a15500b92a51", "InstanceFamily": "m4", "PaymentOption": "PartialUpfront", "UpfrontPrice": "6254.000", "Duration": 31536000 }, { "HourlyPrice": "0.484", "OfferingId": "hro-0d5d7a9d23ed7fbfe", "InstanceFamily": "m4", "PaymentOption": "PartialUpfront", "UpfrontPrice": "12720.000", "Duration": 94608000 }, { "HourlyPrice": "0.000", "OfferingId": "hro-05da4108ca998c2e5", "InstanceFamily": "m4", "PaymentOption": "AllUpfront", "UpfrontPrice": "23913.000", "Duration": 94608000 }, { "HourlyPrice": "0.000", "OfferingId": "hro-0a9f9be3b95a3dc8f", "InstanceFamily": "m4", "PaymentOption": "AllUpfront", "UpfrontPrice": "12257.000", "Duration": 31536000 } ] }

The following code example shows how to use describe-host-reservations.

Amazon CLI

To describe Dedicated Host Reservations in your account

This example describes the Dedicated Host Reservations in your account.

Command:

aws ec2 describe-host-reservations

Output:

{ "HostReservationSet": [ { "Count": 1, "End": "2019-01-10T12:14:09Z", "HourlyPrice": "1.499", "InstanceFamily": "m4", "OfferingId": "hro-03f707bf363b6b324", "PaymentOption": "NoUpfront", "State": "active", "HostIdSet": [ "h-013abcd2a00cbd123" ], "Start": "2018-01-10T12:14:09Z", "HostReservationId": "hr-0d418a3a4ffc669ae", "UpfrontPrice": "0.000", "Duration": 31536000 } ] }

The following code example shows how to use describe-hosts.

Amazon CLI

To view details about Dedicated Hosts

The following describe-hosts example displays details for the available Dedicated Hosts in your Amazon account.

aws ec2 describe-hosts --filter "Name=state,Values=available"

Output:

{ "Hosts": [ { "HostId": "h-07879acf49EXAMPLE", "Tags": [ { "Value": "production", "Key": "purpose" } ], "HostProperties": { "Cores": 48, "TotalVCpus": 96, "InstanceType": "m5.large", "Sockets": 2 }, "Instances": [], "State": "available", "AvailabilityZone": "eu-west-1a", "AvailableCapacity": { "AvailableInstanceCapacity": [ { "AvailableCapacity": 48, "InstanceType": "m5.large", "TotalCapacity": 48 } ], "AvailableVCpus": 96 }, "HostRecovery": "on", "AllocationTime": "2019-08-19T08:57:44.000Z", "AutoPlacement": "off" } ] }

For more information, see Viewing Dedicated Hosts in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

  • For API details, see DescribeHosts in Amazon CLI Command Reference.

The following code example shows how to use describe-iam-instance-profile-associations.

Amazon CLI

To describe IAM instance profile associations

This example describes all of your IAM instance profile associations.

Command:

aws ec2 describe-iam-instance-profile-associations

Output:

{ "IamInstanceProfileAssociations": [ { "InstanceId": "i-09eb09efa73ec1dee", "State": "associated", "AssociationId": "iip-assoc-0db249b1f25fa24b8", "IamInstanceProfile": { "Id": "AIPAJVQN4F5WVLGCJDRGM", "Arn": "arn:aws:iam::123456789012:instance-profile/admin-role" } }, { "InstanceId": "i-0402909a2f4dffd14", "State": "associating", "AssociationId": "iip-assoc-0d1ec06278d29f44a", "IamInstanceProfile": { "Id": "AGJAJVQN4F5WVLGCJABCM", "Arn": "arn:aws:iam::123456789012:instance-profile/user1-role" } } ] }

The following code example shows how to use describe-id-format.

Amazon CLI

Example 1: To describe the ID format of a resource

The following describe-id-format example describes the ID format for security groups.

aws ec2 describe-id-format \ --resource security-group

In the following example output, the Deadline value indicates that the deadline for this resource type to permanently switch from the short ID format to the long ID format expired at 00:00 UTC on August 15, 2018.

{ "Statuses": [ { "Deadline": "2018-08-15T00:00:00.000Z", "Resource": "security-group", "UseLongIds": true } ] }

Example 2: To describe the ID format for all resources

The following describe-id-format example describes the ID format for all resource types. All resource types that supported the short ID format were switched to use the long ID format.

aws ec2 describe-id-format

The following code example shows how to use describe-identity-id-format.

Amazon CLI

To describe the ID format for an IAM role

The following describe-identity-id-format example describes the ID format received by instances created by the IAM role EC2Role in your Amazon account.

aws ec2 describe-identity-id-format \ --principal-arn arn:aws:iam::123456789012:role/my-iam-role \ --resource instance

The following output indicates that instances created by this role receive IDs in long ID format.

{ "Statuses": [ { "Deadline": "2016-12-15T00:00:00Z", "Resource": "instance", "UseLongIds": true } ] }

To describe the ID format for an IAM user

The following describe-identity-id-format example describes the ID format received by snapshots created by the IAM user AdminUser in your Amazon account.

aws ec2 describe-identity-id-format \ --principal-arn arn:aws:iam::123456789012:user/AdminUser \ --resource snapshot

The output indicates that snapshots created by this user receive IDs in long ID format.

{ "Statuses": [ { "Deadline": "2016-12-15T00:00:00Z", "Resource": "snapshot", "UseLongIds": true } ] }

The following code example shows how to use describe-image-attribute.

Amazon CLI

To describe the launch permissions for an AMI

This example describes the launch permissions for the specified AMI.

Command:

aws ec2 describe-image-attribute --image-id ami-5731123e --attribute launchPermission

Output:

{ "LaunchPermissions": [ { "UserId": "123456789012" } ], "ImageId": "ami-5731123e", }

To describe the product codes for an AMI

This example describes the product codes for the specified AMI. Note that this AMI has no product codes.

Command:

aws ec2 describe-image-attribute --image-id ami-5731123e --attribute productCodes

Output:

{ "ProductCodes": [], "ImageId": "ami-5731123e", }

The following code example shows how to use describe-images.

Amazon CLI

Example 1: To describe an AMI

The following describe-images example describes the specified AMI in the specified Region.

aws ec2 describe-images \ --region us-east-1 \ --image-ids ami-1234567890EXAMPLE

Output:

{ "Images": [ { "VirtualizationType": "hvm", "Description": "Provided by Red Hat, Inc.", "PlatformDetails": "Red Hat Enterprise Linux", "EnaSupport": true, "Hypervisor": "xen", "State": "available", "SriovNetSupport": "simple", "ImageId": "ami-1234567890EXAMPLE", "UsageOperation": "RunInstances:0010", "BlockDeviceMappings": [ { "DeviceName": "/dev/sda1", "Ebs": { "SnapshotId": "snap-111222333444aaabb", "DeleteOnTermination": true, "VolumeType": "gp2", "VolumeSize": 10, "Encrypted": false } } ], "Architecture": "x86_64", "ImageLocation": "123456789012/RHEL-8.0.0_HVM-20190618-x86_64-1-Hourly2-GP2", "RootDeviceType": "ebs", "OwnerId": "123456789012", "RootDeviceName": "/dev/sda1", "CreationDate": "2019-05-10T13:17:12.000Z", "Public": true, "ImageType": "machine", "Name": "RHEL-8.0.0_HVM-20190618-x86_64-1-Hourly2-GP2" } ] }

For more information, see Amazon Machine Images (AMI) in the Amazon EC2 User Guide.

Example 2: To describe AMIs based on filters

The following describe-images example describes Windows AMIs provided by Amazon that are backed by Amazon EBS.

aws ec2 describe-images \ --owners amazon \ --filters "Name=platform,Values=windows" "Name=root-device-type,Values=ebs"

For an example of the output for describe-images, see Example 1.

For additional examples using filters, see Listing and filtering your resources in the Amazon EC2 User Guide.

Example 3: To describe AMIs based on tags

The following describe-images example describes all AMIs that have the tag Type=Custom. The example uses the --query parameter to display only the AMI IDs.

aws ec2 describe-images \ --filters "Name=tag:Type,Values=Custom" \ --query 'Images[*].[ImageId]' \ --output text

Output:

ami-1234567890EXAMPLE ami-0abcdef1234567890

For additional examples using tag filters, see Working with tags in the Amazon EC2 User Guide.

  • For API details, see DescribeImages in Amazon CLI Command Reference.

The following code example shows how to use describe-import-image-tasks.

Amazon CLI

To monitor an import image task

The following describe-import-image-tasks example checks the status of the specified import image task.

aws ec2 describe-import-image-tasks \ --import-task-ids import-ami-1234567890abcdef0

Output for an import image task that is in progress.

{ "ImportImageTasks": [ { "ImportTaskId": "import-ami-1234567890abcdef0", "Progress": "28", "SnapshotDetails": [ { "DiskImageSize": 705638400.0, "Format": "ova", "Status": "completed", "UserBucket": { "S3Bucket": "my-import-bucket", "S3Key": "vms/my-server-vm.ova" } } ], "Status": "active", "StatusMessage": "converting" } ] }

Output for an import image task that is completed. The ID of the resulting AMI is provided by ImageId.

{ "ImportImageTasks": [ { "ImportTaskId": "import-ami-1234567890abcdef0", "ImageId": "ami-1234567890abcdef0", "SnapshotDetails": [ { "DiskImageSize": 705638400.0, "Format": "ova", "SnapshotId": "snap-1234567890abcdef0" "Status": "completed", "UserBucket": { "S3Bucket": "my-import-bucket", "S3Key": "vms/my-server-vm.ova" } } ], "Status": "completed" } ] }

The following code example shows how to use describe-import-snapshot-tasks.

Amazon CLI

To monitor an import snapshot task

The following describe-import-snapshot-tasks example checks the status of the specified import snapshot task.

aws ec2 describe-import-snapshot-tasks \ --import-task-ids import-snap-1234567890abcdef0

Output for an import snapshot task that is in progress:

{ "ImportSnapshotTasks": [ { "Description": "My server VMDK", "ImportTaskId": "import-snap-1234567890abcdef0", "SnapshotTaskDetail": { "Description": "My server VMDK", "DiskImageSize": "705638400.0", "Format": "VMDK", "Progress": "42", "Status": "active", "StatusMessage": "downloading/converting", "UserBucket": { "S3Bucket": "my-import-bucket", "S3Key": "vms/my-server-vm.vmdk" } } } ] }

Output for an import snapshot task that is completed. The ID of the resulting snapshot is provided by SnapshotId.

{ "ImportSnapshotTasks": [ { "Description": "My server VMDK", "ImportTaskId": "import-snap-1234567890abcdef0", "SnapshotTaskDetail": { "Description": "My server VMDK", "DiskImageSize": "705638400.0", "Format": "VMDK", "SnapshotId": "snap-1234567890abcdef0" "Status": "completed", "UserBucket": { "S3Bucket": "my-import-bucket", "S3Key": "vms/my-server-vm.vmdk" } } } ] }

The following code example shows how to use describe-instance-attribute.

Amazon CLI

To describe the instance type

This example describes the instance type of the specified instance.

Command:

aws ec2 describe-instance-attribute --instance-id i-1234567890abcdef0 --attribute instanceType

Output:

{ "InstanceId": "i-1234567890abcdef0" "InstanceType": { "Value": "t1.micro" } }

To describe the disableApiTermination attribute

This example describes the disableApiTermination attribute of the specified instance.

Command:

aws ec2 describe-instance-attribute --instance-id i-1234567890abcdef0 --attribute disableApiTermination

Output:

{ "InstanceId": "i-1234567890abcdef0" "DisableApiTermination": { "Value": "false" } }

To describe the block device mapping for an instance

This example describes the blockDeviceMapping attribute of the specified instance.

Command:

aws ec2 describe-instance-attribute --instance-id i-1234567890abcdef0 --attribute blockDeviceMapping

Output:

{ "InstanceId": "i-1234567890abcdef0" "BlockDeviceMappings": [ { "DeviceName": "/dev/sda1", "Ebs": { "Status": "attached", "DeleteOnTermination": true, "VolumeId": "vol-049df61146c4d7901", "AttachTime": "2013-05-17T22:42:34.000Z" } }, { "DeviceName": "/dev/sdf", "Ebs": { "Status": "attached", "DeleteOnTermination": false, "VolumeId": "vol-049df61146c4d7901", "AttachTime": "2013-09-10T23:07:00.000Z" } } ], }

The following code example shows how to use describe-instance-connect-endpoints.

Amazon CLI

To describe an EC2 Instance Connect Endpoint

The following describe-instance-connect-endpoints example describes the specified EC2 Instance Connect Endpoint.

aws ec2 describe-instance-connect-endpoints \ --region us-east-1 \ --instance-connect-endpoint-ids eice-0123456789example

Output:

{ "InstanceConnectEndpoints": [ { "OwnerId": "111111111111", "InstanceConnectEndpointId": "eice-0123456789example", "InstanceConnectEndpointArn": "arn:aws:ec2:us-east-1:111111111111:instance-connect-endpoint/eice-0123456789example", "State": "create-complete", "StateMessage": "", "DnsName": "eice-0123456789example.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com", "NetworkInterfaceIds": [ "eni-0123456789example" ], "VpcId": "vpc-0123abcd", "AvailabilityZone": "us-east-1d", "CreatedAt": "2023-02-07T12:05:37+00:00", "SubnetId": "subnet-0123abcd", "Tags": [] } ] }

For more information, see Create an EC2 Instance Connect Endpoint in the Amazon EC2 User Guide.

The following code example shows how to use describe-instance-credit-specifications.

Amazon CLI

To describe the credit option for CPU usage of one or more instances

The following describe-instance-credit-specifications example describes the CPU credit option for the specified instance.

aws ec2 describe-instance-credit-specifications \ --instance-ids i-1234567890abcdef0

Output:

{ "InstanceCreditSpecifications": [ { "InstanceId": "i-1234567890abcdef0", "CpuCredits": "unlimited" } ] }

For more information, see Work with burstable performance instances in the Amazon EC2 User Guide.

The following code example shows how to use describe-instance-event-notification-attributes.

Amazon CLI

To describe the tags for scheduled event notifications

The following describe-instance-event-notification-attributes example describes the tags to appear in scheduled event notifications.

aws ec2 describe-instance-event-notification-attributes

Output:

{ "InstanceTagAttribute": { "InstanceTagKeys": [], "IncludeAllTagsOfInstance": true } }

For more information, see Scheduled events for your instances in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

The following code example shows how to use describe-instance-event-windows.

Amazon CLI

Example 1: To describe all event windows

The following describe-instance-event-windows example describes all event windows in the specified Region.

aws ec2 describe-instance-event-windows \ --region us-east-1

Output:

{ "InstanceEventWindows": [ { "InstanceEventWindowId": "iew-0abcdef1234567890", "Name": "myEventWindowName", "CronExpression": "* 21-23 * * 2,3", "AssociationTarget": { "InstanceIds": [ "i-1234567890abcdef0", "i-0598c7d356eba48d7" ], "Tags": [], "DedicatedHostIds": [] }, "State": "active", "Tags": [] } ... ], "NextToken": "9d624e0c-388b-4862-a31e-a85c64fc1d4a" }

Example 2: To describe a specific event window

The following describe-instance-event-windows example describes a specific event by using the instance-event-window parameter to describe a specific event window.

aws ec2 describe-instance-event-windows \ --region us-east-1 \ --instance-event-window-ids iew-0abcdef1234567890

Output:

{ "InstanceEventWindows": [ { "InstanceEventWindowId": "iew-0abcdef1234567890", "Name": "myEventWindowName", "CronExpression": "* 21-23 * * 2,3", "AssociationTarget": { "InstanceIds": [ "i-1234567890abcdef0", "i-0598c7d356eba48d7" ], "Tags": [], "DedicatedHostIds": [] }, "State": "active", "Tags": [] } }

Example 3: To describe event windows that match one or more filters

The following describe-instance-event-windows example describes event windows that match one or more filters using the filter parameter. The instance-id filter is used to describe all of the event windows that are associated with the specified instance. When a filter is used, it performs a direct match. However, the instance-id filter is different. If there is no direct match to the instance ID, then it falls back to indirect associations with the event window, such as the tags of the instance or Dedicated Host ID (if the instance is a Dedicated Host).

aws ec2 describe-instance-event-windows \ --region us-east-1 \ --filters Name=instance-id,Values=i-1234567890abcdef0 \ --max-results 100 \ --next-token <next-token-value>

Output:

{ "InstanceEventWindows": [ { "InstanceEventWindowId": "iew-0dbc0adb66f235982", "TimeRanges": [ { "StartWeekDay": "sunday", "StartHour": 2, "EndWeekDay": "sunday", "EndHour": 8 } ], "Name": "myEventWindowName", "AssociationTarget": { "InstanceIds": [], "Tags": [], "DedicatedHostIds": [ "h-0140d9a7ecbd102dd" ] }, "State": "active", "Tags": [] } ] }

In the example output, the instance is on a Dedicated Host, which is associated with the event window.

For event window constraints, see Considerations in the Amazon EC2 User Guide.

The following code example shows how to use describe-instance-status.

Amazon CLI

To describe the status of an instance

The following describe-instance-status example describes the current status of the specified instance.

aws ec2 describe-instance-status \ --instance-ids i-1234567890abcdef0

Output:

{ "InstanceStatuses": [ { "InstanceId": "i-1234567890abcdef0", "InstanceState": { "Code": 16, "Name": "running" }, "AvailabilityZone": "us-east-1d", "SystemStatus": { "Status": "ok", "Details": [ { "Status": "passed", "Name": "reachability" } ] }, "InstanceStatus": { "Status": "ok", "Details": [ { "Status": "passed", "Name": "reachability" } ] } } ] }

For more information, see Monitor the status of your instances in the Amazon EC2 User Guide.

The following code example shows how to use describe-instance-topology.

Amazon CLI

To describe the instance topology of all your instances

The following describe-instance-topology example describes the topology of all your instances that match the supported instance types for this command.

aws ec2 describe-instance-topology \ --region us-west-2

Output:

{ "Instances": [ { "InstanceId": "i-1111111111example", "InstanceType": "p4d.24xlarge", "GroupName": "my-ml-cpg", "NetworkNodes": [ "nn-1111111111example", "nn-2222222222example", "nn-3333333333example" ], "ZoneId": "usw2-az2", "AvailabilityZone": "us-west-2a" }, { "InstanceId": "i-2222222222example", "InstanceType": "p4d.24xlarge", "NetworkNodes": [ "nn-1111111111example", "nn-2222222222example", "nn-3333333333example" ], "ZoneId": "usw2-az2", "AvailabilityZone": "us-west-2a" }, { "InstanceId": "i-3333333333example", "InstanceType": "trn1.32xlarge", "NetworkNodes": [ "nn-1212121212example", "nn-1211122211example", "nn-1311133311example" ], "ZoneId": "usw2-az4", "AvailabilityZone": "us-west-2d" }, { "InstanceId": "i-444444444example", "InstanceType": "trn1.2xlarge", "NetworkNodes": [ "nn-1111111111example", "nn-5434334334example", "nn-1235301234example" ], "ZoneId": "usw2-az2", "AvailabilityZone": "us-west-2a" } ], "NextToken": "SomeEncryptedToken" }

For more information, including more examples, see Amazon EC2 instance topology in the Amazon EC2 User Guide.

The following code example shows how to use describe-instance-type-offerings.

Amazon CLI

Example 1: To list the instance types offered in a Region

The following describe-instance-type-offerings example lists the instance types offered in the Region configured as the default Region for the Amazon CLI.

aws ec2 describe-instance-type-offerings

To list the instance types offered in a different Region, specify the Region using the --region parameter.

aws ec2 describe-instance-type-offerings \ --region us-east-2

Output:

{ "InstanceTypeOfferings": [ { "InstanceType": "m5.2xlarge", "LocationType": "region", "Location": "us-east-2" }, { "InstanceType": "t3.micro", "LocationType": "region", "Location": "us-east-2" }, ... ] }

Example 2: To list the instance types offered in an Availability Zone

The following describe-instance-type-offerings example lists the instance types offered in the specified Availability Zone. The Availability Zone must be in the specified Region.

aws ec2 describe-instance-type-offerings \ --location-type availability-zone \ --filters Name=location,Values=us-east-2a \ --region us-east-2

Example 3: To check whether an instance type is supported

The following describe-instance-type-offerings command indicates whether the c5.xlarge instance type is supported in the specified Region.

aws ec2 describe-instance-type-offerings \ --filters Name=instance-type,Values=c5.xlarge \ --region us-east-2

The following describe-instance-type-offerings example lists all C5 instance types that are supported in the specified Region.

aws ec2 describe-instance-type-offerings \ --filters Name=instance-type,Values=c5* \ --query "InstanceTypeOfferings[].InstanceType" \ --region us-east-2

Output:

[ "c5d.12xlarge", "c5d.9xlarge", "c5n.xlarge", "c5.xlarge", "c5d.metal", "c5n.metal", "c5.large", "c5d.2xlarge", "c5n.4xlarge", "c5.2xlarge", "c5n.large", "c5n.9xlarge", "c5d.large", "c5.18xlarge", "c5d.18xlarge", "c5.12xlarge", "c5n.18xlarge", "c5.metal", "c5d.4xlarge", "c5.24xlarge", "c5d.xlarge", "c5n.2xlarge", "c5d.24xlarge", "c5.9xlarge", "c5.4xlarge" ]

The following code example shows how to use describe-instance-types.

Amazon CLI

Example 1: To describe an instance type

The following describe-instance-types example displays details for the specified instance type.

aws ec2 describe-instance-types \ --instance-types t2.micro

Output:

{ "InstanceTypes": [ { "InstanceType": "t2.micro", "CurrentGeneration": true, "FreeTierEligible": true, "SupportedUsageClasses": [ "on-demand", "spot" ], "SupportedRootDeviceTypes": [ "ebs" ], "BareMetal": false, "Hypervisor": "xen", "ProcessorInfo": { "SupportedArchitectures": [ "i386", "x86_64" ], "SustainedClockSpeedInGhz": 2.5 }, "VCpuInfo": { "DefaultVCpus": 1, "DefaultCores": 1, "DefaultThreadsPerCore": 1, "ValidCores": [ 1 ], "ValidThreadsPerCore": [ 1 ] }, "MemoryInfo": { "SizeInMiB": 1024 }, "InstanceStorageSupported": false, "EbsInfo": { "EbsOptimizedSupport": "unsupported", "EncryptionSupport": "supported" }, "NetworkInfo": { "NetworkPerformance": "Low to Moderate", "MaximumNetworkInterfaces": 2, "Ipv4AddressesPerInterface": 2, "Ipv6AddressesPerInterface": 2, "Ipv6Supported": true, "EnaSupport": "unsupported" }, "PlacementGroupInfo": { "SupportedStrategies": [ "partition", "spread" ] }, "HibernationSupported": false, "BurstablePerformanceSupported": true, "DedicatedHostsSupported": false, "AutoRecoverySupported": true } ] }

For more information, see Instance Types in Amazon Elastic Compute Cloud User Guide for Linux Instances.

Example 2: To filter the available instance types

You can specify a filter to scope the results to instance types that have a specific characteristic. The following describe-instance-types example lists the instance types that support hibernation.

aws ec2 describe-instance-types \ --filters Name=hibernation-supported,Values=true --query 'InstanceTypes[*].InstanceType'

Output:

[ "m5.8xlarge", "r3.large", "c3.8xlarge", "r5.large", "m4.4xlarge", "c4.large", "m5.xlarge", "m4.xlarge", "c3.large", "c4.8xlarge", "c4.4xlarge", "c5.xlarge", "c5.12xlarge", "r5.4xlarge", "c5.4xlarge" ]

For more information, see Instance Types in Amazon Elastic Compute Cloud User Guide for Linux Instances.

The following code example shows how to use describe-instances.

Amazon CLI

Example 1: To describe an instance

The following describe-instances example describes the specified instance.

aws ec2 describe-instances \ --instance-ids i-1234567890abcdef0

Output:

{ "Reservations": [ { "Groups": [], "Instances": [ { "AmiLaunchIndex": 0, "ImageId": "ami-0abcdef1234567890", "InstanceId": "i-1234567890abcdef0", "InstanceType": "t3.nano", "KeyName": "my-key-pair", "LaunchTime": "2022-11-15T10:48:59+00:00", "Monitoring": { "State": "disabled" }, "Placement": { "AvailabilityZone": "us-east-2a", "GroupName": "", "Tenancy": "default" }, "PrivateDnsName": "ip-10-0-0-157.us-east-2.compute.internal", "PrivateIpAddress": "10-0-0-157", "ProductCodes": [], "PublicDnsName": "ec2-34-253-223-13.us-east-2.compute.amazonaws.com", "PublicIpAddress": "34.253.223.13", "State": { "Code": 16, "Name": "running" }, "StateTransitionReason": "", "SubnetId": "subnet-04a636d18e83cfacb", "VpcId": "vpc-1234567890abcdef0", "Architecture": "x86_64", "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "AttachTime": "2022-11-15T10:49:00+00:00", "DeleteOnTermination": true, "Status": "attached", "VolumeId": "vol-02e6ccdca7de29cf2" } } ], "ClientToken": "1234abcd-1234-abcd-1234-d46a8903e9bc", "EbsOptimized": true, "EnaSupport": true, "Hypervisor": "xen", "IamInstanceProfile": { "Arn": "arn:aws:iam::111111111111:instance-profile/AmazonSSMRoleForInstancesQuickSetup", "Id": "111111111111111111111" }, "NetworkInterfaces": [ { "Association": { "IpOwnerId": "amazon", "PublicDnsName": "ec2-34-253-223-13.us-east-2.compute.amazonaws.com", "PublicIp": "34.253.223.13" }, "Attachment": { "AttachTime": "2022-11-15T10:48:59+00:00", "AttachmentId": "eni-attach-1234567890abcdefg", "DeleteOnTermination": true, "DeviceIndex": 0, "Status": "attached", "NetworkCardIndex": 0 }, "Description": "", "Groups": [ { "GroupName": "launch-wizard-146", "GroupId": "sg-1234567890abcdefg" } ], "Ipv6Addresses": [], "MacAddress": "00:11:22:33:44:55", "NetworkInterfaceId": "eni-1234567890abcdefg", "OwnerId": "104024344472", "PrivateDnsName": "ip-10-0-0-157.us-east-2.compute.internal", "PrivateIpAddress": "10-0-0-157", "PrivateIpAddresses": [ { "Association": { "IpOwnerId": "amazon", "PublicDnsName": "ec2-34-253-223-13.us-east-2.compute.amazonaws.com", "PublicIp": "34.253.223.13" }, "Primary": true, "PrivateDnsName": "ip-10-0-0-157.us-east-2.compute.internal", "PrivateIpAddress": "10-0-0-157" } ], "SourceDestCheck": true, "Status": "in-use", "SubnetId": "subnet-1234567890abcdefg", "VpcId": "vpc-1234567890abcdefg", "InterfaceType": "interface" } ], "RootDeviceName": "/dev/xvda", "RootDeviceType": "ebs", "SecurityGroups": [ { "GroupName": "launch-wizard-146", "GroupId": "sg-1234567890abcdefg" } ], "SourceDestCheck": true, "Tags": [ { "Key": "Name", "Value": "my-instance" } ], "VirtualizationType": "hvm", "CpuOptions": { "CoreCount": 1, "ThreadsPerCore": 2 }, "CapacityReservationSpecification": { "CapacityReservationPreference": "open" }, "HibernationOptions": { "Configured": false }, "MetadataOptions": { "State": "applied", "HttpTokens": "optional", "HttpPutResponseHopLimit": 1, "HttpEndpoint": "enabled", "HttpProtocolIpv6": "disabled", "InstanceMetadataTags": "enabled" }, "EnclaveOptions": { "Enabled": false }, "PlatformDetails": "Linux/UNIX", "UsageOperation": "RunInstances", "UsageOperationUpdateTime": "2022-11-15T10:48:59+00:00", "PrivateDnsNameOptions": { "HostnameType": "ip-name", "EnableResourceNameDnsARecord": true, "EnableResourceNameDnsAAAARecord": false }, "MaintenanceOptions": { "AutoRecovery": "default" } } ], "OwnerId": "111111111111", "ReservationId": "r-1234567890abcdefg" } ] }

Example 2: To filter for instances with the specified type

The following describe-instances example uses filters to scope the results to instances of the specified type.

aws ec2 describe-instances \ --filters Name=instance-type,Values=m5.large

For example output, see Example 1.

For more information, see List and filter using the CLI in the Amazon EC2 User Guide.

Example 3: To filter for instances with the specified type and Availability Zone

The following describe-instances example uses multiple filters to scope the results to instances with the specified type that are also in the specified Availability Zone.

aws ec2 describe-instances \ --filters Name=instance-type,Values=t2.micro,t3.micro Name=availability-zone,Values=us-east-2c

For example output, see Example 1.

Example 4: To filter for instances with the specified type and Availability Zone using a JSON file

The following describe-instances example uses a JSON input file to perform the same filtering as the previous example. When filters get more complicated, they can be easier to specify in a JSON file.

aws ec2 describe-instances \ --filters file://filters.json

Contents of filters.json:

[ { "Name": "instance-type", "Values": ["t2.micro", "t3.micro"] }, { "Name": "availability-zone", "Values": ["us-east-2c"] } ]

For example output, see Example 1.

Example 5: To filter for instances with the specified Owner tag

The following describe-instances example uses tag filters to scope the results to instances that have a tag with the specified tag key (Owner), regardless of the tag value.

aws ec2 describe-instances \ --filters "Name=tag-key,Values=Owner"

For example output, see Example 1.

Example 6: To filter for instances with the specified my-team tag value

The following describe-instances example uses tag filters to scope the results to instances that have a tag with the specified tag value (my-team), regardless of the tag key.

aws ec2 describe-instances \ --filters "Name=tag-value,Values=my-team"

For example output, see Example 1.

Example 7: To filter for instances with the specified Owner tag and my-team value

The following describe-instances example uses tag filters to scope the results to instances that have the specified tag (Owner=my-team).

aws ec2 describe-instances \ --filters "Name=tag:Owner,Values=my-team"

For example output, see Example 1.

Example 8: To display only instance and subnet IDs for all instances

The following describe-instances examples use the --query parameter to display only the instance and subnet IDs for all instances, in JSON format.

Linux and macOS:

aws ec2 describe-instances \ --query 'Reservations[*].Instances[*].{Instance:InstanceId,Subnet:SubnetId}' \ --output json

Windows:

aws ec2 describe-instances ^ --query "Reservations[*].Instances[*].{Instance:InstanceId,Subnet:SubnetId}" ^ --output json

Output:

[ { "Instance": "i-057750d42936e468a", "Subnet": "subnet-069beee9b12030077" }, { "Instance": "i-001efd250faaa6ffa", "Subnet": "subnet-0b715c6b7db68927a" }, { "Instance": "i-027552a73f021f3bd", "Subnet": "subnet-0250c25a1f4e15235" } ... ]

Example 9: To filter instances of the specified type and only display their instance IDs

The following describe-instances example uses filters to scope the results to instances of the specified type and the --query parameter to display only the instance IDs.

aws ec2 describe-instances \ --filters "Name=instance-type,Values=t2.micro" \ --query "Reservations[*].Instances[*].[InstanceId]" \ --output text

Output:

i-031c0dc19de2fb70c i-00d8bff789a736b75 i-0b715c6b7db68927a i-0626d4edd54f1286d i-00b8ae04f9f99908e i-0fc71c25d2374130c

Example 10: To filter instances of the specified type and only display their instance IDs, Availability Zone, and the specified tag value

The following describe-instances examples display the instance ID, Availability Zone, and the value of the Name tag for instances that have a tag with the name tag-key, in table format.

Linux and macOS:

aws ec2 describe-instances \ --filters Name=tag-key,Values=Name \ --query 'Reservations[*].Instances[*].{Instance:InstanceId,AZ:Placement.AvailabilityZone,Name:Tags[?Key==`Name`]|[0].Value}' \ --output table

Windows:

aws ec2 describe-instances ^ --filters Name=tag-key,Values=Name ^ --query "Reservations[*].Instances[*].{Instance:InstanceId,AZ:Placement.AvailabilityZone,Name:Tags[?Key=='Name']|[0].Value}" ^ --output table

Output:

------------------------------------------------------------- | DescribeInstances | +--------------+-----------------------+--------------------+ | AZ | Instance | Name | +--------------+-----------------------+--------------------+ | us-east-2b | i-057750d42936e468a | my-prod-server | | us-east-2a | i-001efd250faaa6ffa | test-server-1 | | us-east-2a | i-027552a73f021f3bd | test-server-2 | +--------------+-----------------------+--------------------+

Example 11: To describe instances in a partition placement group

The following describe-instances example describes the specified instance. The output includes the placement information for the instance, which contains the placement group name and the partition number for the instance.

aws ec2 describe-instances \ --instance-ids i-0123a456700123456 \ --query "Reservations[*].Instances[*].Placement"

Output:

[ [ { "AvailabilityZone": "us-east-1c", "GroupName": "HDFS-Group-A", "PartitionNumber": 3, "Tenancy": "default" } ] ]

For more information, see Describing instances in a placement group in the Amazon EC2 User Guide.

Example 12: To filter to instances with the specified placement group and partition number

The following describe-instances example filters the results to only those instances with the specified placement group and partition number.

aws ec2 describe-instances \ --filters "Name=placement-group-name,Values=HDFS-Group-A" "Name=placement-partition-number,Values=7"

The following shows only the relevant information from the output.

"Instances": [ { "InstanceId": "i-0123a456700123456", "InstanceType": "r4.large", "Placement": { "AvailabilityZone": "us-east-1c", "GroupName": "HDFS-Group-A", "PartitionNumber": 7, "Tenancy": "default" } }, { "InstanceId": "i-9876a543210987654", "InstanceType": "r4.large", "Placement": { "AvailabilityZone": "us-east-1c", "GroupName": "HDFS-Group-A", "PartitionNumber": 7, "Tenancy": "default" } ],

For more information, see Describing instances in a placement group in the Amazon EC2 User Guide.

Example 13: To filter to instances that are configured to allow access to tags from instance metadata

The following describe-instances example filters the results to only those instances that are configured to allow access to instance tags from instance metadata.

aws ec2 describe-instances \ --filters "Name=metadata-options.instance-metadata-tags,Values=enabled" \ --query "Reservations[*].Instances[*].InstanceId" \ --output text

The following shows the expected output.

i-1234567890abcdefg i-abcdefg1234567890 i-11111111aaaaaaaaa i-aaaaaaaa111111111

For more information, see Work with instance tags in instance metadata in the Amazon EC2 User Guide.

The following code example shows how to use describe-internet-gateways.

Amazon CLI

To describe an internet gateway

The following describe-internet-gateways example describes the specified internet gateway.

aws ec2 describe-internet-gateways \ --internet-gateway-ids igw-0d0fb496b3EXAMPLE

Output:

{ "InternetGateways": [ { "Attachments": [ { "State": "available", "VpcId": "vpc-0a60eb65b4EXAMPLE" } ], "InternetGatewayId": "igw-0d0fb496b3EXAMPLE", "OwnerId": "123456789012", "Tags": [ { "Key": "Name", "Value": "my-igw" } ] } ] }

For more information, see Internet gateways in the Amazon VPC User Guide.

The following code example shows how to use describe-ipam-pools.

Amazon CLI

To view the details for an IPAM pool

The following describe-ipam-pools example shows the details for pools.

(Linux):

aws ec2 describe-ipam-pools \ --filters Name=owner-id,Values=123456789012 Name=ipam-scope-id,Values=ipam-scope-02fc38cd4c48e7d38

(Windows):

aws ec2 describe-ipam-pools ^ --filters Name=owner-id,Values=123456789012 Name=ipam-scope-id,Values=ipam-scope-02fc38cd4c48e7d38

Output:

{ "IpamPools": [ { "OwnerId": "123456789012", "IpamPoolId": "ipam-pool-02ec043a19bbe5d08", "IpamPoolArn": "arn:aws:ec2::123456789012:ipam-pool/ipam-pool-02ec043a19bbe5d08", "IpamScopeArn": "arn:aws:ec2::123456789012:ipam-scope/ipam-scope-02fc38cd4c48e7d38", "IpamScopeType": "private", "IpamArn": "arn:aws:ec2::123456789012:ipam/ipam-08440e7a3acde3908", "IpamRegion": "us-east-1", "Locale": "None", "PoolDepth": 1, "State": "create-complete", "AutoImport": true, "AddressFamily": "ipv4", "AllocationMinNetmaskLength": 16, "AllocationMaxNetmaskLength": 26, "AllocationDefaultNetmaskLength": 24, "AllocationResourceTags": [ { "Key": "Environment", "Value": "Preprod" } ], "Tags": [ { "Key": "Name", "Value": "Preprod pool" } ] } ] }

The following code example shows how to use describe-ipam-resource-discoveries.

Amazon CLI

Example 1: View complete details of resource discoveries

In this example, you're a delegated IPAM admin who wants to create and share a resource discovery with the IPAM admin in another Amazon Organization so that the admin can manage and monitor the IP addresses of resources in your organization.

This example may be useful if:

You tried to create a resource discovery, but you got an error that you've reached your limit of 1. You realize that you may have already created a resource discovery and you want to view it in your account.You have resources in a Region that are not being discovered by the IPAM. You want to view the --operating-regions defined for the resource and ensure that you've added the right Region as an operating Region so that the resources there can be discovered.

The following describe-ipam-resource-discoveries example lists the details of the resource discovery in your Amazon account. You can have one resource discovery per Amazon Region.

aws ec2 describe-ipam-resource-discoveries \ --region us-east-1

Output:

{ "IpamResourceDiscoveries": [ { "OwnerId": "149977607591", "IpamResourceDiscoveryId": "ipam-res-disco-0f8bdee9067137c0d", "IpamResourceDiscoveryArn": "arn:aws:ec2::149977607591:ipam-resource-discovery/ipam-res-disco-0f8bdee9067137c0d", "IpamResourceDiscoveryRegion": "us-east-1", "OperatingRegions": [ { "RegionName": "us-east-1" } ], "IsDefault": false, "State": "create-complete", "Tags": [] } ] }

For more information, see Integrate IPAM with accounts outside of your organization in the Amazon VPC IPAM User Guide.

Example 2: View only resource discovery IDs

The following describe-ipam-resource-discoveries example lists the ID of the resource discovery in your Amazon account. You can have one resource discovery per Amazon Region.

aws ec2 describe-ipam-resource-discoveries \ --query "IpamResourceDiscoveries[*].IpamResourceDiscoveryId" \ --output text

Output:

ipam-res-disco-0481e39b242860333

For more information, see Integrate IPAM with accounts outside of your organization in the Amazon VPC IPAM User Guide.

The following code example shows how to use describe-ipam-resource-discovery-associations.

Amazon CLI

To view all resource discovery associations with your IPAM

In this example, you're a IPAM delegated admin who has associated resource discoveries with your IPAM to integrate other accounts with your IPAM. You've noticed that your IPAM is not discovering the resources in the operating Regions of the resource discovery as expected. You want to check the status and state of the resource discovery to ensure that the account that created it is still active and the resource discovery is still being shared.

The --region must be the home Region of your IPAM.

The following describe-ipam-resource-discovery-associations example lists the resource discovery associations in your Amazon account.

aws ec2 describe-ipam-resource-discovery-associations \ --region us-east-1

Output:

{ "IpamResourceDiscoveryAssociations": [ { "OwnerId": "320805250157", "IpamResourceDiscoveryAssociationId": "ipam-res-disco-assoc-05e6b45eca5bf5cf7", "IpamResourceDiscoveryAssociationArn": "arn:aws:ec2::320805250157:ipam-resource-discovery-association/ipam-res-disco-assoc-05e6b45eca5bf5cf7", "IpamResourceDiscoveryId": "ipam-res-disco-0f4ef577a9f37a162", "IpamId": "ipam-005f921c17ebd5107", "IpamArn": "arn:aws:ec2::320805250157:ipam/ipam-005f921c17ebd5107", "IpamRegion": "us-east-1", "IsDefault": true, "ResourceDiscoveryStatus": "active", "State": "associate-complete", "Tags": [] }, { "OwnerId": "149977607591", "IpamResourceDiscoveryAssociationId": "ipam-res-disco-assoc-0dfd21ae189ab5f62", "IpamResourceDiscoveryAssociationArn": "arn:aws:ec2::149977607591:ipam-resource-discovery-association/ipam-res-disco-assoc-0dfd21ae189ab5f62", "IpamResourceDiscoveryId": "ipam-res-disco-0365d2977fc1672fe", "IpamId": "ipam-005f921c17ebd5107", "IpamArn": "arn:aws:ec2::149977607591:ipam/ipam-005f921c17ebd5107", "IpamRegion": "us-east-1", "IsDefault": false, "ResourceDiscoveryStatus": "active", "State": "create-complete", "Tags": [] } ] }

In this example, after running this command, you notice that you have one non-default resource discovery ("IsDefault": false ``) that is ``"ResourceDiscoveryStatus": "not-found" and "State": "create-complete". The resource discovery owner's account has been closed. If, in another case, you notice that is "ResourceDiscoveryStatus": "not-found" and "State": "associate-complete", this indicates that one of the following has happened:

The resource discovery was deleted by the resource discovery owner.The resource discovery owner unshared the resource discovery.

For more information, see Integrate IPAM with accounts outside of your organization in the Amazon VPC IPAM User Guide.

The following code example shows how to use describe-ipam-scopes.

Amazon CLI

To view the details for an IPAM scope

The following describe-ipam-scopes example shows the details for scopes.

aws ec2 describe-ipam-scopes \ --filters Name=owner-id,Values=123456789012 Name=ipam-id,Values=ipam-08440e7a3acde3908

Output:

{ "IpamScopes": [ { "OwnerId": "123456789012", "IpamScopeId": "ipam-scope-02fc38cd4c48e7d38", "IpamScopeArn": "arn:aws:ec2::123456789012:ipam-scope/ipam-scope-02fc38cd4c48e7d38", "IpamArn": "arn:aws:ec2::123456789012:ipam/ipam-08440e7a3acde3908", "IpamRegion": "us-east-1", "IpamScopeType": "private", "IsDefault": true, "PoolCount": 2, "State": "create-complete", "Tags": [] }, { "OwnerId": "123456789012", "IpamScopeId": "ipam-scope-0b9eed026396dbc16", "IpamScopeArn": "arn:aws:ec2::123456789012:ipam-scope/ipam-scope-0b9eed026396dbc16", "IpamArn": "arn:aws:ec2::123456789012:ipam/ipam-08440e7a3acde3908", "IpamRegion": "us-east-1", "IpamScopeType": "public", "IsDefault": true, "PoolCount": 0, "State": "create-complete", "Tags": [] }, { "OwnerId": "123456789012", "IpamScopeId": "ipam-scope-0f1aff29486355c22", "IpamScopeArn": "arn:aws:ec2::123456789012:ipam-scope/ipam-scope-0f1aff29486355c22", "IpamArn": "arn:aws:ec2::123456789012:ipam/ipam-08440e7a3acde3908", "IpamRegion": "us-east-1", "IpamScopeType": "private", "IsDefault": false, "Description": "Example description", "PoolCount": 0, "State": "create-complete", "Tags": [ { "Key": "Name", "Value": "Example name value" } ] } ] }

The following code example shows how to use describe-ipams.

Amazon CLI

To view the details for an IPAM

The following describe-ipams example shows the details of an IPAM.

aws ec2 describe-ipams \ --filters Name=owner-id,Values=123456789012

Output:

{ "Ipams": [ { "OwnerId": "123456789012", "IpamId": "ipam-08440e7a3acde3908", "IpamArn": "arn:aws:ec2::123456789012:ipam/ipam-08440e7a3acde3908", "IpamRegion": "us-east-1", "PublicDefaultScopeId": "ipam-scope-0b9eed026396dbc16", "PrivateDefaultScopeId": "ipam-scope-02fc38cd4c48e7d38", "ScopeCount": 3, "OperatingRegions": [ { "RegionName": "us-east-1" }, { "RegionName": "us-east-2" }, { "RegionName": "us-west-1" } ], "State": "create-complete", "Tags": [ { "Key": "Name", "Value": "ExampleIPAM" } ] } ] }
  • For API details, see DescribeIpams in Amazon CLI Command Reference.

The following code example shows how to use describe-ipv6-pools.

Amazon CLI

To describe your IPv6 address pools

The following describe-ipv6-pools example displays details for all of your IPv6 address pools.

aws ec2 describe-ipv6-pools

Output:

{ "Ipv6Pools": [ { "PoolId": "ipv6pool-ec2-012345abc12345abc", "PoolCidrBlocks": [ { "Cidr": "2001:db8:123::/48" } ], "Tags": [ { "Key": "pool-1", "Value": "public" } ] } ] }

The following code example shows how to use describe-key-pairs.

Amazon CLI

To display a key pair

The following describe-key-pairs example displays information about the specified key pair.

aws ec2 describe-key-pairs \ --key-names my-key-pair

Output:

{ "KeyPairs": [ { "KeyPairId": "key-0b94643da6EXAMPLE", "KeyFingerprint": "1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f", "KeyName": "my-key-pair", "KeyType": "rsa", "Tags": [], "CreateTime": "2022-05-27T21:51:16.000Z" } ] }

For more information, see Describe public keys in the Amazon EC2 User Guide.

The following code example shows how to use describe-launch-template-versions.

Amazon CLI

To describe launch template versions

This example describes the versions of the specified launch template.

Command:

aws ec2 describe-launch-template-versions --launch-template-id lt-068f72b72934aff71

Output:

{ "LaunchTemplateVersions": [ { "LaunchTemplateId": "lt-068f72b72934aff71", "LaunchTemplateName": "Webservers", "VersionNumber": 3, "CreatedBy": "arn:aws:iam::123456789102:root", "LaunchTemplateData": { "KeyName": "kp-us-east", "ImageId": "ami-6057e21a", "InstanceType": "t2.small", "NetworkInterfaces": [ { "SubnetId": "subnet-7b16de0c", "DeviceIndex": 0, "Groups": [ "sg-7c227019" ] } ] }, "DefaultVersion": false, "CreateTime": "2017-11-20T13:19:54.000Z" }, { "LaunchTemplateId": "lt-068f72b72934aff71", "LaunchTemplateName": "Webservers", "VersionNumber": 2, "CreatedBy": "arn:aws:iam::123456789102:root", "LaunchTemplateData": { "KeyName": "kp-us-east", "ImageId": "ami-6057e21a", "InstanceType": "t2.medium", "NetworkInterfaces": [ { "SubnetId": "subnet-1a2b3c4d", "DeviceIndex": 0, "Groups": [ "sg-7c227019" ] } ] }, "DefaultVersion": false, "CreateTime": "2017-11-20T13:12:32.000Z" }, { "LaunchTemplateId": "lt-068f72b72934aff71", "LaunchTemplateName": "Webservers", "VersionNumber": 1, "CreatedBy": "arn:aws:iam::123456789102:root", "LaunchTemplateData": { "UserData": "", "KeyName": "kp-us-east", "ImageId": "ami-aabbcc11", "InstanceType": "t2.medium", "NetworkInterfaces": [ { "SubnetId": "subnet-7b16de0c", "DeviceIndex": 0, "DeleteOnTermination": false, "Groups": [ "sg-7c227019" ], "AssociatePublicIpAddress": true } ] }, "DefaultVersion": true, "CreateTime": "2017-11-20T12:52:33.000Z" } ] }

The following code example shows how to use describe-launch-templates.

Amazon CLI

To describe launch templates

This example describes your launch templates.

Command:

aws ec2 describe-launch-templates

Output:

{ "LaunchTemplates": [ { "LatestVersionNumber": 2, "LaunchTemplateId": "lt-0e06d290751193123", "LaunchTemplateName": "TemplateForWebServer", "DefaultVersionNumber": 2, "CreatedBy": "arn:aws:iam::123456789012:root", "CreateTime": "2017-11-27T09:30:23.000Z" }, { "LatestVersionNumber": 6, "LaunchTemplateId": "lt-0c45b5e061ec98456", "LaunchTemplateName": "DBServersTemplate", "DefaultVersionNumber": 1, "CreatedBy": "arn:aws:iam::123456789012:root", "CreateTime": "2017-11-20T09:25:22.000Z" }, { "LatestVersionNumber": 1, "LaunchTemplateId": "lt-0d47d774e8e52dabc", "LaunchTemplateName": "MyLaunchTemplate2", "DefaultVersionNumber": 1, "CreatedBy": "arn:aws:iam::123456789012:root", "CreateTime": "2017-11-02T12:06:21.000Z" }, { "LatestVersionNumber": 3, "LaunchTemplateId": "lt-01e5f948eb4f589d6", "LaunchTemplateName": "testingtemplate2", "DefaultVersionNumber": 1, "CreatedBy": "arn:aws:sts::123456789012:assumed-role/AdminRole/i-03ee35176e2e5aabc", "CreateTime": "2017-12-01T08:19:48.000Z" }, ] }

The following code example shows how to use describe-local-gateway-route-table-virtual-interface-group-associations.

Amazon CLI

To describe associations between virtual interface groups and local gateway route tables

The following describe-local-gateway-route-table-virtual-interface-group-associations example describes the associations between virtual interface groups and local gateway route tables in your Amazon account.

aws ec2 describe-local-gateway-route-table-virtual-interface-group-associations

Output:

{ "LocalGatewayRouteTableVirtualInterfaceGroupAssociations": [ { "LocalGatewayRouteTableVirtualInterfaceGroupAssociationId": "lgw-vif-grp-assoc-07145b276bEXAMPLE", "LocalGatewayVirtualInterfaceGroupId": "lgw-vif-grp-07145b276bEXAMPLE", "LocalGatewayId": "lgw-0ab1c23d4eEXAMPLE", "LocalGatewayRouteTableId": "lgw-rtb-059615ef7dEXAMPLE", "LocalGatewayRouteTableArn": "arn:aws:ec2:us-west-2:123456789012:local-gateway-route-table/lgw-rtb-059615ef7dEXAMPLE", "OwnerId": "123456789012", "State": "associated", "Tags": [] } ] }

For more information, see Working with local gateways in the Amazon Outposts User Guide.

The following code example shows how to use describe-local-gateway-route-table-vpc-associations.

Amazon CLI

To describe the associations between VPCs and local gateway route tables

The following describe-local-gateway-route-table-vpc-associations example displays information about the specified association between VPCs and local gateway route tables.

aws ec2 describe-local-gateway-route-table-vpc-associations \ --local-gateway-route-table-vpc-association-ids lgw-vpc-assoc-0e0f27af15EXAMPLE

Output:

{ "LocalGatewayRouteTableVpcAssociation": { "LocalGatewayRouteTableVpcAssociationId": "lgw-vpc-assoc-0e0f27af1EXAMPLE", "LocalGatewayRouteTableId": "lgw-rtb-059615ef7dEXAMPLE", "LocalGatewayId": "lgw-09b493aa7cEXAMPLE", "VpcId": "vpc-0efe9bde08EXAMPLE", "State": "associated" } }

For more information, see Local gateway route tables in the Outposts User Guide.

The following code example shows how to use describe-local-gateway-route-tables.

Amazon CLI

To describe your Local Gateway Route Tables

The following describe-local-gateway-route-tables example displays details about the local gateway route tables.

aws ec2 describe-local-gateway-route-tables

Output:

{ "LocalGatewayRouteTables": [ { "LocalGatewayRouteTableId": "lgw-rtb-059615ef7deEXAMPLE", "LocalGatewayId": "lgw-09b493aa7cEXAMPLE", "OutpostArn": "arn:aws:outposts:us-west-2:111122223333:outpost/op-0dc11b66edEXAMPLE", "State": "available" } ] }

The following code example shows how to use describe-local-gateway-virtual-interface-groups.

Amazon CLI

To describe local gateway virtual interface groups

The following describe-local-gateway-virtual-interface-groups example describes the local gateway virtual interface groups in your Amazon account.

aws ec2 describe-local-gateway-virtual-interface-groups

Output:

{ "LocalGatewayVirtualInterfaceGroups": [ { "LocalGatewayVirtualInterfaceGroupId": "lgw-vif-grp-07145b276bEXAMPLE", "LocalGatewayVirtualInterfaceIds": [ "lgw-vif-01a23bc4d5EXAMPLE", "lgw-vif-543ab21012EXAMPLE" ], "LocalGatewayId": "lgw-0ab1c23d4eEXAMPLE", "OwnerId": "123456789012", "Tags": [] } ] }

For more information, see Working with local gateways in the Amazon Outposts User Guide.

The following code example shows how to use describe-local-gateway-virtual-interfaces.

Amazon CLI

To describe local gateway virtual interfaces

The following describe-local-gateway-virtual-interfaces example describes the local gateway virtual interfaces in your Amazon account.

aws ec2 describe-local-gateway-virtual-interfaces

Output:

{ "LocalGatewayVirtualInterfaces": [ { "LocalGatewayVirtualInterfaceId": "lgw-vif-01a23bc4d5EXAMPLE", "LocalGatewayId": "lgw-0ab1c23d4eEXAMPLE", "Vlan": 2410, "LocalAddress": "0.0.0.0/0", "PeerAddress": "0.0.0.0/0", "LocalBgpAsn": 65010, "PeerBgpAsn": 65000, "OwnerId": "123456789012", "Tags": [] }, { "LocalGatewayVirtualInterfaceId": "lgw-vif-543ab21012EXAMPLE", "LocalGatewayId": "lgw-0ab1c23d4eEXAMPLE", "Vlan": 2410, "LocalAddress": "0.0.0.0/0", "PeerAddress": "0.0.0.0/0", "LocalBgpAsn": 65010, "PeerBgpAsn": 65000, "OwnerId": "123456789012", "Tags": [] } ] }

For more information, see Working with local gateways in the Amazon Outposts User Guide.

The following code example shows how to use describe-local-gateways.

Amazon CLI

To describe your Local Gateways

The following describe-local-gateways example displays details for the local gateways that are available to you.

aws ec2 describe-local-gateways

Output:

{ "LocalGateways": [ { "LocalGatewayId": "lgw-09b493aa7cEXAMPLE", "OutpostArn": "arn:aws:outposts:us-west-2:123456789012:outpost/op-0dc11b66ed59f995a", "OwnerId": "123456789012", "State": "available" } ] }

The following code example shows how to use describe-locked-snapshots.

Amazon CLI

To describe the lock status of a snapshot

The following describe-locked-snapshots example describes the lock status of the specified snapshot.

aws ec2 describe-locked-snapshots \ --snapshot-ids snap-0b5e733b4a8df6e0d

Output:

{ "Snapshots": [ { "OwnerId": "123456789012", "SnapshotId": "snap-0b5e733b4a8df6e0d", "LockState": "governance", "LockDuration": 365, "LockCreatedOn": "2024-05-05T00:56:06.208000+00:00", "LockDurationStartTime": "2024-05-05T00:56:06.208000+00:00", "LockExpiresOn": "2025-05-05T00:56:06.208000+00:00" } ] }

For more information, see Snapshot lock in the Amazon EBS User Guide.

The following code example shows how to use describe-managed-prefix-lists.

Amazon CLI

To describe managed prefix lists

The following describe-managed-prefix-lists example describes the prefix lists owned by Amazon account 123456789012.

aws ec2 describe-managed-prefix-lists \ --filters Name=owner-id,Values=123456789012

Output:

{ "PrefixLists": [ { "PrefixListId": "pl-11223344556677aab", "AddressFamily": "IPv6", "State": "create-complete", "PrefixListArn": "arn:aws:ec2:us-west-2:123456789012:prefix-list/pl-11223344556677aab", "PrefixListName": "vpc-ipv6-cidrs", "MaxEntries": 25, "Version": 1, "Tags": [], "OwnerId": "123456789012" }, { "PrefixListId": "pl-0123456abcabcabc1", "AddressFamily": "IPv4", "State": "active", "PrefixListArn": "arn:aws:ec2:us-west-2:123456789012:prefix-list/pl-0123456abcabcabc1", "PrefixListName": "vpc-cidrs", "MaxEntries": 10, "Version": 1, "Tags": [], "OwnerId": "123456789012" } ] }

For more information, see Managed prefix lists in the Amazon VPC User Guide.

The following code example shows how to use describe-moving-addresses.

Amazon CLI

To describe your moving addresses

This example describes all of your moving Elastic IP addresses.

Command:

aws ec2 describe-moving-addresses

Output:

{ "MovingAddressStatuses": [ { "PublicIp": "198.51.100.0", "MoveStatus": "MovingToVpc" } ] }

This example describes all addresses that are moving to the EC2-VPC platform.

Command:

aws ec2 describe-moving-addresses --filters Name=moving-status,Values=MovingToVpc

The following code example shows how to use describe-nat-gateways.

Amazon CLI

Example 1: To describe a public NAT gateway

The following describe-nat-gateways example describes the specified public NAT gateway.

aws ec2 describe-nat-gateways \ --nat-gateway-id nat-01234567890abcdef

Output:

{ "NatGateways": [ { "CreateTime": "2023-08-25T01:56:51.000Z", "NatGatewayAddresses": [ { "AllocationId": "eipalloc-0790180cd2EXAMPLE", "NetworkInterfaceId": "eni-09cc4b2558794f7f9", "PrivateIp": "10.0.0.211", "PublicIp": "54.85.121.213", "AssociationId": "eipassoc-04d295cc9b8815b24", "IsPrimary": true, "Status": "succeeded" }, { "AllocationId": "eipalloc-0be6ecac95EXAMPLE", "NetworkInterfaceId": "eni-09cc4b2558794f7f9", "PrivateIp": "10.0.0.74", "PublicIp": "3.211.231.218", "AssociationId": "eipassoc-0f96bdca17EXAMPLE", "IsPrimary": false, "Status": "succeeded" } ], "NatGatewayId": "nat-01234567890abcdef", "State": "available", "SubnetId": "subnet-655eab5f08EXAMPLE", "VpcId": "vpc-098eb5ef58EXAMPLE", "Tags": [ { "Key": "Name", "Value": "public-nat" } ], "ConnectivityType": "public" } ] }

Example 2: To describe a private NAT gateway

The following describe-nat-gateways example describes the specified private NAT gateway.

aws ec2 describe-nat-gateways \ --nat-gateway-id nat-1234567890abcdef0

Output:

{ "NatGateways": [ { "CreateTime": "2023-08-25T00:50:05.000Z", "NatGatewayAddresses": [ { "NetworkInterfaceId": "eni-0065a61b324d1897a", "PrivateIp": "10.0.20.240", "IsPrimary": true, "Status": "succeeded" }, { "NetworkInterfaceId": "eni-0065a61b324d1897a", "PrivateIp": "10.0.20.33", "IsPrimary": false, "Status": "succeeded" }, { "NetworkInterfaceId": "eni-0065a61b324d1897a", "PrivateIp": "10.0.20.197", "IsPrimary": false, "Status": "succeeded" } ], "NatGatewayId": "nat-1234567890abcdef0", "State": "available", "SubnetId": "subnet-08fc749671EXAMPLE", "VpcId": "vpc-098eb5ef58EXAMPLE", "Tags": [ { "Key": "Name", "Value": "private-nat" } ], "ConnectivityType": "private" } ] }

For more information, see NAT gateways in the Amazon VPC User Guide.

The following code example shows how to use describe-network-acls.

Amazon CLI

To describe your network ACLs

The following describe-network-acls example retrieves details about your network ACLs.

aws ec2 describe-network-acls

Output:

{ "NetworkAcls": [ { "Associations": [ { "NetworkAclAssociationId": "aclassoc-0c1679dc41EXAMPLE", "NetworkAclId": "acl-0ea1f54ca7EXAMPLE", "SubnetId": "subnet-0931fc2fa5EXAMPLE" } ], "Entries": [ { "CidrBlock": "0.0.0.0/0", "Egress": true, "Protocol": "-1", "RuleAction": "allow", "RuleNumber": 100 }, { "CidrBlock": "0.0.0.0/0", "Egress": true, "Protocol": "-1", "RuleAction": "deny", "RuleNumber": 32767 }, { "CidrBlock": "0.0.0.0/0", "Egress": false, "Protocol": "-1", "RuleAction": "allow", "RuleNumber": 100 }, { "CidrBlock": "0.0.0.0/0", "Egress": false, "Protocol": "-1", "RuleAction": "deny", "RuleNumber": 32767 } ], "IsDefault": true, "NetworkAclId": "acl-0ea1f54ca7EXAMPLE", "Tags": [], "VpcId": "vpc-06e4ab6c6cEXAMPLE", "OwnerId": "111122223333" }, { "Associations": [], "Entries": [ { "CidrBlock": "0.0.0.0/0", "Egress": true, "Protocol": "-1", "RuleAction": "allow", "RuleNumber": 100 }, { "Egress": true, "Ipv6CidrBlock": "::/0", "Protocol": "-1", "RuleAction": "allow", "RuleNumber": 101 }, { "CidrBlock": "0.0.0.0/0", "Egress": true, "Protocol": "-1", "RuleAction": "deny", "RuleNumber": 32767 }, { "Egress": true, "Ipv6CidrBlock": "::/0", "Protocol": "-1", "RuleAction": "deny", "RuleNumber": 32768 }, { "CidrBlock": "0.0.0.0/0", "Egress": false, "Protocol": "-1", "RuleAction": "allow", "RuleNumber": 100 }, { "Egress": false, "Ipv6CidrBlock": "::/0", "Protocol": "-1", "RuleAction": "allow", "RuleNumber": 101 }, { "CidrBlock": "0.0.0.0/0", "Egress": false, "Protocol": "-1", "RuleAction": "deny", "RuleNumber": 32767 }, { "Egress": false, "Ipv6CidrBlock": "::/0", "Protocol": "-1", "RuleAction": "deny", "RuleNumber": 32768 } ], "IsDefault": true, "NetworkAclId": "acl-0e2a78e4e2EXAMPLE", "Tags": [], "VpcId": "vpc-03914afb3eEXAMPLE", "OwnerId": "111122223333" } ] }

For more information, see Network ACLs in the Amazon VPC User Guide.

The following code example shows how to use describe-network-insights-access-scope-analyses.

Amazon CLI

To describe Network Insights access scope analyses

The following describe-network-insights-access-scope-analyses example describes the access scope analysis in your Amazon account.

aws ec2 describe-network-insights-access-scope-analyses \ --region us-east-1

Output:

{ "NetworkInsightsAccessScopeAnalyses": [ { "NetworkInsightsAccessScopeAnalysisId": "nisa-123456789111", "NetworkInsightsAccessScopeAnalysisArn": "arn:aws:ec2:us-east-1:123456789012:network-insights-access-scope-analysis/nisa-123456789111", "NetworkInsightsAccessScopeId": "nis-123456789222", "Status": "succeeded", "StartDate": "2022-01-25T19:45:36.842000+00:00", "FindingsFound": "true", "Tags": [] } ] }

For more information, see Getting started with Network Access Analyzer using the Amazon CLI in the Network Access Analyzer Guide.

The following code example shows how to use describe-network-insights-access-scopes.

Amazon CLI

To describe Network Insights access scopes

The following describe-network-insights-access-scopes example describes the access-scope analyses in your Amazon account.

aws ec2 describe-network-insights-access-scopes \ --region us-east-1

Output:

{ "NetworkInsightsAccessScopes": [ { "NetworkInsightsAccessScopeId": "nis-123456789111", "NetworkInsightsAccessScopeArn": "arn:aws:ec2:us-east-1:123456789012:network-insights-access-scope/nis-123456789111", "CreatedDate": "2021-11-29T21:12:41.416000+00:00", "UpdatedDate": "2021-11-29T21:12:41.416000+00:00", "Tags": [] } ] }

For more information, see Getting started with Network Access Analyzer using the Amazon CLI in the Network Access Analyzer Guide.

The following code example shows how to use describe-network-insights-analyses.

Amazon CLI

To view the results of a path analysis

The following describe-network-insights-analyses example describes the specified analysis. In this example, the source is an internet gateway, the destination is an EC2 instance, and the protocol is TCP. The analysis succeeded (Status is succeeded) and the path is not reachable (NetworkPathFound is false). The explanation code ENI_SG_RULES_MISMATCH indicates that the security group for the instance does not contain a rule that allows traffic on the destination port.

aws ec2 describe-network-insights-analyses \ --network-insights-analysis-ids nia-02207aa13eb480c7a

Output:

{ "NetworkInsightsAnalyses": [ { "NetworkInsightsAnalysisId": "nia-02207aa13eb480c7a", "NetworkInsightsAnalysisArn": "arn:aws:ec2:us-east-1:123456789012:network-insights-analysis/nia-02207aa13eb480c7a", "NetworkInsightsPathId": "nip-0b26f224f1d131fa8", "StartDate": "2021-01-20T22:58:37.495Z", "Status": "succeeded", "NetworkPathFound": false, "Explanations": [ { "Direction": "ingress", "ExplanationCode": "ENI_SG_RULES_MISMATCH", "NetworkInterface": { "Id": "eni-0a25edef15a6cc08c", "Arn": "arn:aws:ec2:us-east-1:123456789012:network-interface/eni-0a25edef15a6cc08c" }, "SecurityGroups": [ { "Id": "sg-02f0d35a850ba727f", "Arn": "arn:aws:ec2:us-east-1:123456789012:security-group/sg-02f0d35a850ba727f" } ], "Subnet": { "Id": "subnet-004ff41eccb4d1194", "Arn": "arn:aws:ec2:us-east-1:123456789012:subnet/subnet-004ff41eccb4d1194" }, "Vpc": { "Id": "vpc-f1663d98ad28331c7", "Arn": "arn:aws:ec2:us-east-1:123456789012:vpc/vpc-f1663d98ad28331c7" } } ], "Tags": [] } ] }

For more information, see Getting started using the Amazon CLI in the Reachability Analyzer Guide.

The following code example shows how to use describe-network-insights-paths.

Amazon CLI

To describe a path

The following describe-network-insights-paths example describes the specified path.

aws ec2 describe-network-insights-paths \ --network-insights-path-ids nip-0b26f224f1d131fa8

Output:

{ "NetworkInsightsPaths": [ { "NetworkInsightsPathId": "nip-0b26f224f1d131fa8", "NetworkInsightsPathArn": "arn:aws:ec2:us-east-1:123456789012:network-insights-path/nip-0b26f224f1d131fa8", "CreatedDate": "2021-01-20T22:43:46.933Z", "Source": "igw-0797cccdc9d73b0e5", "Destination": "i-0495d385ad28331c7", "Protocol": "tcp" } ] }

For more information, see Getting started using the Amazon CLI in the Reachability Analyzer Guide.

The following code example shows how to use describe-network-interface-attribute.

Amazon CLI

To describe the attachment attribute of a network interface

This example command describes the attachment attribute of the specified network interface.

Command:

aws ec2 describe-network-interface-attribute --network-interface-id eni-686ea200 --attribute attachment

Output:

{ "NetworkInterfaceId": "eni-686ea200", "Attachment": { "Status": "attached", "DeviceIndex": 0, "AttachTime": "2015-05-21T20:02:20.000Z", "InstanceId": "i-1234567890abcdef0", "DeleteOnTermination": true, "AttachmentId": "eni-attach-43348162", "InstanceOwnerId": "123456789012" } }

To describe the description attribute of a network interface

This example command describes the description attribute of the specified network interface.

Command:

aws ec2 describe-network-interface-attribute --network-interface-id eni-686ea200 --attribute description

Output:

{ "NetworkInterfaceId": "eni-686ea200", "Description": { "Value": "My description" } }

To describe the groupSet attribute of a network interface

This example command describes the groupSet attribute of the specified network interface.

Command:

aws ec2 describe-network-interface-attribute --network-interface-id eni-686ea200 --attribute groupSet

Output:

{ "NetworkInterfaceId": "eni-686ea200", "Groups": [ { "GroupName": "my-security-group", "GroupId": "sg-903004f8" } ] }

To describe the sourceDestCheck attribute of a network interface

This example command describes the sourceDestCheck attribute of the specified network interface.

Command:

aws ec2 describe-network-interface-attribute --network-interface-id eni-686ea200 --attribute sourceDestCheck

Output:

{ "NetworkInterfaceId": "eni-686ea200", "SourceDestCheck": { "Value": true } }

The following code example shows how to use describe-network-interface-permissions.

Amazon CLI

To describe your network interface permissions

This example describes all of your network interface permissions.

Command:

aws ec2 describe-network-interface-permissions

Output:

{ "NetworkInterfacePermissions": [ { "PermissionState": { "State": "GRANTED" }, "NetworkInterfacePermissionId": "eni-perm-06fd19020ede149ea", "NetworkInterfaceId": "eni-b909511a", "Permission": "INSTANCE-ATTACH", "AwsAccountId": "123456789012" } ] }

The following code example shows how to use describe-network-interfaces.

Amazon CLI

To describe your network interfaces

This example describes all your network interfaces.

Command:

aws ec2 describe-network-interfaces

Output:

{ "NetworkInterfaces": [ { "Status": "in-use", "MacAddress": "02:2f:8f:b0:cf:75", "SourceDestCheck": true, "VpcId": "vpc-a01106c2", "Description": "my network interface", "Association": { "PublicIp": "203.0.113.12", "AssociationId": "eipassoc-0fbb766a", "PublicDnsName": "ec2-203-0-113-12.compute-1.amazonaws.com", "IpOwnerId": "123456789012" }, "NetworkInterfaceId": "eni-e5aa89a3", "PrivateIpAddresses": [ { "PrivateDnsName": "ip-10-0-1-17.ec2.internal", "Association": { "PublicIp": "203.0.113.12", "AssociationId": "eipassoc-0fbb766a", "PublicDnsName": "ec2-203-0-113-12.compute-1.amazonaws.com", "IpOwnerId": "123456789012" }, "Primary": true, "PrivateIpAddress": "10.0.1.17" } ], "RequesterManaged": false, "Ipv6Addresses": [], "PrivateDnsName": "ip-10-0-1-17.ec2.internal", "AvailabilityZone": "us-east-1d", "Attachment": { "Status": "attached", "DeviceIndex": 1, "AttachTime": "2013-11-30T23:36:42.000Z", "InstanceId": "i-1234567890abcdef0", "DeleteOnTermination": false, "AttachmentId": "eni-attach-66c4350a", "InstanceOwnerId": "123456789012" }, "Groups": [ { "GroupName": "default", "GroupId": "sg-8637d3e3" } ], "SubnetId": "subnet-b61f49f0", "OwnerId": "123456789012", "TagSet": [], "PrivateIpAddress": "10.0.1.17" }, { "Status": "in-use", "MacAddress": "02:58:f5:ef:4b:06", "SourceDestCheck": true, "VpcId": "vpc-a01106c2", "Description": "Primary network interface", "Association": { "PublicIp": "198.51.100.0", "IpOwnerId": "amazon" }, "NetworkInterfaceId": "eni-f9ba99bf", "PrivateIpAddresses": [ { "Association": { "PublicIp": "198.51.100.0", "IpOwnerId": "amazon" }, "Primary": true, "PrivateIpAddress": "10.0.1.149" } ], "RequesterManaged": false, "Ipv6Addresses": [], "AvailabilityZone": "us-east-1d", "Attachment": { "Status": "attached", "DeviceIndex": 0, "AttachTime": "2013-11-30T23:35:33.000Z", "InstanceId": "i-0598c7d356eba48d7", "DeleteOnTermination": true, "AttachmentId": "eni-attach-1b9db777", "InstanceOwnerId": "123456789012" }, "Groups": [ { "GroupName": "default", "GroupId": "sg-8637d3e3" } ], "SubnetId": "subnet-b61f49f0", "OwnerId": "123456789012", "TagSet": [], "PrivateIpAddress": "10.0.1.149" } ] }

This example describes network interfaces that have a tag with the key Purpose and the value Prod.

Command:

aws ec2 describe-network-interfaces --filters Name=tag:Purpose,Values=Prod

Output:

{ "NetworkInterfaces": [ { "Status": "available", "MacAddress": "12:2c:bd:f9:bf:17", "SourceDestCheck": true, "VpcId": "vpc-8941ebec", "Description": "ProdENI", "NetworkInterfaceId": "eni-b9a5ac93", "PrivateIpAddresses": [ { "PrivateDnsName": "ip-10-0-1-55.ec2.internal", "Primary": true, "PrivateIpAddress": "10.0.1.55" }, { "PrivateDnsName": "ip-10-0-1-117.ec2.internal", "Primary": false, "PrivateIpAddress": "10.0.1.117" } ], "RequesterManaged": false, "PrivateDnsName": "ip-10-0-1-55.ec2.internal", "AvailabilityZone": "us-east-1d", "Ipv6Addresses": [], "Groups": [ { "GroupName": "MySG", "GroupId": "sg-905002f5" } ], "SubnetId": "subnet-31d6c219", "OwnerId": "123456789012", "TagSet": [ { "Value": "Prod", "Key": "Purpose" } ], "PrivateIpAddress": "10.0.1.55" } ] }

The following code example shows how to use describe-placement-groups.

Amazon CLI

To describe your placement groups

This example command describes all of your placement groups.

Command:

aws ec2 describe-placement-groups

Output:

{ "PlacementGroups": [ { "GroupName": "my-cluster", "State": "available", "Strategy": "cluster" }, ... ] }

The following code example shows how to use describe-prefix-lists.

Amazon CLI

To describe prefix lists

This example lists all available prefix lists for the region.

Command:

aws ec2 describe-prefix-lists

Output:

{ "PrefixLists": [ { "PrefixListName": "com.amazonaws.us-east-1.s3", "Cidrs": [ "54.231.0.0/17" ], "PrefixListId": "pl-63a5400a" } ] }

The following code example shows how to use describe-principal-id-format.

Amazon CLI

To describe the ID format for IAM users and roles with long ID format enabled

The following describe-principal-id-format example describes the ID format for the root user, all IAM roles, and all IAM users with long ID format enabled.

aws ec2 describe-principal-id-format \ --resource instance

Output:

{ "Principals": [ { "Arn": "arn:aws:iam::123456789012:root", "Statuses": [ { "Deadline": "2016-12-15T00:00:00.000Z", "Resource": "reservation", "UseLongIds": true }, { "Deadline": "2016-12-15T00:00:00.000Z", "Resource": "instance", "UseLongIds": true }, { "Deadline": "2016-12-15T00:00:00.000Z", "Resource": "volume", "UseLongIds": true }, ] }, ... ] }

The following code example shows how to use describe-public-ipv4-pools.

Amazon CLI

To describe your public IPv4 address pools

The following describe-public-ipv4-pools example displays details about the address pools that were created when you provisioned public IPv4 address ranges using Bring Your Own IP Addresses (BYOIP).

aws ec2 describe-public-ipv4-pools

Output:

{ "PublicIpv4Pools": [ { "PoolId": "ipv4pool-ec2-1234567890abcdef0", "PoolAddressRanges": [ { "FirstAddress": "203.0.113.0", "LastAddress": "203.0.113.255", "AddressCount": 256, "AvailableAddressCount": 256 } ], "TotalAddressCount": 256, "TotalAvailableAddressCount": 256 } ] }

The following code example shows how to use describe-regions.

Amazon CLI

Example 1: To describe all of your enabled Regions

The following describe-regions example describes all of the Regions that are enabled for your account.

aws ec2 describe-regions

Output:

{ "Regions": [ { "Endpoint": "ec2.eu-north-1.amazonaws.com", "RegionName": "eu-north-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ap-south-1.amazonaws.com", "RegionName": "ap-south-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.eu-west-3.amazonaws.com", "RegionName": "eu-west-3", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.eu-west-2.amazonaws.com", "RegionName": "eu-west-2", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.eu-west-1.amazonaws.com", "RegionName": "eu-west-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ap-northeast-3.amazonaws.com", "RegionName": "ap-northeast-3", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ap-northeast-2.amazonaws.com", "RegionName": "ap-northeast-2", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ap-northeast-1.amazonaws.com", "RegionName": "ap-northeast-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.sa-east-1.amazonaws.com", "RegionName": "sa-east-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ca-central-1.amazonaws.com", "RegionName": "ca-central-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ap-southeast-1.amazonaws.com", "RegionName": "ap-southeast-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ap-southeast-2.amazonaws.com", "RegionName": "ap-southeast-2", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.eu-central-1.amazonaws.com", "RegionName": "eu-central-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.us-east-1.amazonaws.com", "RegionName": "us-east-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.us-east-2.amazonaws.com", "RegionName": "us-east-2", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.us-west-1.amazonaws.com", "RegionName": "us-west-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.us-west-2.amazonaws.com", "RegionName": "us-west-2", "OptInStatus": "opt-in-not-required" } ] }

For more information, see Regions and Zones in the Amazon EC2 User Guide.

Example 2: To describe enabled Regions with an endpoint whose name contains a specific string

The following describe-regions example describes all Regions that you have enabled that have the string "us" in the endpoint.

aws ec2 describe-regions \ --filters "Name=endpoint,Values=*us*"

Output:

{ "Regions": [ { "Endpoint": "ec2.us-east-1.amazonaws.com", "RegionName": "us-east-1" }, { "Endpoint": "ec2.us-east-2.amazonaws.com", "RegionName": "us-east-2" }, { "Endpoint": "ec2.us-west-1.amazonaws.com", "RegionName": "us-west-1" }, { "Endpoint": "ec2.us-west-2.amazonaws.com", "RegionName": "us-west-2" } ] }

For more information, see Regions and Zones in the Amazon EC2 User Guide.

Example 3: To describe all Regions

The following describe-regions example describes all available Regions, including Regions that are disabled.

aws ec2 describe-regions \ --all-regions

Output:

{ "Regions": [ { "Endpoint": "ec2.eu-north-1.amazonaws.com", "RegionName": "eu-north-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ap-south-1.amazonaws.com", "RegionName": "ap-south-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.eu-west-3.amazonaws.com", "RegionName": "eu-west-3", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.eu-west-2.amazonaws.com", "RegionName": "eu-west-2", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.eu-west-1.amazonaws.com", "RegionName": "eu-west-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ap-northeast-3.amazonaws.com", "RegionName": "ap-northeast-3", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.me-south-1.amazonaws.com", "RegionName": "me-south-1", "OptInStatus": "not-opted-in" }, { "Endpoint": "ec2.ap-northeast-2.amazonaws.com", "RegionName": "ap-northeast-2", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ap-northeast-1.amazonaws.com", "RegionName": "ap-northeast-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.sa-east-1.amazonaws.com", "RegionName": "sa-east-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ca-central-1.amazonaws.com", "RegionName": "ca-central-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ap-east-1.amazonaws.com", "RegionName": "ap-east-1", "OptInStatus": "not-opted-in" }, { "Endpoint": "ec2.ap-southeast-1.amazonaws.com", "RegionName": "ap-southeast-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.ap-southeast-2.amazonaws.com", "RegionName": "ap-southeast-2", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.eu-central-1.amazonaws.com", "RegionName": "eu-central-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.us-east-1.amazonaws.com", "RegionName": "us-east-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.us-east-2.amazonaws.com", "RegionName": "us-east-2", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.us-west-1.amazonaws.com", "RegionName": "us-west-1", "OptInStatus": "opt-in-not-required" }, { "Endpoint": "ec2.us-west-2.amazonaws.com", "RegionName": "us-west-2", "OptInStatus": "opt-in-not-required" } ] }

For more information, see Regions and Zones in the Amazon EC2 User Guide.

Example 4: To list the Region names only

The following describe-regions example uses the --query parameter to filter the output and return only the names of the Regions as text.